RE: New version of rsa-sha2-512 draft posted: no more DSA

To: Damien Miller <djm%mindrot.org@localhost>
Subject: RE: New version of rsa-sha2-512 draft posted: no more DSA
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sun, 8 Nov 2015 23:31:48 +0000

Damien Miller <djm%mindrot.org@localhost> writes:

>I don't think the glacial* crypto adoption pace of CAs is relevant to the
>choices we make for SSH.

The OP wasn't commenting on use by CAs, it was commenting on use by clients.
In other words it was saying that CAs should hold back on -512 otherwise
clients won't be able to verify the certs they issue.

>Moreover, any SSH implementation that supports ed25519 in the future will
>need SHA512 for it's inner hash, so it's not like it will be extra code to
>carry around.

This assumes that your implementation carries an entire crypto library around
with it.  Many don't, but use the host's crypto.  If the host doesn't support
algorithm X, then you're out of luck.

Peter.

Follow-Ups:
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Damien Miller

References:
- New version of rsa-sha2-512 draft posted: no more DSA
  - From: denis bider
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Peter Gutmann
- RE: New version of rsa-sha2-512 draft posted: no more DSA
  - From: Damien Miller

Prev by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Previous by Thread: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Thread: RE: New version of rsa-sha2-512 draft posted: no more DSA
Indexes:

Home | Main Index | Thread Index | Old Index