EdDSA and Ed25519 for Transport Layer Security (TLS)

Document Type Expired Internet-Draft (individual)
Author Simon Josefsson 
Last updated 2015-12-10 (latest revision 2015-06-08)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document introduce the public-key signature algorithm EdDSA for use in Transport Layer Security (TLS). With the previous NamedCurve and ECPointFormat assignments for the Curve25519 ECDHE key exchange mechanism, this enables use of Ed25519 in TLS. New Cipher Suites for EdDSA together with AES-GCM and ChaCha20-Poly1305 are introduced here. This is intended to work with any version of TLS and Datagram TLS.


Simon Josefsson (simon@josefsson.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)