[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

[Georgi Guninski]

On Fri, Sep 30, 2016 at 09:42:46AM +0300, Georgi Guninski wrote:
> On Thu, Sep 29, 2016 at 10:22:10PM +0000, Kristian Gjøsteen wrote:
> > These keys aren’t weak, they are invalid. The parameters used are not according to the standard.
> >
> 
> Which is the standard?
> 
> URL please.

To clarify the question, since you asked offlist.

The x509 certs in tar.gz pass verification with warning that they are
self signed, which easily can be fixed by signing them with valid
cert.

In openssl 1.0.2j (latest of know) in static int dsa_do_verify(
====
    i = BN_num_bits(dsa->q);
    /* fips 186-3 allows only different sizes for q */
    if (i != 160 && i != 224 && i != 256) {
        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
        return -1;
    }
====

So some standard makes $q$ in a small set of fixed bits.

Which standard says that all my keys are invalid? URL please.

An aside:

As I linked in this thread, DLOG is subexponential in size of $p$.
I don't exclude the possibility that is also subexponential or
efficient in the 160 bits subgroup of 1024 bit prime.