Patrick wrote: > > I see JSS supports DSA key generation. So I should be able to create a DSA > key in NSS and use it for signing. Any known problems? What are the pros and > cons between an RSA key and a DSA key? Could a DSA key be used for SSL? > Would JSS allow this? >
I don't specifically know about JSS since I haven't used it but for NSS (does JSS call NSS?) a few issues may arise. The last time I looked EDH cipher suites (which are needed for server side DSA certificates) were client only. If that's still the case you would need a separate server EDH implementation. There may be some interop problems with incompatible DSA signature formats and SSL (NSS uses a 40 byte raw signature and some other implementations use DSS-Sig-Value), though if you use TLS this wont arise. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
