Winfried de Heiden via FreeIPA-users wrote: > Hi all, > > Previously, in another post, I mentioned slowness using Aventra MyEID > PKI cards for login, sudo etc. > > I tried another solution, using EC (Elastic Curve) keys. Speed should > benefit, since EC keys are much smaller, keeping the same degree of > security. Shoter key = loading faster. > > Hoever, I seems FreeIPA will not accept and EC key, omly RSA when trying > to sing an EC CSR? > > Would it be possible though to use Elastic Curve certificates?
ECC is not yet supported in IPA. We have an old issue, https://pagure.io/freeipa/issue/3951 , for this but it is still blocked by the things mentioned in the ticket (LWCA). We had de-prioritized this because early thinking post-quantum was that ECC certificates would be more easily broken due to their smaller key size. This is being re-evaluated so its possible that ECC could be supported. The when is not clear. It will take a while though. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
