[cabfpub] Proposal to add DSA 2048
kirk_hall at trendmicro.com
kirk_hall at trendmicro.com
Fri Mar 8 13:01:29 MST 2013
Rick, I don't know much about DSA (other than it's a different algorithm).
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Does it present any issues that are different from RSA algorithm certs?
Same authentication processes and security considerations?
Can only government agencies obtain these certs, or can any user?
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Friday, March 08, 2013 11:40 AM
To: Ryan Hurst; 'CABFPub'; Erwann Abalea
Subject: Re: [cabfpub] Proposal to add DSA 2048
We're working with Stanford and CMU to do performance testing, but it will be a few weeks before we have results.
Regardless of performance, does anyone have any problem with explicitly adding DSA 2048 to the BRs?
-Rick
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Hurst
Sent: Thursday, March 07, 2013 7:29 PM
To: Rick Andrews; 'CABFPub'; Erwann Abalea
Subject: Re: [cabfpub] Proposal to add DSA 2048
I just remembered a post I did on this topic: http://unmitigatedrisk.com/?p=50
I just reread it and ran across Erwann's comment about the performance implications of DH and its use in SSL. This also makes me wonder if anyone has done performance benchmarking of DSA 2048 relative to RSA looking at the DH overhead and DSA costs as a whole - basically does it really provide you any value?
Ryan
From: Ryan Hurst [mailto:ryan.hurst at globalsign.com]
Sent: Thursday, March 07, 2013 7:25 PM
To: 'Rick Andrews'; 'CABFPub (public at cabforum.org)'
Subject: RE: [cabfpub] Proposal to add DSA 2048
The performance properties of DSA are great relative to RSA for servers but major clients (as far as I know) do not support DSA keys larger than 1024, I know this is the case for anything that relies on CryptoAPI in Windows. Out of curiosity are there major browsers that can work with such keys or are your scenarios limited to custom applications?
Ryan
From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Rick Andrews
Sent: Thursday, March 07, 2013 4:23 PM
To: CABFPub (public at cabforum.org<mailto:public at cabforum.org>)
Subject: [cabfpub] Proposal to add DSA 2048
Symantec has begun offering SSL certificates with DSA 2048-bit keys. Since DSA is not mentioned in the Baseline Requirements or EV Guidelines, I'd like to explicitly add DSA 2048 in BR Appendix A as the minimum DSA key size.
If there are no objections, I'll draft a ballot and seek endorsers.
-Rick
<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130308/c8abd20e/attachment-0001.html
More information about the Public
mailing list