[cabfpub] Proposal to add DSA 2048
Erwann Abalea
erwann.abalea at keynectis.com
Mon Mar 11 03:55:37 MST 2013
Why was the list of ECDSA curves limited to the NIST ones, instead of
specifying a list of characteristics (field size, curve type, ...)?
This prevents the use of other standardized curves such as Brainpool
ones (RFC5639), and more local ones such as French ANSSI ones.
--
Erwann ABALEA
Le 08/03/2013 22:38, Rick Andrews a écrit :
>
> To address everyone’s questions:
>
> -FIPS 186 originally allowed for DSA 1024 bits max, but in the 186-3
> revision 2048 and SHA-2 were added.
>
> -ECDSA is allowed in the BRs; Appendix A allows P-256, P-384, or P-521
> curves
>
> -Does it present any issues that are different from RSA algorithm
> certs? AFAIK, just what Erwann listed below (it can be used for
> signature only, not encryption/decryption). I haven’t heard of any
> particular vulnerabilities. In fact, the “Ron was wrong, Whit is
> right” paper (http://eprint.iacr.org/2012/064.pdf) suggests that there
> are advantages to cryptosystems like DSA that require only a single
> secret during key setup.
>
> -Same authentication processes and security considerations? I don’t
> see why not.
>
> -Can only government agencies obtain these certs, or can any user?
> Anyone can. We expect more interest from government customers given
> its inclusion in FIPS 186-3, but there are no restrictions
>
> -Rick
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20130311/4d341c9e/attachment.html
More information about the Public
mailing list