True. I don't expect DSA to ever become viable enough to worry about. I think if you ran the same select for ECDSA, you would come up with zero, but there is some expectation of that changing in the long run.
By now all the major browsers except Opera support ECDSA, so we might be seeing some of those when websites feel it's safe to abandon the IE6-on-Windows-XP and old Macs. On Dec 13, 2011, at 2:55 AM, Chris Palmer wrote: > Of these, the handful that I spot-checked are all either down, > expired, or have been replaced with certificates for RSA keys. > > On Mon, Dec 12, 2011 at 4:37 PM, Chris Palmer <[email protected]> wrote: >> Also, FWIW, from the EFF SSL Observatory: >> >> mysql> select distinct `Subject Public Key Info:Public Key Algorithm` >> from valid_certs; >> +----------------------------------------------+ >> | Subject Public Key Info:Public Key Algorithm | >> +----------------------------------------------+ >> | rsaEncryption | >> | dsaEncryption | >> +----------------------------------------------+ >> 2 rows in set (4.09 sec) >> >> mysql> select count(*) from valid_certs where `Subject Public Key >> Info:Public Key Algorithm` like '%dsa%'; >> +----------+ >> | count(*) | >> +----------+ >> | 25 | >> +----------+ >> 1 row in set (3.26 sec) _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
