Ed25519 and Ed448 certificates are finally coming.

https://tools.ietf.org/html/draft-ietf-curdle-pkix-07 is the draft for X.509, and Ed25519/Ed448 are supported directly by TLS 1.3.

The implementation is not hard and I have a branch of it already: master...FiloSottile:filippo/ed25519

The problem is that we'll have to vendor golang.org/x/crypto/ed25519 for the primitive functionality (like we did with golang.org/x/crypto/curve25519), but that will mismatch the PublicKey and PrivateKey types, which are exposed to the user in tls.Certificate.PrivateKey and x509.Certificate.PublicKey. A user-supplied ed25519.PrivateKey would not type-assert to the vendored ed25519.PrivateKey, and a parsed ed25519.PublicKey would not type-assert to the application side one.

I can think of three decent solutions off the top of my head:

1. define Ed25519PublicKey and Ed25519PrivateKey types in crypto/x509, which are easy to cast to/from, as they're nothing but []byte; if/when we promote ed25519 to the stdlib, alias and deprecate them

2. use []byte for both types, document it

3. simply promote ed25519 to the stdlib

We also need to decide if we want to bring Ed448 on board at the same time. We don't have a Ed448 implementation yet.

See also: https://groups.google.com/forum/#!topic/golang-dev/FNfJzm-BDno