[cabfpub] Proposal to add DSA 2048

Ryan Hurst ryan.hurst at globalsign.com
Fri Mar 8 03:29:12 UTC 2013

I just remembered a post I did on this topic:


I just reread it and ran across Erwann's comment about the performance
implications of DH and its use in SSL. This also makes me wonder if anyone
has done performance benchmarking of DSA 2048 relative to RSA looking at the
DH overhead and DSA costs as a whole - basically does it really provide you
any value?




From: Ryan Hurst [mailto:ryan.hurst at globalsign.com] 
Sent: Thursday, March 07, 2013 7:25 PM
To: 'Rick Andrews'; 'CABFPub (public at cabforum.org)'
Subject: RE: [cabfpub] Proposal to add DSA 2048


The performance properties of DSA are great relative to RSA for servers but
major clients (as far as I know) do not support DSA keys larger than 1024, I
know this is the case for anything that relies on CryptoAPI in Windows. Out
of curiosity are there major browsers that can work with such keys or are
your scenarios limited to custom applications?




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rick Andrews
Sent: Thursday, March 07, 2013 4:23 PM
To: CABFPub (public at cabforum.org)
Subject: [cabfpub] Proposal to add DSA 2048


Symantec has begun offering SSL certificates with DSA 2048-bit keys. Since
DSA is not mentioned in the Baseline Requirements or EV Guidelines, I'd like
to explicitly add DSA 2048 in BR Appendix A as the minimum DSA key size.


If there are no objections, I'll draft a ballot and seek endorsers.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130307/752e6b92/attachment-0003.html>

More information about the Public mailing list