[openssl-users] More secure use of DSA?
rsalz at akamai.com
Sun Sep 4 18:42:45 UTC 2016
> So what's your proposed method of combining algorithms? You reject the
> commonly accepted approach, but when asked to offer an alternative, you
> start evading? Do you have no alternative then?
Start evading. Sheesh.
I made a casual comment and said YMMV, encouraging disagreement. Now I find myself being challenged. I am not thrilled with the tenor of this conversation.
The needs of encryption aren't necessarily equivalent to the needs of authentication, nor digesting. Nobody has ever shown that they have to be equivalent strength. Why do they have to be? It's just asserted that they should match. I don't buy into that assertion, and will, instead, turn the question back: why do they have to be?
More information about the openssl-users