Nick Dokos wrote:
> Jim Knoble wrote:
> > If this is to be done, i would propose the default be, since
> > the RSA patent has expired, but that it be changeable via the
> > environment. See below.

> IANAL but I thought DSA's patent has been thrown open by NIST for use by
> anybody (although I understand that Dr. Schnorr has some claims).

I am not aware of any problem with using DSA. It is just that RSA is
the more preferred solution by many.

The purpose of DSA was to avoid the RSA patent. Since the RSA patent
is now long expired there is no longer any reason to avoid using RSA.

+1 on using by default, or other more generic solution.

> I just thought that having the default being the case that nobody
> uses (perhaps I should say, that nobody should use) any more is a
> little strange.

I am not quite understanding what you are saying here. Are you saying
that people should not use DSA? This is not the case. DSA is
perfectly fine to use. It is just not as efficient as using RSA.
That is what makes use of RSA the preferred choice by many.

openssh-unix-dev mailing list