RFC Errata
RFC 8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", August 2018
Note: This RFC has been updated by RFC 9295
Source of RFC: curdle (sec)
Errata ID: 5709
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT
Reported By: Lijun Liao
Date Reported: 2019-04-29
Rejected by: Benjamin Kaduk
Date Rejected: 2019-05-06
Section 10.2 says:
-
It should say:
-
Notes:
The example certificate is a self-signed certificate containing X25519 public key. Unlike standard EC public key, the public key for key exchange is NOT the same as the one for digital signature in curve25519. That means, for the same private key, the public keys for X25519 and for Ed25519 are different. As a result, the public key in the self-signed certificate can NOT be used to verify the signature. In this context, please replace the example certificate by one containing the Ed25519 public key.
--VERIFIER NOTES--
X25519 keys are only capable of key agreement, not signing, so by necessity a self-issued X25519 certificate cannot be self-signed. This document specifies, among other things, how to encode X25519 public keys into X.509 certificates, and so the example is accordingly a self-issued but not self-signed certificate. The issuing certificate has the same subject name but a different key (and key type).