Everybody I know has always been generating X.509 (TLS) certificates using algorithm¹ RSA, because it's traditional and because it only takes one parameter, the size.
But recently I've seen some proposal that stipulated algorithm¹ EC with curve secp384r1² for a project CA, also stating other algorithm like Ed25519 might be considered for the subordinate keys, and we just discussed vulnerability concerning P-521, which openssl would know as EC secp521r1, in putty.
The matter is further complicated by the fact that
the “normal” elliptic curves are called slightly differently in different sources and it's not always obvious whether they are referring to the same thing, and
the “Edwards” curves (25519 and 448) have two separate algorithms each, and X one for ECDH and an Ed one for EdDSA, which is supposed to be more efficient than the generic ECDSA. With the sources never even clearly stating which one corresponds to which keyUsage.
Does anybody know of a guide on what to use for which purpose, usable by average developer or devops engineer? My google/duck/etc.-fu is failing me.
¹ As in openssl genpkey -algorithm option.
² The -pkeyopt ec_paramgen_curve: option.