[cabfpub] Fwd: Re: Proposal to add DSA 2048
Erwann Abalea
erwann.abalea at keynectis.com
Mon Mar 11 10:32:59 UTC 2013
A good mention from Tom Ritter.
The same problem exists with ECDSA keys (page 13 of the mentionned RFC).
--
Erwann ABALEA
-------- Message original --------
Sujet: Re: [cabfpub] Proposal to add DSA 2048
Date : Fri, 8 Mar 2013 17:47:41 -0500
De : Tom Ritter <tom at ritter.vg>
Pour : Ryan Hurst <ryan.hurst at globalsign.com>
Copie à : Erwann ABALEA <erwann.abalea at keynectis.com>
It may be worth mentioning one other thing beyond Erwann's summary about
DSA keys that is unlike RSA: that only part of the public key may be
specified in the certificate, and it is expected to inherit the missing
parameters from the parent certificate (or fail). This is an odd sharp
edge that came up in Public Key Pinning - and I'm sure it will cause
some applications somewhere to crash ;)
http://tools.ietf.org/html/rfc3279#page-9
-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130311/7fe83f71/attachment-0002.html>
More information about the Public
mailing list