Does anyone know whether there's any need to try to support the combined DSA+
KEA certs which were going to be used with Fortezza? Is anyone still using
these (characteristics: weird OID's, shared DSA parameters, combined DSA+KEA
keys in the cert)? Are the post-declassification Fortezza cards using
standard DSA and standard KEA certs, or still using the combined certs (can
anyone send me some samples)? Are shared-parameter DSA certs still being
generated? Apart from the fact that this allows cert signatures to be forged,
it's also a pain to check the certs... if these are still used, are things
like root certs for them published anywhere? SDN.706 specifies an algorithm
to work with them, but doesn't say whether it's just for legacy support or
not.
Related questions: Is MSP still alive? Is Fortezza still alive?. After
brushing aside the cobwebs and dust on some MISSI-related sites I saw that the
standards are still being updated from time to time, but that doesn't really
provide much indication of whether they're still live or not (feel free to
reply in private/anonymously if answering questions about the viability of MSP
is a career-limiting move for you :-).
I haven't been able to find anything about whether the weird combined-key/
shared parameter certs are still being produced by anything and/or whether I
need to support them. Apparently they're covered in SDN.604, but this isn't
available online, draft-ietf-smime-cmskea.txt covers the use of the
(declassified) KEA and Skipjack but doesn't touch on other legacies of MISSI.
Peter.