Ah, I see where you're coming from. I have a mental shorthand that basically says "DSA is the one that works like DH", and you're right, you need the inverse for DSA.
But regarding failure modes, I'm thinking of (as a starting point) things like:
http://www.ams.org/notices/199902/boneh.pdf
There are a lot of implementation errors that happen with RSA. What's a comparable list for DSA? Failure to generate good nonces, and then...?
But regarding failure modes, I'm thinking of (as a starting point) things like:
There are a lot of implementation errors that happen with RSA. What's a comparable list for DSA? Failure to generate good nonces, and then...?