On Jul 27, 2008, at 3:48 AM, Martin Schütte wrote:
[EMAIL PROTECTED] schrieb:
The specification supports only DSA, which means it can't be used
with
certificates most folks already have (or can most easily obtain from
any CA). Was this an intentional design decision? If so, I'd like to
hear some background for it...
The DSS (FIPS 186-2,
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf)
consists of three signature algorithms and covers DSA, RSA and ECDSA.
I would suggest to use these three for syslog-sign.
Well, the reason it's DSA is that the size of a DSA signature is
proportional to the size of the hash function rather than the key. At
the time John Kelsey did the first protocol, we were talking about DSA
with SHA-1. Now, of course, there are more options.
Nonetheless, if you're going to do syslog-sign over udp, there's a
real need to keep the signatures small.
That is why it is DSA. It's also why the encoding is the OpenPGP
encoding, and not DER. It's all to keep things as tight as possible.
Obviously, if you're going to do it over TCP, or even TLS, the
tightness is not needed as much. However, it's still nice to have a
protocol that is parsimonious on data. I think ECDSA makes much more
sense than RSA for it.
Jon
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
