[openssl-dev] Support for deterministic ECDSA signatures
Eran Messeri
eranm at google.com
Mon Dec 12 14:37:19 UTC 2016
Hi,
Would it be possible to have OpenSSL support generation of ECDSA signatures
in a deterministic manner?
This would be necessary to implement RFC6962-bis. Specifically, Section
12.4 (draft 21) requires the use of deterministic signatures (
https://tools.ietf.org/html/draft-ietf-trans-rfc6962-bis-21#section-12.4).
The rationale behind it is to prevent fingerprinting/tracking of TLS
clients by producing Signed Tree Heads / Signed Certificate Timestamps with
the same data but different signatures, then tracking propagation of these
SCTs / STHs via gossip protocols.
Thanks,
Eran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161212/d2bf7df1/attachment-0001.html>
More information about the openssl-dev
mailing list