JDK-8039921: SHA1WithDSA with key > 1024 bits not working

Valerie Peng valerie.peng at oracle.com
Thu Oct 9 23:16:53 UTC 2014


Hi, Atsuhiko,

Thanks for the reply. I have just returned from vacation and am looking 
through the specs that you provided.
Should have an update some time next week.

Regards,
Valerie


On 9/26/2014 10:19 AM, Atsuhiko Yamanaka wrote:
> Hi,
>
> Is there any update on this issue?
>
> On Fri, Sep 19, 2014 at 9:04 AM, Valerie Peng<valerie.peng at oracle.com>  wrote:
>> However, if such (potentially insecure) practice is common, we may consider
>> relax the restraint for the sake of being interoperable. Do you have any
>> more info such as CA certs using large DSA keys with SHA1withDSA signature
>> algorithm, etc.? This will help us decide whether and how to best
>> accommodate this.
> As Mr. Bernd Eckenfels has commented,
>     >  But - as the SSH example shows - there are protocols which have
>     >  different needs and threat scenarios. Crypto primitives should stay
>     >  away from that policing.
> that functionality is not only for CA.  Could you please consider
> relax the restraint?
>
>
> Sincerely,
> --
> Atsuhiko Yamanaka
> JCraft,Inc.
> 1-14-20 HONCHO AOBA-KU,
> SENDAI, MIYAGI 980-0014 Japan.
> Tel +81-22-723-2150
> Skypecallto://jcraft/
> Twitter:http://twitter.com/ymnk
> Facebook:http://facebook.com/aymnk


More information about the security-dev mailing list