Enzo Michelangeli wrote:
really an issue). I suspect the motivation for a lot of these is that
there's
a requirement to use a FIPS algorithm and DSA is the only choice. I can't
see
a MUST RSA, MAY DSA as being any real problem, it's just recognising what
has
been reality for the last few years.
We have seen a lot of DSA certificates generated by the U.S. Government.
What we haven't seen is a lot of DH certificates (The government uses
KEA, which is a form of DH that uses two DH keys and then skipjack to do
some key mixing).
Well, there is one problem, and it's due to the store-and-forwad nature of
e-mail which prevents negotiation, making it impossible to know whether a
given algorithm is supported by a new recipient (think, e.g., of signed
messages sent to mailing list).
It's even worse for asymetric algorithms. Even if you had information to
allow a negotiated symetric cipher, you are stuck with the asymetric
cipher based on the user's certificate.
If we were talking DH, I'd say there isn't much point, but I've seen a
lot of DSA stuff running around, and suspect, because of FIPs, to see
more of it. I'd vote to make it MUST.
bob