David Shaw wrote:
as long as it's a new key type anyway,
can it be made to somehow work-around the 160 limit of the DSA,
for DH/DSA keys ?
No. This would break compatibility with v4 keys where the 160-bit
limit still exists.
If/when a new DSA is defined with different semantics, OpenPGP can
support that in addition to the current DSA, but the new DSA cannot
replace the old one. Either way, it's not really a v5 specific thing,
as a new DSA can just as easily be used in v4 (again, without
replacing the current DSA).
Yes, I agree. DSA is quite highly defined, better
to leave it alone and suffer its shortfalls for now.
Some time in the future, NIST will design a DSA-2,
and that can be added. For now, if DSA is considered
too dodgy then RSA could be used.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/