Atsuhiko,
Back in Java7, SUN provider only supports DSA keys w/ up-to-1024 bit length.
The SHA1withDSA signature doesn't explicitly check and reject longer
keys though, so I understand how this may be viewed as a regression.
At the time when the large DSA key support is added, we followed the
recommendation by FIPS 186-3 since using a shorter hash weakens the
security strength offered by the larger key. Regardless of entities, I'd
think people prefer to be more secure rather than less.
However, if such (potentially insecure) practice is common, we may
consider relax the restraint for the sake of being interoperable. Do you
have any more info such as CA certs using large DSA keys with
SHA1withDSA signature algorithm, etc.? This will help us decide whether
and how to best accommodate this.
Regards,
Valerie
On 9/18/2014 1:51 AM, Atsuhiko Yamanaka wrote:
Hi there,
We have been developing pure java SSH2 client library named as JSch,
and you may know that it has been integrated and used in Eclipse, NetBeans,
IntelliJ IDEA, ant, Ivy, JGit, etc.
Recently we have received feed backs that JSch has failed to connect
to some sshd on Java8.
After some investigations, we have found that the problem been caused
by a problem reported at JDK-8039921[1].
It seems some sshds have been using long key for Digital Signature(SHA1WithDSA),
and JSch can handle those key successfully on Java7, but, due to a
change by JDK-8039921 on Java8,
it can not connect to those sshds any more on Java8. It means
Eclipse, NetBeans, IntelliJ IDEA, ant, Ivy, JGit, etc,
can not work for those sshds anymore. That change has made huge
impacts to those software.
Some developer at Oracle has commented as follows[2],
For SHA1withDSA signature, DSA keys less than 1024 bits are allowed
for the sake of backward compatibility. As for 2048-bit DSA key pairs,
they should be used with signature algorithms using the SHA-2 family
of message digests as specified in FIPS 186-3.
From my understanding, FIPS 186-3 is the standard to use Digital
Signature in Federal Government entities.
So, if JDK's JCE(SunJCE) has been used in other entities, it should
been not influenced by that standard.
[1] https://bugs.openjdk.java.net/browse/JDK-8039921
[2]
https://bugs.openjdk.java.net/browse/JDK-8039921?focusedCommentId=13486968&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13486968
