twisted/txacme

Support multiple certificate key types at once (RSA + ECDSA)

JayH5 opened this issue · 1 comments

JayH5 commented

This is perhaps a "nice to have" but the infrastructure is there for it so I thought I'd mention it.

In HAProxy 1.7, it's possible to specify multiple certificates for a single domain with different key types. So one certificate can have an RSA key, and another an ECDSA key: http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#5.1-crt

Similar functionality is available in Nginx 1.11.0+ (although 1.11 is the mainline release and not yet "stable"): http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate

Let's Encrypt has supported signing ECDSA certificates for a year now, albeit with an RSA intermediary. ECDSA intermediary support is coming before the end of March: https://letsencrypt.org/upcoming-features/

It's probably possible to achieve this currently with 2 instances of the txacme service, one with generate_key set to generate ECDSA keys (and maybe some kind of custom certificate store shared between them). But this is likely a bit complicated.

I'm interested in supporting ECDSA keys for TLS as we need to support low-power/bandwidth devices at my work and I'm interested in the potential benefits of the smaller key size afforded by ECDSA.

Things to figure out here:

  • Storage: if the RSA and ECDSA key are issued by the same intermediary, it's not that complicated to parse out the two different cert/key pairs, and the intermediary chain will otherwise be the same. However, in the future this will likely not be the case, so we need to support fully distinct issuing chains, which means conflating them is probably a bad idea.
  • Supporting multiple keys in the txacme endpoint; this is mostly a txsni thing, glyph/txsni#6 already exists to track support for this.
  • Ratelimits; I think Let's Encrypt counts issuing an RSA cert and issuing an ECDSA cert (for the same names) equivalently to issuing two identical RSA certs (ie. this counts towards the "Duplicate certificate" limit for reissues). There isn't necessarily anything txacme needs to or can do about this, but it may warrant some attention in the documentation around this feature.