[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA Signature Padding

To: "Santosh Chokhani" <SChokhani@xxxxxxxxxxxx>
Subject: Re: RSA Signature Padding
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Mon, 08 Jun 2009 13:28:03 +0200
Cc: "Tom Gindin" <tgindin@xxxxxxxxxx>, "IETF-pkix" <ietf-pkix@xxxxxxx>
In-reply-to: <FAD1CF17F2A45B43ADE04E140BA83D48B90E0A@xxxxxxxxxxxxxxxxxxxxxx> (Santosh Chokhani's message of "Mon, 8 Jun 2009 06:43:11 -0400")
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <FAD1CF17F2A45B43ADE04E140BA83D48B90CAA@xxxxxxxxxxxxxxxxxxxxxx> <OF9F237E03.17A34118-ON852575CA.006D22BE-852575CF.0004FDAB@xxxxxxxxxx> <FAD1CF17F2A45B43ADE04E140BA83D48B90E0A@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

"Santosh Chokhani" <SChokhani@xxxxxxxxxxxx> writes:

> Tom,
>
> I am asking because of the paper in the link below.
>
> http://eprint.iacr.org/2009/203 

Interesting.  What does that mean for PKCS#1 v1.5?

/Simon

>> -----Original Message-----
>> From: Tom Gindin [mailto:tgindin@xxxxxxxxxx] 
>> Sent: Sunday, June 07, 2009 8:54 PM
>> To: Santosh Chokhani
>> Cc: IETF-pkix
>> Subject: Re: RSA Signature Padding
>> 
>>         Is "we" the right term?  The latest TLS (RFC 5246 
>> section 4.7) specifies RSA signatures but does not seem to 
>> permit PSS ones.  PKIX at least has PSS in RFC 4055.  We 
>> could encourage vendors by producing a consolidated 
>> "algorithms" RFC which deprecates the use of MD2 and MD5 for 
>> new certificates, while suggesting that any RP vendor 
>> supporting sha1WithRSAEncryption as a signatureAlgorithm 
>> SHOULD also support id-RSASSA-PSS.  Are you suggesting that 
>> we should also tell people not to use 
>> sha256WithRSAEncryption, sha384WithRSAEncryption, or 
>> sha512WithRSAEncryption as signatureAlgorithm values but to 
>> use those hash algorithms as PSS parameters instead?
>>         Should such an RFC be targeted for New Year's 2011?
>> 
>>                 Tom Gindin
>> 
>> 
>> 
>> 
>> "Santosh Chokhani" <SChokhani@xxxxxxxxxxxx> Sent by: 
>> owner-ietf-pkix@xxxxxxxxxxxx
>> 06/03/2009 12:58 PM
>> 
>> To
>> "IETF-pkix" <ietf-pkix@xxxxxxx>
>> cc
>> 
>> Subject
>> RSA Signature Padding
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> I do not know if this is the right forum.
>> 
>> Should we encourage vendors to use RSA PSS as we transition 
>> to SHA-256 given the weakness in PKCS 1.5 padding?
>> 
>> Santosh Chokhani
>> CygnaCom Solutions
>> 
>> "Questioning conventional wisdom is key to innovation"
>> 
>> 
>> 
>>

Follow-Ups:
- Re: RSA Signature Padding
  - From: Peter Gutmann
- RE: RSA Signature Padding
  - From: Santosh Chokhani

References:
- RSA Signature Padding
  - From: Santosh Chokhani
- Re: RSA Signature Padding
  - From: Tom Gindin
- RE: RSA Signature Padding
  - From: Santosh Chokhani

Prev by Date: RE: RSA Signature Padding
Next by Date: RE: RSA Signature Padding
Previous by thread: RE: RSA Signature Padding
Next by thread: RE: RSA Signature Padding
Index(es):
- Date
- Thread