[cryptography] Curve25519 OID (was: Re: the spell is broken)

Jeffrey Walton noloader at gmail.com
Sat Oct 5 20:35:33 EDT 2013

On Sat, Oct 5, 2013 at 7:35 PM, Patrick Pelletier
<code at funwithsoftware.org> wrote:
> On 10/5/13 2:47 PM, Jeffrey Walton wrote:
>> Do you know if there's a standard name and OID assigned to Dr.
>> Bernstein's gear? IETF only makes one mention of 25519 in the RFC
>> search, and its related to TLS and marked TBD.
> Not yet.  See this thread:
> http://www.ietf.org/mail-archive/web/tls/current/msg10074.html
> (In short, the argument was that an OID for Curve25519 is only useful if
> it's going to be used for signatures, and Curve25519 shouldn't directly be
> used for signatures; Ed25519 should be used instead.)
Thanks Patrick. I tend to agree with Simon when he remarked "[OID
assignment for ed25519] doesn't belong in the TLS WG though."

For completeness, Crypto++ has a factory-like method that serves
curves. The curves are sorted by OID in the function, so Crypto++
would need an OID for ed25519. See around line of 120 and 250 at

I doubt Wei Dai will accept a patch which breaks from his design.

In the meantime, folks are hacking in something (from other
conversations I've had with some folks). That makes it hard to use
ed25519 correctly, and possibly easy to use incorrectly.


More information about the cryptography mailing list