IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: SSH key algorithm updates



Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:

>- Add dsa-sha2-256 as RECOMMENDED

I'm strongly opposed to keeping DSA, for the reasons given earlier.  It's dead
everywhere except SSH, it'd be nice to get rid of this one holdout as well.

>Perhaps Denis wants to add pgp-sign-dsa-sha2-256 and/or x509v3-dsa-sha2-256
>to his document.

Since neither the PGP nor the X.509 formats as used in SSH were ever defined,
I'd just remove them.  Short of reverse-engineering someone else's
implementation to see what they do, I can't see how you'd create an
interoperable implementation of either of these.

Peter.


Home | Main Index | Thread Index | Old Index