Re: RSA vs. DSA MUST

["Bonatti, Chris" <BonattiC@xxxxxxxx>]

    Reading through this thread, I am astonished at a couple of apparent truisms that are emerging from the various earnest statements made.  These are (employing a little editorial license):

   * The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost has gone up into the "too high" range.

   * Specifying a single MUST algorithm suite was sufficient to make S/MIME algorithm independent, but actually requiring two algorithms suites will cost too much.  If we've really achieved algorithm independence in the sense that Dave Kemp suggests, this should be a debate about a relatively small math module.

   * We have an 'SMIMECapabilities' attribute for which support is MUST, but some implementations ignore it so we have to use the lowest common denominator to force interoperability.  What make anybody think a MUST on an algorithm choice would be taken any more seriously?

    I don't think I actually have an opinion on this issue myself.  I'm of the mindset to mandate nothing and let Darwin decide.  However, I find the seeming illogic of these collective opinions very troubling.  It leads me to think that we're not getting to the REAL reasoning behind this move.

    I think Blake was closest to this in stating that there has been no customer demand for DSA.  Is this the REAL reason to dump DSA?  Are customers demanding RSA be used?  Do customers express demand for any algorithms, or do they just want it to be "secure"?  Are we just drifting to the path of least resistance?

    Personally, I favor products that support LOTS of interoperability modes... not just lowest common denominators.  Call me crazy, but...

Chris B.