> If you interact with government or some large entities that do business with government, they have to comply with FIPS 140-2, and cannot use ed25519.

Not even when FIPS 140-3 was (finally) finalized in 2019, and testing began in 2020?

https://csrc.nist.gov/projects/cryptographic-module-validati... includes mentions of EdDSA, and Curve25519 is listed among the "Recommended Curves for U.S. Federal Government Use" on page 15 of https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.S....

(I guess the problem is that various crypto implementations need to get recertified under the new standard...)

edit: it looks like AWS-LC [0] and boringcrypto [1] have both been validated under FIPS 140-3. Azure's OpenSSL crypto [2] has only been validated under FIPS 140-2 as far as I can tell.

[0] https://csrc.nist.gov/projects/cryptographic-module-validati...

[1] https://csrc.nist.gov/projects/cryptographic-module-validati...

[2] https://csrc.nist.gov/projects/cryptographic-module-validati...

ed25519 is in FIPS 186-5 which meets criteria (a) for Approved Security Functions in FIPS 140-2.