[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RSA Signature Padding
Tom,
I am asking because of the paper in the link below.
http://eprint.iacr.org/2009/203
> -----Original Message-----
> From: Tom Gindin [mailto:tgindin@xxxxxxxxxx]
> Sent: Sunday, June 07, 2009 8:54 PM
> To: Santosh Chokhani
> Cc: IETF-pkix
> Subject: Re: RSA Signature Padding
>
> Is "we" the right term? The latest TLS (RFC 5246
> section 4.7) specifies RSA signatures but does not seem to
> permit PSS ones. PKIX at least has PSS in RFC 4055. We
> could encourage vendors by producing a consolidated
> "algorithms" RFC which deprecates the use of MD2 and MD5 for
> new certificates, while suggesting that any RP vendor
> supporting sha1WithRSAEncryption as a signatureAlgorithm
> SHOULD also support id-RSASSA-PSS. Are you suggesting that
> we should also tell people not to use
> sha256WithRSAEncryption, sha384WithRSAEncryption, or
> sha512WithRSAEncryption as signatureAlgorithm values but to
> use those hash algorithms as PSS parameters instead?
> Should such an RFC be targeted for New Year's 2011?
>
> Tom Gindin
>
>
>
>
> "Santosh Chokhani" <SChokhani@xxxxxxxxxxxx> Sent by:
> owner-ietf-pkix@xxxxxxxxxxxx
> 06/03/2009 12:58 PM
>
> To
> "IETF-pkix" <ietf-pkix@xxxxxxx>
> cc
>
> Subject
> RSA Signature Padding
>
>
>
>
>
>
>
> I do not know if this is the right forum.
>
> Should we encourage vendors to use RSA PSS as we transition
> to SHA-256 given the weakness in PKCS 1.5 padding?
>
> Santosh Chokhani
> CygnaCom Solutions
>
> "Questioning conventional wisdom is key to innovation"
>
>
>
>