Paul:
I suggest that we start the update(s), and hope that the DSA situation gets
sorted out before we are done. If not, let DSA remain as it is until it
does get sorted out.
This is consistent with the "walk, do not run" approach to dealing with the
one-way hash function issues.
Russ
At 04:28 PM 6/27/2005, Paul Hoffman wrote:
Unfortunately, I do not have a similar recommendation for DSA. SHA-1
still seems to be the only supported one-way hash function. I expect
that to change soon, but it has not happened yet.
So....., what do we do? Update 3370 without changing DSA, then upgrade it
again when the DSA change comes down? Wait for the DSA change?