-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Brian M. Carlson wrote:
I'd like to nitpick for a second. Section 12.6 states, "Note that present
DSA is limited to a maximum of 1024 bit keys, which are recommended for
long-term use." Actually, it is DSS (the *standard*), not DSA (the
*algorithm*) that is limited to 1024 bits. I'd like to suggest that we
replace that sentence with, "DSA keys SHOULD NOT exceed a size of 1024
bits." This way, we can maintain backwards compatibility and compliance
with DSS, while providing adequate security for people who really want
it. Might I point out that IEEE P1363 allows for DSA keys longer than
1024 bits, so there is precedent in the cryptographic community.
there is precedent before that:
PGP5.5.3 can use up to 2048 bit DSA keys, but can not generate them.
PGP5.5.3ckt can use and generate up to 2048 bit DSA keys.
PGP6.5.8ckt can only use 'em.
__
Disastry http://disastry.dhs.org/
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
iQA/AwUBPWnwxzBaTVEuJQxkEQOgnACg7VFNSR9CZV1x4w43hTW79t0LdbQAn2ad
XG9yy4r9EVZ2NwO0B5q0qCNe
=dX42
-----END PGP SIGNATURE-----