[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Removing Elgamal signatures



* Florian Weimer wrote:
> Lutz Donnerhacke wrote:
>> I'd like to oppose. ElGamal signatures are still useful,
>
> Useful for what?

I prefer more than one algorithm for a given task. That's all.
My personal opinion is not relevant to the removal of this packet type.

> objections to its design process), but this is no longer a convincing
> justification since we now have RSA at our disposal.

Do we use RSA right? Requiring SSP?

> Are you confident that no additional implementation traps will
> discovered?  With RSA, I have some confidence that the most important
> things are properly documented, but ElGamal signatures appear to be much
> more problematic.  Please keep in mind that this is the second case of
> such an implementation trap for the ElGamal signature scheme.

There are a lot of listed RSA attacks, too.