Re: SSH non-compliance with FIPS 186

To: JBlaisdell%mocana.com@localhost, nisse%lysator.liu.se@localhost
Subject: Re: SSH non-compliance with FIPS 186
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Tue, 22 Sep 2009 18:18:23 +1200

nisse%lysator.liu.se@localhost (Niels =?iso-8859-1?Q?M=F6ller?=) writes:

>Are there any other Internet standards that use these updated DSA variants?

OpenPGP sort of does, in the sense that their use is covered in the RFC,
however the OpenPGP RFC has historically adopted a whole range of bleeding-
edge algorithms that it turned out no-one was really interested in, which is
why I used the phrase "covered in the RFC" rather than "used".  For example
GPG will verify DSA2 sigs but won't generate them unless you explicitly feed
it a special command-line option telling it to use DSA2.  No idea what other
implementations do.

With a bit more hindsight now that some time has passed, it may be easier to
just deprecate DSA rather than trying to specify usage rules for something
that no-one seems to be using.

Peter.

Follow-Ups:
- Re: SSH non-compliance with FIPS 186
  - From: Niels Möller

References:
- Re: SSH non-compliance with FIPS 186
  - From: Niels Möller

Prev by Date: Re: SSH non-compliance with FIPS 186
Next by Date: Re: SSH non-compliance with FIPS 186
Previous by Thread: RE: SSH non-compliance with FIPS 186
Next by Thread: Re: SSH non-compliance with FIPS 186
Indexes:

Home | Main Index | Thread Index | Old Index