Robert J. Hansen rjh at sixdemonbag.org
Fri Sep 29 10:35:20 CEST 2006

Lionel Elie Mamane wrote:
>>  - DSA does not support "firewalled hashes"
> Not exactly. Version 3 DSA signatures lack a hash firewall. But
> version 4 DSA signatures do have a hash firewall. The version refers
> not to a version of DSA itself, but the version of the OpenPGP packet
> format being used.

This is one of those times when the language in the RFC appears designed
to obscure meaning, as opposed to illuminate it.  E.g., if memory serves
we can talk about one set of versions for keys, and another set of
versions for signatures, etc., etc.

It is my understanding--and I would welcome being pointed to language in
the RFC showing that I am wrong--that v4 DSA keys lack a satisfactory
hash function firewall.  If I'm correct and the problem is associated
with keys and not certificates, then that to me would be sufficient
reason to recommend RSA.

More information about the Gnupg-devel mailing list