Re: Do people have something against RSA?

[Michael Sierchio <kudzu@xxxxxxxx>]

Christopher Williams wrote:
> 
> Do people in the PKI world have something RSA Data Corporation?  It's just
> that every document mandates DSA as a signature algorithm and indicates that
> RSA "MAY" also be supported.  Another example is that PKIX does not support
> PKCS#8 for securing private keys, even though PKCS#8 is a well-established
> standard (eight years old now?).  Then I read as a suggested amendment to
> the TSP document:
> 
> "TSA implementations MUST support DSA.  TSA implementations MAY include RSA."

I'm afraid that I don't see why a mandate for private key storage is
relevant to this discussion -- other than the obvious requirement
that private keys be kept private,  whether by embedding in tamper-resistant
hardware,  password based encryption, etc.,  and that there be a revocation
mechanism in the event of compromise.

And the answer to your query -- as a former employee of RSADSI (now
RSA Security) -- is: yes.  There is antipathy for RSA, perhaps because
they have always spent more on lawyers than on R&D.  I have the greatest
respect for the folks at RSA Labs,  but slight regard for the rest of
the company that was RSADSI and SDTI.

> Get real!  The whole world uses RSA.  The future worldwide PKI will run on
> RSA.

One might easily surmise that the future of PKI is ECC, or something
yet to be invented.  However,  choosing technology that is unecumbered
by patents is an IETF requirement.

>  I have never seen a certificate signed with an algorithm other than
> RSA and containing anything other than an RSA public key. 

That is a self-referential statement -- the plural of anecdote is not
data, IIRC.

> Insisting upon DSA and Diffie-Hellman is like railing against the
> universality of Microsoft: pointless and missing the point.

There are distinct advantages to the use of long-term DH values
tied to identity, esp. when it comes to stateless protocols, IPSec,
and other uses for key agreement.