Consider fully retiring FF-DSA from macOS

[vcsjones]

FF-DSA (henceforth “DSA”) has always been an oddity on Apple platforms. This is a proposal to remove it from macOS.

• FIPS 186-5 has withdrawn recommendation for DSA.
• Apple never fully supported it. It was never supported on iOS / tvOS at all.
• The support that Apple does have on macOS is limited to importing existing keys. It cannot generate DSA keys.
• It never supported FIPS 186-3 DSA keys, limiting it to DSA 1024 with SHA-1.
• Apple’s implementation is based on CSSM. It is not thread safe in certain circumstances and results in crashes. SIGSEGV when independent DSA keys are concurrently disposed #71738 System.Security.Cryptography.Csp.Tests failing on macOS x64 Debug #104172
• It is the only remaining use of Apple’s deprecated SecurityTransforms API. Apple never implemented DSA elsewhere like RSA, ECDSA, etc.
• DSA is not supported in many contexts in .NET already. They don’t work with SslStreamCertificateContext, CertificateRequest, etc.
• Apple does not support it in their TLS stack, so support is basically limited to primitive use.

Seems like there is very little reason to keep it around on macOS.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

[bartonjs]

Honestly, we could probably just drop FF-DSA altogether and no one one notice, but dropping it actually takes work.

In this case, the work has a benefit of removing a legacy dependency... so... yeah, it seems reasonable (for 11).