Comments on the DSA changes from Kelvin Yiu on 2009-06-16 (public-xmlsec@w3.org from June 2009)

From: Kelvin Yiu <kelviny@exchange.microsoft.com>
Date: Tue, 16 Jun 2009 08:36:01 -0700
To: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <EF8BB8116404AE42A67EF8BECBC14487BE675D61@DF-POINTER-MSG.exchange.corp.microsoft>

FIPS 186-3 specifies that DSA can be used with SHA-1, SHA-224, and SHA-256 based on key sizes. I mis-read Fredrick's proposal and I think the revised text already addressed the issue with SHA-384 and SHA-512. However, there are a couple of issues that needs to be addressed:


1.       New URIs are needed for DSA with SHA-224 and SHA-256

2.       There is a note in FIPS 186-3 at the end of section 4.2 (on page 16) that basically said a government entity other than a CA should use only 2048 bit and not 3072 bit. I am not sure if that is relevant other than perhaps not to make references to 3072 bit keys.

Thoughts?

Kelvin

Received on Tuesday, 16 June 2009 15:36:56 UTC