There’s a small point of terminology that’s important for getting a clear idea of the state of support for curve25519 in IETF protocols.

X25519 is the name used for key exchange (Diffie-Hellman) which has been widely supported for some years now since it was added to TLS.

Ed25519 is the name used for digital signatures (Ed is short for Edwards) which is what you need for certificates. It was a few years later to arrive in OpenSSL because TLS didn’t need it.

> I don't think there's widespread support for X25519 (or X448) in X.509 certificates.

The 2018 RFC if anyone is wondering:

* https://tools.ietf.org/html/rfc8410

Note that this document is (of course) not an implementation, or even an explanation of how to implement support for this, but only a description of how to spell X25519 in ASN.1 in order to write it into a PKIX X.509 certificate.

So this document is a precursor to widespread support for X25519 in certificates only in the same way that coming up with a name for your kid is a precursor to giving birth. It's not strictly necessary, and it's certainly not the most important thing you needed to do, but I guess it can be part of the process.

Huh? It doesn't write all the code for you, but it is an explanation, even provides an example of full certificate.

Yes, it explains how to write this down so that everybody agrees, we call this "spelling" by analogy to teaching a written language like English.

It does not explain how to actually use any of this. RFC 8032 covers how to actually implement EdDSA, but that's a different document.