> On Oct 10, 2018, at 7:59 PM, Sean Mullan <sean.mul...@oracle.com> wrote: > > There is really no other reason other than DSA keys have been the default > keypairs generated by keytool for a long time, so there are some > compatibility issues we would have to think through before changing it to > another algorithm such as RSA. Weijun might have more insight into that. Not really. It was the default before I join Sun Microsystems many many years ago. Maybe it was a NIST standard? As for compatibility, as long as someone is still using DSA then they might not be specifying the -keyalg option. If not DSA, should RSA be the new default? Or maybe RSASSA-PSS (I wonder if RSASSA-PSS signature can always use legacy RSA keys) or EC? We don't have an option to specify ECCurve in keytool yet (a string -keysize). --Max
- DSA default algorithm for keytool -genkeypair. Bad choice... Severin Gehwolf
- Re: DSA default algorithm for keytool -genkeypair. B... Sean Mullan
- Re: DSA default algorithm for keytool -genkeypai... Severin Gehwolf
- Re: DSA default algorithm for keytool -genkeypai... Weijun Wang
- Re: DSA default algorithm for keytool -genke... Michael StJohns
- Re: DSA default algorithm for keytool -g... Sean Mullan
- Re: DSA default algorithm for keytool -genke... Anthony Scarpino
- Re: DSA default algorithm for keytool -g... Bernd Eckenfels
- Re: DSA default algorithm for keytool -g... Weijun Wang
- Re: DSA default algorithm for keyto... Anthony Scarpino
- Re: DSA default algorithm for k... Sean Mullan
- Re: DSA default algorithm for keytool -g... Adam Petcher
- Re: DSA default algorithm for keyto... Sean Mullan
- Re: DSA default algorithm for k... Michael StJohns
