Interesting this DSA vs RSA. It looks like openssl folks did a patch in November 2011 that would fix a bug that showed up when using DSA keys longer than 1024 (meaning 2048 or 3072 like per FIPS 186-3 from 2009.) But openssh never caught on, and their ssh-keygen may barf on keys longer than 1024 when built with "with-openssl" configuration (which is the default.) Also, DSA requires an excellent source of randomness or else techniques from RFC 6979 are needed, to keep it non-breakable. So openssh decided to keep life simple and focus on supporting RSA. That seems to be the reason that Ed your DSA keys are "old."
Burt On Tue, Oct 18, 2016 at 8:22 PM, Edward Warnicke <hagb...@gmail.com> wrote: > I didn't read to closely on it... but I suspect that over time it will > likely mean that everywhere you use DSA (not RSA) keys you will need to > replace (presuming I am correct... but replacing my old DSA keys with new > RSA keys did fix this issue for me in fd.io and in ODL). > > Ed > > > On Tue, Oct 18, 2016 at 5:19 PM, Keith Burns <alaga...@gmail.com> wrote: > >> Oooops, spoke to soon. Well Dang and Blast ... >> >> I do use RSA keys ... >> >> Does this mean that every place I have my public key I will need to >> change ? >> >> >> On Tue, Oct 18, 2016 at 5:15 PM Keith Burns <alaga...@gmail.com> wrote: >> >>> But Trusty works fine ... as in >>> >>> export VPP_VAGRANT_DISTRO="centos7" >>> vagrant up >>> (bang) >>> vagrant destroy -f >>> unset VPP_VAGRANT_DISTRO >>> vagrant up >>> profit. >>> >>> >>> >>> On Tue, Oct 18, 2016 at 5:02 PM Edward Warnicke <hagb...@gmail.com> >>> wrote: >>> >>> At a guess... here's what I think is happening (because it bit me). DSA >>> keys have recently been deprecated. You may need to create a new >>> RSA key and add it to your keys in gerrit. >>> >>> Ed >>> >>> On Tue, Oct 18, 2016 at 4:56 PM, Keith Burns <alaga...@gmail.com> wrote: >>> >>> https://gist.github.com/aef7978ee4bbfc5848f0bdb775342eb8 >>> >>> Trusty works fine even though the above complains about Gerrit keys. >>> >>> Is this a problem with Gerrit or with the Vagrant system? >>> >>> >>> >>> _______________________________________________ >>> vpp-dev mailing list >>> firstname.lastname@example.org >>> https://lists.fd.io/mailman/listinfo/vpp-dev >>> >>> >>> > > _______________________________________________ > vpp-dev mailing list > email@example.com > https://lists.fd.io/mailman/listinfo/vpp-dev >
_______________________________________________ vpp-dev mailing list firstname.lastname@example.org https://lists.fd.io/mailman/listinfo/vpp-dev