JDK-8039921: SHA1WithDSA with key > 1024 bits not working
Atsuhiko Yamanaka
ymnk at jcraft.com
Fri Sep 26 17:19:06 UTC 2014
Hi,
Is there any update on this issue?
On Fri, Sep 19, 2014 at 9:04 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
> However, if such (potentially insecure) practice is common, we may consider
> relax the restraint for the sake of being interoperable. Do you have any
> more info such as CA certs using large DSA keys with SHA1withDSA signature
> algorithm, etc.? This will help us decide whether and how to best
> accommodate this.
As Mr. Bernd Eckenfels has commented,
> But - as the SSH example shows - there are protocols which have
> different needs and threat scenarios. Crypto primitives should stay
> away from that policing.
that functionality is not only for CA. Could you please consider
relax the restraint?
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Skype callto://jcraft/
Twitter: http://twitter.com/ymnk
Facebook: http://facebook.com/aymnk
More information about the security-dev
mailing list