[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Required Algorithms for Certificates

To: Russ Housley <housley@xxxxxxxxxx>, <ietf-pkix@xxxxxxx>
Subject: Re: Required Algorithms for Certificates
From: Paul Hoffman / VPNC <paul.hoffman@xxxxxxxx>
Date: Thu, 21 Dec 2000 13:26:30 -0800
In-reply-to: <>
References: <>

At 12:05 PM -0500 12/20/00, Russ Housley wrote:

Certificate users MUST be able to validate signatures on certificates and CRLs with all of the following:
- DSA with SHA-1, and
- RSA with SHA-1.

At the VPN bakeoff in San Diego in January of this year, only a tiny fraction of the IPsec implementations could verify DSA certs. Heck, some of the CA vendors there weren't able to issue DSA certs for testing.

Given that VPNs are one of the major users of the PKIX protocol (and are arguably the largest base of deployed use of PKIX), having this WG say "almost all existing IPsec implementations are non-conformant" is somewhat harsh.

If we are interested in PKIX reflecting deployed reality, the document should be MUST RSA, MAY DSA for both CAs and cert users. Note the "MAY DSA" instead of "SHOULD DSA": the only reason a user would use DSA is if that is the only format supported by the CA, and few if any significant CAs did that. We should not say "SHOULD DSA" unless we believe that there is already widespread interoperability of DSA implementations; that seems unlikely, given how little public testing there has been for DSA certs.

--Paul Hoffman, Director
--VPN Consortium

References:
- Re: Required Algorithms for Certificates
  - From: Russ Housley

Prev by Date: RE: Required Algorithms for Certificates
Next by Date: RE: Required Algorithms for Certificates
Previous by thread: Re: Required Algorithms for Certificates
Next by thread: RE: Required Algorithms for Certificates
Index(es):
- Date
- Thread