Jon Callas <jon(_at_)callas(_dot_)org> writes:
Many X.509 systems are like this too -- DSA is the mandatory-to-implement,
but it's not clear that anyone has ever created a DSA certificate outside of
interop testing.
Actually even the pretense of that one was dropped a long time ago, no-one
apart from the people drafting the standards (and I'm not even sure about
them) was ever under any illusion that the de facto standard was anything
other than RSA (the PKIX spec still contains DSA signing certs because they
were created by NIST more than a decade ago, not because they reflect current
practice). People didn't even pretend to do the encryption-algorithm side of
things, X9.42 DH, the only implementation I know of that bothered with this
was the SFL reference implementation, which didn't have any choice in the
matter [0]. Microsoft implemented it as a read-only (i.e. decrypt-only)
option specifically to avoid accusations that they didn't comply with the
standard, but that was about all. The last time I checked the specs still
fudged the matter by saying that you MUST support one of the following
shopping-list (including things like MD2 and X9.42), but most implementers
know how to interpret this, MUST RSA, WHO-CARES anything else.
Peter.
[0] So everyone claimed standards compliance without being compliant secure in
the knowledge that since no-one else was either, this could never be
checked.