Why are DSA keys referred to as DSS keys when used with SSH?

Question

When I generate a DSA key with ssh-keygen -t dsa, the resulting public key will begin with ssh-dss.

How come? Why not ssh-dsa?

Answer 1

DSS is simply a document that describes the signing procedure and specifies certain standards. The original document is FIPS 186 and latest revision in 2013 is FIPS 186-4. DSS is a standard for digital signing.

DSA is a cryptographic algorithm that generates keys, signs data, and verifies signatures. DSA, in itself, can use any hash function for its internal "cryptomagic", and it can also use any (L, N) for its parameters' length. DSS, as a standard, defines DSA's optional specifications.

DSS says that DSA should use SHA-1 as its hash function (recently, SHA-2). DSS says that DSA should use specific length pairs such as (2048,224), (3072,256), etc.

When SSH says DSS, they mean that they're implementing DSA in compliance with the DSS.

Answer 2

Cheap, one-sentence answer:

The Digital Signature Algorithm (DSA) is published in the Digital Signature Standard (DSS) by the NIST in FIPS 186.

The SSH version 2 standards apparently preferred "DSS", though more recently they've used "DSA" as well.

I don't know what the differences are in the definitions of the two terms, which is more correct in a given context, or why the SSH standard writers chose the terminology they did.