JDK-8039921: SHA1WithDSA with key > 1024 bits not working
Valerie Peng
valerie.peng at oracle.com
Thu Oct 9 23:16:53 UTC 2014
Hi, Atsuhiko,
Thanks for the reply. I have just returned from vacation and am looking
through the specs that you provided.
Should have an update some time next week.
Regards,
Valerie
On 9/26/2014 10:19 AM, Atsuhiko Yamanaka wrote:
> Hi,
>
> Is there any update on this issue?
>
> On Fri, Sep 19, 2014 at 9:04 AM, Valerie Peng<valerie.peng at oracle.com> wrote:
>> However, if such (potentially insecure) practice is common, we may consider
>> relax the restraint for the sake of being interoperable. Do you have any
>> more info such as CA certs using large DSA keys with SHA1withDSA signature
>> algorithm, etc.? This will help us decide whether and how to best
>> accommodate this.
> As Mr. Bernd Eckenfels has commented,
> > But - as the SSH example shows - there are protocols which have
> > different needs and threat scenarios. Crypto primitives should stay
> > away from that policing.
> that functionality is not only for CA. Could you please consider
> relax the restraint?
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> Skypecallto://jcraft/
> Twitter:http://twitter.com/ymnk
> Facebook:http://facebook.com/aymnk
More information about the security-dev
mailing list