[cabfpub] Proposal to add DSA 2048

Ryan Sleevi sleevi at google.com
Fri Mar 8 18:44:13 UTC 2013


For that you'll have to go to your favourite browser/OS stat aggregation site.

I suppose it's sufficient to say that a "non-trivial" amount of Chrome
users use Windows, which means they would not be able to support
larger DSA key sizes. :-)

On Thu, Mar 7, 2013 at 7:40 PM, Ryan Hurst <ryan.hurst at globalsign.com> wrote:
> Interesting, can you share a rough idea of what % of Chrome is Windows?
>
>
>
> Ryan
>
>
>
> From: Ryan Sleevi [mailto:sleevi at google.com]
> Sent: Thursday, March 07, 2013 7:37 PM
> To: Ryan Hurst
> Cc: Rick Andrews; CABFPub
> Subject: Re: [cabfpub] Proposal to add DSA 2048
>
>
>
> NSS recently added support, through contributions from Red Hat. They should
> work with Firefox.
>
> However, because Chrome uses native cert verification APIs, they are not
> expected to work beyond ChromeOS, Chrome for Linux, and Chrome for iOS (the
> three NSS-for-verification platforms).
>
> Note: This is not an endorsement.
>
> On Mar 7, 2013 7:27 PM, "Ryan Hurst" <ryan.hurst at globalsign.com> wrote:
>
> The performance properties of DSA are great relative to RSA for servers but
> major clients (as far as I know) do not support DSA keys larger than 1024, I
> know this is the case for anything that relies on CryptoAPI in Windows. Out
> of curiosity are there major browsers that can work with such keys or are
> your scenarios limited to custom applications?
>
>
>
> Ryan
>
>
>
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
> Behalf Of Rick Andrews
> Sent: Thursday, March 07, 2013 4:23 PM
> To: CABFPub (public at cabforum.org)
> Subject: [cabfpub] Proposal to add DSA 2048
>
>
>
> Symantec has begun offering SSL certificates with DSA 2048-bit keys. Since
> DSA is not mentioned in the Baseline Requirements or EV Guidelines, I’d like
> to explicitly add DSA 2048 in BR Appendix A as the minimum DSA key size.
>
>
>
> If there are no objections, I’ll draft a ballot and seek endorsers.
>
>
>
> -Rick
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public



More information about the Public mailing list