until now the discussion has centered on the larger SHA hash sizes
in section 4.2 of the NIST draft, the following recommendation
about key sizes is listed, and seems to imply that DSA signing key
sizes should be the same as DH encryption key sizes:
=====[ begin quote ]=====
It is recommended that the security strength of the (L, N) pair and
the
hash function be the same unless an agreement has been made between
participating entities to use a stronger hash function; a hash
function that provides a lower security strength than the (L,N)
pair shall not be used.
If the output of the hash function is greater than N (i.e., the bit
length of q), then the leftmost N bits of the hash function output
block shall be used in any calculation using the hash function
output during the generation or verification of a digital
signature.
Special Publication (SP) 800-57 provides information about the
selection of the appropriate (L,N) pair in accordance with a
desired security strength for a given time period. An (L, N) pair
shall be chosen that protects the signed information during the
entire expected lifetime of that information. For example, if a
digital signature is generated in 2008 for information that needs
to be protected for five years, and a particular (L, N) pair is
invalid after 2010, then a larger (L, N)pair shall be used that
remains valid for the entire period of time that the information
needs to be protected.
A Federal Government entity other than a Certification Authority
(CA) should use only the first three (L, N) pairs (i.e., the (1024,
160), (2048, 224) and (2048, 256) pairs). A CA shall use an (L,N)
pair that is equal to or greater than the (L, N) pairs used by its
subscribers. For example, if subscribers are using the (2048, 224)
pair, then the CA shall use either the (2048, 224), (2048,256) or
(3072, 256) pair. Possible exceptions to this rule include cross
certification between
CAs, certifying keys for purposes other than digital signatures and
transitioning from one key size or algorithm to another. See SP 800-
57 for further guidance.
=====[ end quote ]=====
can increasing the size of a DSA signing key to equal a the size of
a DH encryption key be done, and still be a valid V4 key, with
larger SHA signatures verifiable by existing open-pgp
implementations,
or does it need a new key type before it can be done?
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485