ietf-openpgp
[Top] [All Lists]

Re: Bigger DSA keys

2005-09-19 10:59:10

On Mon, Sep 19, 2005 at 04:45:31PM +0200, Werner Koch wrote:

On Mon, 19 Sep 2005 09:01:37 -0400, David Shaw said:

So at least from the graceful failure perspective in GnuPG, it doesn't
really matter much which way we go.  I prefer the first option (using
the current algorithm number) since it seems cleanest in both code and

However this does also means that another hash algorithm needs to be a
MUST algorithm - unless we limit the MUST support for DSA to 1024 bits
keys.

The need for another algorithm makes a big difference for emdedded
applications.  Ofen the threat model does not require
high budget spook proof algorithms.

I fully agree with that. I would limit the MUST support to plain old SHA1
and 1024bit DSA for the time being.

-- 
Daniel

<Prev in Thread] Current Thread [Next in Thread>