From owner-cvs-all  Thu Apr 11 20:13:57 2002
Delivered-To: cvs-all@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5C75837B416; Thu, 11 Apr 2002 20:13:52 -0700 (PDT)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.11.4/8.11.6) id g3C3DnP83776;
	Thu, 11 Apr 2002 23:13:49 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 11 Apr 2002 23:13:49 -0400 (EDT)
From: Garrett Wollman <wollman@lcs.mit.edu>
Message-Id: <200204120313.g3C3DnP83776@khavrinen.lcs.mit.edu>
To: Archie Cobbs <archie@dellroad.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh servconf.c
In-Reply-To: <200204120044.g3C0i7W08442@arch20m.dellroad.org>
References: <200204112204.g3BM4eK56395@freefall.freebsd.org>
	<200204120044.g3C0i7W08442@arch20m.dellroad.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

<<On Thu, 11 Apr 2002 17:44:07 -0700 (PDT), Archie Cobbs <archie@dellroad.org> said:

>> Knowledgeable persons assure me that RSA is preferable to DSA and that we
>> should transition away from DSA.

> We're curious.. can you share any references on this issue?

I'm not DES, but I can at least make a crack at it.

RSA and DSA are believed to be of comparable cryptographic strength,
given the key sizes commonly used today.  However, verifying a DSA
signature is computationally much more expensive than verifying an RSA
signature, and since the expiration of the RSA patent there's no
particularly good reason to use DSA at all except for compatibility.
IIRC, when the SSHv2 protocol is officially blessed by the IETF, RSA
will be required and DSA will be an option.  The bottom line is that
DSA is more expensive but not better.

If we ever get any elliptic-curve crypto algorithms we can use, this
may change again.  (ECC algorithms have the nice feature of depending
on a different sort of mathematical problem from both RSA and DSA, and
as a result can achieve comparable security with much smaller keys.
Given that ECC is a relatively recent invention, I suspect the
field[1] is entirely hedged about with patents.)

-GAWollman

[1] No pun intended.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message