Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm

To: denis bider <ietf-ssh3%denisbider.com@localhost>
Subject: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Wed, 28 Oct 2015 14:47:47 +0100

denis bider <ietf-ssh3%denisbider.com@localhost> writes:

> I therefore suggest a new SSH key algorithm, dsa-sha2-256, which
> cherry-picks from FIPS 186-3 the following two options:
>
> L = 2048, N = 256
> L = 3072, N = 256
>
> In other words:
> - modulus size is either 2048 or 3072
> - subgroup size is 256 bits
> - hash function is SHA2-256

Makes sense to me. 

Last time I looked at doing larger DSA, I had trouble finding any test
vectors. Does FIPS-186 include any now?

> I choose the name "dsa-sha2-256", rather than a suffixed name
> ("...@bitvise.com") for the following reasons:

I don't quite agree, but I don't have any strong objection either.

I think it would be nice with an (informational?) RFC spelling out those
details, and providing a few test vectors. Any then a non-suffixed name
is fully appropriate (and as far as I remember, the ietf requirements
for a new ssh algorithm name are pretty weak).

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

References:
- Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
  - From: denis bider

Prev by Date: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Next by Date: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Previous by Thread: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Next by Thread: Re: Proposal and intent to implement "dsa-sha2-256" SSH key algorithm
Indexes:

Home | Main Index | Thread Index | Old Index