[Botan-devel] DSA p-bits check
lloyd at randombit.net
Fri May 28 10:25:13 EDT 2010
On Fri, May 28, 2010 at 04:20:02PM +0200, Rickard Bellgrim wrote:
> The current support for DSA in DNSSEC is based on RFC2536 from year 1999.
> But an attempt was made to add support for DSA/SHA2, but that one has expired.
> Another problem is that PKCS#11 only accept sizes between 512 and 1024 bits (for prime p). It has not even been fixed in the new draft for version 2.30. And no support for SHA2.
More information about the botan-devel