Merge pull request #32 from joshuagl/joshuagl/sig-alg

Clarify that we are recommending Ed25519
secure-systems-lab · Oct 17, 2019 · f31c936 · f31c936
2 parents b407046 + 75bd856
commit f31c936
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/pep-0458.txt b/pep-0458.txt
@@ -471,13 +471,11 @@ PyPI and Key Requirements
 
 In this section, the kinds of keys required to sign for TUF roles on PyPI are
 examined.  TUF is agnostic with respect to choices of digital signature
-algorithms.  For the purpose of discussion, it is assumed that all digital
-signatures will be produced with the Ed25519 algorithm [25]_ as it
-has native and well-tested Python support.
-Nevertheless, we do NOT recommend any particular digital signature algorithm in
-this PEP because there are a few important constraints: first, cryptography
-changes over time; and second, TUF
-recommends diversity of keys for certain applications.
+algorithms.  However, this PEP RECOMMENDS that all digital signatures be
+produced with the Ed25519 algorithm [25]_.  Ed25519 has native and
+well-tested Python support (allowing for verification of signatures without
+additional, non-Python, dependencies), uses small keys, and is supported
+by modern HSM and authentication token hardware.
 
 
 Number and Type Of Keys Recommended