So the analysis needs to question not only the risks
but also the costs and benefits.
The number of people who need to have DSA and keep
using their existing keys for signatures seems to be
quite small. In order for these people to benefit,
they must be able to create the sigs, and everyone
else must be able to at least read the sigs. So
any change will take a year or two to filter through
until there is wide enough distribution of verification,
and during that time, I suspect the slow uptake will
be over taken by events.
Yup. And the same thing applies to V3 keys as well. I've had vocal
complaints from people about their V3 key and how they're upset about
losing whatever trust issues there are from it being a decade or more
I'm not so worried about DSS that I'm going to dump my older key. But I
might recommend to someone creating a new key that today, RSA is a
better choice because of SHA-1 issues and lack of wide-DSS. But that
could change tomorrow or next week.