Who knows? I wanted an educated response but couldn’t get one from any of the security people I know on irc.
Putty used to hate DSA but now just has a warning against DSA. Simon Tatham explains the choices a little further in a comp.security.ssh thread.
[05:37pm|fR> btm: my understanding has been that dsa was used because rsa used to be patented or something
There’s a good thread, even with Grumpy Theo comments here as to the patent (US Patent #4405829). US Patents are good for 17 years so being issued on Sep 20, 1983, means it would have expired about Sep 20, 2000. RSA did this funny press release about putting the patent in the public domain, so very nice of them, on Sep 7, 2000. It’s funny, I remember this being in the news back then… back in the day.
I saw somewhere that DSA was a little bit faster, but it was random group post somewhere that I didn’t care to link to. It was only a LITTLE bit faster, like, 300ms maybe. Whereas DSA keys could possibly suck from poor entropy from having a broken pseudo random number generator, and RSA is no longer patent encumbered, fully supported by ssh2, and has been kicked around by the cryptographic community for quite some time, I’m going to use RSA2 (which I assume is just the SSH2 implication of RSA). I forget right know what sucked about ssh1 rsa, but it sucks, and I’d recommend disabling support for ssh1 in your gear whenever possible.