[Botan-devel] DSA p-bits check

Jack Lloyd lloyd at randombit.net
Fri May 28 10:25:13 EDT 2010


On Fri, May 28, 2010 at 04:20:02PM +0200, Rickard Bellgrim wrote:

> The current support for DSA in DNSSEC is based on RFC2536 from year 1999. 
> 
> But an attempt was made to add support for DSA/SHA2, but that one has expired.
> http://tools.ietf.org/html/draft-hoffman-dnssec-dsa-sha2-00
> 
> Another problem is that PKCS#11 only accept sizes between 512 and 1024 bits (for prime p). It has not even been fixed in the new draft for version 2.30. And no support for SHA2.

Argh :(



More information about the botan-devel mailing list