Hi Niels, Please see NIST 186-3 (June 2009): http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf After cursory review, it appears trivial to convert DSA1 --> DSA2, but DSA2 is incompatible with ssh-dsa. Thank you, James -----Original Message----- From: Niels Möller [mailto:nisse at lysator.liu.se] Sent: Monday, September 21, 2009 10:23 AM To: James Blaisdell Cc: Peter Gutmann; ietf-ssh at NetBSD.org Subject: Re: SSH non-compliance with FIPS 186 James Blaisdell <JBlaisdell at mocana.com> writes: > I started looking into this as well. FIPS 140-2 refers to this as > "DSA2," Where, more precisely? FIPS 140-2 "Security Requirements for Cryptographic Modules" doesn't seem to mention dsa at all. Is it in one of the annexes? > I believe a new draft/RFC is required for ssh-dsa2-* > (ssh-dsa2-160/224/256/385/512) algorithms. For me, the first step is to find a *complete* and authoritative specification for these dsa variants, preferably including test vectors. I'd like to have the general signature algorithm done correctly, before worrying too much about how to use it in ssh. For ssh, initially, I could implement it under a name like dsa-sha256 at lysator.liu.se, next we'd have to agree on the details, and then arrange to allocate an official name and document it as an informational RFC, or something like that. Are there any other Internet standards that use these updated DSA variants? /Niels
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.