Re: [TLS] DSS with other than SHA-1 algorithms
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 05 April 2011 11:28 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6006A28C0FC for <tls@core3.amsl.com>; Tue, 5 Apr 2011 04:28:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Spta2kS32nVF for <tls@core3.amsl.com>; Tue, 5 Apr 2011 04:28:06 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id 8FDD128C0F4 for <tls@ietf.org>; Tue, 5 Apr 2011 04:28:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1302002990; x=1333538990; h=message-id:date:from:to:subject:mime-version: content-transfer-encoding; z=Message-ID:=20<20110405232948.inrkf05c84kgcosw@webmail.c s.auckland.ac.nz>|Date:=20Tue,=2005=20Apr=202011=2023:29: 48=20+1200|From:=20Peter=20Gutmann=20<pgut001@cs.auckland .ac.nz>|To:=20tls@ietf.org|Subject:=20Re:=20[TLS]=20DSS =20with=20other=20than=20SHA-1=20algorithms|MIME-Version: =201.0|Content-Transfer-Encoding:=207bit; bh=SiFtz1x9dAclJKS5jyLmZVaCCHwIXjfxHJAPBwTVKjo=; b=umcBmDrqEiVkgPUE7Rv/N6ELojV6+/Wd19pdXexRbrAc6f9RvknkSRsF IcrDMD6mCOWiCdhAmajVVp23Z6QjDm/ThlvxeZzFctOkXdC2Wc2sdHfQP fTTcHnQ6Dhz3f0lppSaCrCVWCpl1iux0Mvdd6EqSvsQRHKhawtzWmQGqr s=;
X-IronPort-AV: E=Sophos;i="4.63,303,1299409200"; d="scan'208";a="55238915"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 05 Apr 2011 23:29:48 +1200
Received: from webcluster2.sit.auckland.ac.nz ([130.216.33.143] helo=eris.cs.auckland.ac.nz) by mf1.fos.auckland.ac.nz with esmtp (Exim 4.69) (envelope-from <pgut001@cs.auckland.ac.nz>) id 1Q74SC-0006OB-Hl for tls@ietf.org; Tue, 05 Apr 2011 23:29:48 +1200
Received: from 202-169-221-129.worldnet.co.nz (202-169-221-129.worldnet.co.nz [202.169.221.129]) by webmail.cs.auckland.ac.nz (Horde) with HTTP for <pgut001@cs.auckland.ac.nz>; Tue, 05 Apr 2011 23:29:48 +1200
Message-ID: <20110405232948.inrkf05c84kgcosw@webmail.cs.auckland.ac.nz>
Date: Tue, 05 Apr 2011 23:29:48 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: tls@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.1)
X-Originating-IP: 202.169.221.129
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2011 11:28:13 -0000
Some time ago I wrote: >Not really, use of DSA server certs is practically nonexistent (anyone want >to trawl through the EFF cert database to count them?) and use of "DSA2" >(i.e. > 1 kbit key) certs AFAIK *is* nonexistent, Someone has now gone through the EFF cert database and counted the number of DSA certs present on publicly-visible servers. In the entire world, there are exactly twenty-five of them (and some of these, I'm guessing, are test certs/servers). In contrast, there are several million RSA certs. So not only is "DSA2" nonexistent, but for all intents and purposes DSA is nonexistent as well. Peter.
- [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Dr Stephen Henson
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Hovav Shacham
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Simon Josefsson
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Geoffrey Keating
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Daniel Kahn Gillmor
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Jack Lloyd
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Paul Hoffman
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann