Re: [TLS] DSA should die

Bill Frantz <frantz@pwpconsult.com> Wed, 01 April 2015 21:55 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD0AE1A8774 for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 14:55:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fWwf6XN40Ehc for <tls@ietfa.amsl.com>; Wed, 1 Apr 2015 14:55:24 -0700 (PDT)
Received: from elasmtp-masked.atl.sa.earthlink.net (elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]) by ietfa.amsl.com (Postfix) with ESMTP id 5EBB41A8701 for <tls@ietf.org>; Wed, 1 Apr 2015 14:55:24 -0700 (PDT)
Received: from [173.75.83.181] (helo=Williams-MacBook-Pro.local) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1YdQbb-0005TF-FG for tls@ietf.org; Wed, 01 Apr 2015 17:55:23 -0400
Date: Wed, 1 Apr 2015 14:55:23 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: tls@ietf.org
X-Priority: 3
In-Reply-To: <0899615E-0ADC-4474-B031-0589014D0511@gmail.com>
Message-ID: <r422Ps-1075i-6057E82AB6334E70BA222530F8C783EA@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79e155ca178970ea05787b9d80c8452395350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 173.75.83.181
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/h3TFrGcZoAWj2ifHkbWOyRmi6l8>
Subject: Re: [TLS] DSA should die
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 21:55:26 -0000

+1

I have always worried about the issues with bad random values 
and DSA. We keep seeing bad random number problems in the wild, 
so replacing DSA with algorithms that don't have its problems 
seems like a good idea. Currently, it appears that the effect on 
the real world will be minor, so now seems like a good time.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Concurrency is hard. 12 out  | Periwinkle
(408)356-8506      | 10 programmers get it wrong. | 16345 
Englewood Ave
www.pwpconsult.com |                - Jeff Frantz | Los Gatos, 
CA 95032