Re: SSH non-compliance with FIPS 186

To: James Blaisdell <JBlaisdell%mocana.com@localhost>
Subject: Re: SSH non-compliance with FIPS 186
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Mon, 21 Sep 2009 19:22:55 +0200

James Blaisdell <JBlaisdell%mocana.com@localhost> writes:

> I started looking into this as well.  FIPS 140-2 refers to this as
> "DSA2,"

Where, more precisely? FIPS 140-2 "Security Requirements for
Cryptographic Modules" doesn't seem to mention dsa at all. Is it in one
of the annexes?

> I believe a new draft/RFC is required for ssh-dsa2-*
> (ssh-dsa2-160/224/256/385/512) algorithms.

For me, the first step is to find a *complete* and authoritative
specification for these dsa variants, preferably including test
vectors. I'd like to have the general signature algorithm done
correctly, before worrying too much about how to use it in ssh.

For ssh, initially, I could implement it under a name like
dsa-sha256%lysator.liu.se@localhost, next we'd have to agree on the details, and
then arrange to allocate an official name and document it as an
informational RFC, or something like that.

Are there any other Internet standards that use these updated DSA
variants?

/Niels

Follow-Ups:
- Re: SSH non-compliance with FIPS 186
  - From: Peter Gutmann
- RE: SSH non-compliance with FIPS 186
  - From: James Blaisdell
- RE: SSH non-compliance with FIPS 186
  - From: James Blaisdell

References:
- Re: SSH non-compliance with FIPS 186
  - From: Peter Gutmann
- Re: SSH non-compliance with FIPS 186
  - From: Niels Möller
- RE: SSH non-compliance with FIPS 186
  - From: James Blaisdell

Prev by Date: Re: SSH non-compliance with FIPS 186
Next by Date: RE: SSH non-compliance with FIPS 186
Previous by Thread: RE: SSH non-compliance with FIPS 186
Next by Thread: RE: SSH non-compliance with FIPS 186
Indexes:

Home | Main Index | Thread Index | Old Index