DSA default algorithm for keytool -genkeypair. Bad choice?
Bernd Eckenfels
ecki at zusammenkunft.net
Wed Oct 10 21:35:29 UTC 2018
It might not apply to this specific default but in the past DSA was often chosen (over RSA) as a default as it was regarded as less suspicious to been understood as an encryption capable algorithm (as opposed to RSA). But of course that thinking was never correct and the justification for interpreting crypto law is also gone.
Not having a default is actually a good idea
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: security-dev <security-dev-bounces at openjdk.java.net> on behalf of Anthony Scarpino <anthony.scarpino at oracle.com>
Gesendet: Mittwoch, Oktober 10, 2018 11:18 PM
An: security-dev at openjdk.java.net
Betreff: Re: DSA default algorithm for keytool -genkeypair. Bad choice?
On 10/10/2018 07:42 AM, Weijun Wang wrote:
>
>
>> On Oct 10, 2018, at 7:59 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> There is really no other reason other than DSA keys have been the default keypairs generated by keytool for a long time, so there are some compatibility issues we would have to think through before changing it to another algorithm such as RSA. Weijun might have more insight into that.
>
> Not really. It was the default before I join Sun Microsystems many many years ago. Maybe it was a NIST standard?
>
> As for compatibility, as long as someone is still using DSA then they might not be specifying the -keyalg option.
>
> If not DSA, should RSA be the new default? Or maybe RSASSA-PSS (I wonder if RSASSA-PSS signature can always use legacy RSA keys) or EC? We don't have an option to specify ECCurve in keytool yet (a string -keysize).
>
> --Max
>
>
I would rather get rid of the default completely.
I realize there maybe scripting issues with that. If we made some
documentation guarantees a default algorithm then maybe we are stuck
with having a default and can use a security property. A part of me
thinks it would be foolish for an application to assume a default
algorithm and may deserve to be broken so they can fix it.
Even if we didn't remove defaults from older java version, in future
releases it would be nice to eliminate defaults were possible.
With regard to a replacement, I'd prefer over EC than RSA given a
choice. But either is ok.
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20181010/04694ec3/attachment.htm>
More information about the security-dev
mailing list