<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
A good mention from Tom Ritter.<br>
The same problem exists with ECDSA keys (page 13 of the mentionned
RFC).<br>
<div class="moz-forward-container"><br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
<br>
-------- Message original --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">Sujet: </th>
<td>Re: [cabfpub] Proposal to add DSA 2048</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">Date : </th>
<td>Fri, 8 Mar 2013 17:47:41 -0500</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">De : </th>
<td>Tom Ritter <a class="moz-txt-link-rfc2396E" href="mailto:tom@ritter.vg"><tom@ritter.vg></a></td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">Pour : </th>
<td>Ryan Hurst <a class="moz-txt-link-rfc2396E" href="mailto:ryan.hurst@globalsign.com"><ryan.hurst@globalsign.com></a></td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">Copie
à : </th>
<td>Erwann ABALEA <a class="moz-txt-link-rfc2396E" href="mailto:erwann.abalea@keynectis.com"><erwann.abalea@keynectis.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
It may be worth mentioning one other thing beyond Erwann's summary
about DSA keys that is unlike RSA: that only part of the public
key may be specified in the certificate, and it is expected to
inherit the missing parameters from the parent certificate (or
fail). This is an odd sharp edge that came up in Public Key
Pinning - and I'm sure it will cause some applications somewhere
to crash ;)
<div>
<br>
</div>
<div><a moz-do-not-send="true"
href="http://tools.ietf.org/html/rfc3279#page-9">http://tools.ietf.org/html/rfc3279#page-9</a></div>
<div><br>
</div>
<div>-tom</div>
<div><br>
<br>
<br>
</div>
<br>
</div>
<br>
</body>
</html>