Re: RSA vs. DSA MUST

["Bonatti, Chris" <BonattiC@xxxxxxxx>]

Dr S N Henson wrote:

> "Bonatti, Chris" wrote:
> >
> >     Reading through this thread, I am astonished at a couple of apparent truisms that are emerging from the various earnest statements made.  These are (employing a little editorial license):
> >
> >    * The implementation cost of DSA/D-H/3DES was acceptable when RSA was patented, but now that some of us have actually built/tested this the cost has gone up into the "too high" range.
> >
>
> I'd say in the DH case (and to some extent DSA) there's the issue of how
> practical it is. The only DH certificates I've ever seen were in the
> S/MIME examples draft. I suspect there are problems with the parameters
> but despite repeated queries I never found anyone who could
> independently check them.
>

I agree about D-H certs.  They are not deployed as far as I can see.


>
> If public CAs issuing DSA certificates are rare then I'd say CAs issuing
> DH certificates are virtually non existent. Does anyone know of a single
> example?
>

For "public CAs" I'd have to agree.  I think the US government has issued *lots* of DSA certs, but they generally don't emit them because the interoperability picture is rather bleak.  I don't
think secure mail gets used much outside of fairly closed environments for this very reason.  It's exceedingly rare that I even see a signed message in this forum.


>
> Its all very nice adding support for DSA and DH but if users can't get
> any certificates from public CAs then their value is severely limited.
>

It's a bit of a chicken and egg problem, though.

Chris



>
> Steve.
> --
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: shenson@xxxxxxxxxxxxxxxxxxxxxxxxxxx
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: drh@xxxxxxxxxxx PGP key: via homepage.