Hi Sean, On Wed, 2018-10-10 at 07:59 -0400, Sean Mullan wrote: > On 10/10/18 6:23 AM, Severin Gehwolf wrote: > > Hi, > > > > What is the rationale of using DSA keys (2048 bit) as default for > > genkeypair command? > > http://hg.openjdk.java.net/jdk/jdk/file/c4a39588a075/src/java.base/share/classes/sun/security/tools/keytool/Main.java#l1120 > > There is really no other reason other than DSA keys have been the > default keypairs generated by keytool for a long time, so there are some > compatibility issues we would have to think through before changing it > to another algorithm such as RSA. Weijun might have more insight into that. > > It seems a bad choice given that DSA keys are disabled via Fedora's > > crypto policy (not just OpenJDK, but other crypto providers too). > > Actually, only DSA keys < 1024-bit are disabled by default in OpenJDK.
Thanks. I should have perhaps clarified. Not sure whether that was clear. In Fedora a global crypto policy is in place. The policy affects OpenSSL, GnuTLS, (patched) OpenJDK etc. It's that global policy which disables DSA unconditionally. > > Here the explanation from Nikos Mavrogiannopoulos from a Fedora bug[1] > > as to why that's a bad choice: > > > > """ > > DSA is not used by new security protocols any more (doesn't exist as a > > negotiation option under TLS1.3), and was a very rarely used option > > under previous protocols (TLS1.2 or earlier). In fact only DSA-1024 is > > documented under these protocols. DSA-2048 may or may not work > > depending on the implementation (and even worse may not interoperate). > > """ > > > > Could the default choice of keyalg for genkeypair be reconsidered? > > Yes, I think it should be considered since DSA is rarely used anymore > and not supported by newer security protocols such as TLS 1.3. I have > filed: https://bugs.openjdk.java.net/browse/JDK-8212003 Great, thanks! Cheers, Severin > --Sean > > > If not, why not? > > > > Thanks, > > Severin > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1582253 > >
