Thanks Rob,
No EC certificates for now :(
Winfried
email handtekening privé Op 18-11-2024 om 15:10 schreef Rob Crittenden
via FreeIPA-users:
Winfried de Heiden via FreeIPA-users wrote:
Hi all,
Previously, in another post, I mentioned slowness using Aventra MyEID
PKI cards for login, sudo etc.
I tried another solution, using EC (Elastic Curve) keys. Speed should
benefit, since EC keys are much smaller, keeping the same degree of
security. Shoter key = loading faster.
Hoever, I seems FreeIPA will not accept and EC key, omly RSA when trying
to sing an EC CSR?
Would it be possible though to use Elastic Curve certificates?
ECC is not yet supported in IPA. We have an old issue,
https://pagure.io/freeipa/issue/3951 , for this but it is still blocked
by the things mentioned in the ticket (LWCA).
We had de-prioritized this because early thinking post-quantum was that
ECC certificates would be more easily broken due to their smaller key size.
This is being re-evaluated so its possible that ECC could be supported.
The when is not clear. It will take a while though.
rob
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
