Re: [TLS] consensus to drop non-ECC DSA from TLS 1.3 spec? (was: DSA should die)

Kurt Roeckx <> Tue, 19 May 2015 21:09 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 87ACA1B3205 for <>; Tue, 19 May 2015 14:09:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xVtWDEpeaUyx for <>; Tue, 19 May 2015 14:09:35 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7ECAF1A90BF for <>; Tue, 19 May 2015 14:09:35 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 116DD1C211B; Tue, 19 May 2015 23:09:33 +0200 (CEST)
Received: by (Postfix, from userid 1000) id E2C8F1FE014F; Tue, 19 May 2015 23:09:32 +0200 (CEST)
Date: Tue, 19 May 2015 23:09:32 +0200
From: Kurt Roeckx <>
To: Dave Garrett <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <>
Subject: Re: [TLS] consensus to drop non-ECC DSA from TLS 1.3 spec? (was: DSA should die)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 May 2015 21:09:37 -0000

On Tue, May 19, 2015 at 03:07:30PM -0400, Dave Garrett wrote:
> The topic of completely dropping DSA was brought up a while back, and the WG seemed to be mostly in favor of it. (in favor of using ECDSA instead, if not wanting to use RSA) Cutting it out of the spec would get rid of a fair bit of obsolete text that doesn't need to be there anymore, which would simplify things a bit. Did we ever get to a point where consensus could be called in favor of killing it?

The usage of DSA certificates is so low that I know about 4
certificates that didn't expire yet, but haven't seen any for
more than a year.  Firefox recently (March 31) stopped supporting
DSA certificates and I don't know of any problems with that

So I see no need to support it in TLS 1.3.