[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA Signature Padding

To: "IETF-pkix" <ietf-pkix@xxxxxxx>
Subject: Re: RSA Signature Padding
From: Rob Stradling <rob.stradling@xxxxxxxxxx>
Date: Tue, 9 Jun 2009 10:15:48 +0100
Cc: "Santosh Chokhani" <SChokhani@xxxxxxxxxxxx>
In-reply-to: <FAD1CF17F2A45B43ADE04E140BA83D48B90CAA@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: COMODO CA Limited
References: <FAD1CF17F2A45B43ADE04E140BA83D48B90CAA@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: KMail/1.9.9

On Wednesday 03 June 2009 17:58:45 Santosh Chokhani wrote:
> I do not know if this is the right forum.
>
> Should we encourage vendors to use RSA PSS as we transition to SHA-256
> given the weakness in PKCS 1.5 padding?

Some widely used crypto libraries support SHA-2 but don't (yet) support 
RSA-PSS.  For example:
  - Microsoft Windows CryptoAPI: XP SP 3 and above support SHA-2, but I 
believe that RSA-PSS is only supported in Server 2008 and above.
  - Mozilla NSS: SHA-2 has been supported for a number of years, but RSA-PSS 
has not yet been implemented:
https://bugzilla.mozilla.org/show_bug.cgi?id=158750
  - OpenSSL: SHA-2 has been supported for a number of years, but it looks like 
RSA-PSS is only partly implemented at the moment.  e.g. 
http://www.mail-archive.com/openssl-dev@xxxxxxxxxxx/msg25994.html

Should implementors wait until support for RSA-PSS is sufficiently widespread 
for their needs before migrating from PKCS#1.5/SHA-1 to PKCS#2.1/SHA-2?

Or would an earlier transition from PKCS#1.5/SHA-1 to PKCS#1.5/SHA-2 be wiser 
for cases where RSA-PSS may not be sufficiently supported for some time to 
come?

> Santosh Chokhani
> CygnaCom Solutions
>
> "Questioning conventional wisdom is key to innovation"

-- 
Rob Stradling
Senior Research & Development Scientist
Comodo - Creating Trust Online
Office Tel: +44.(0)1274.730505
Fax Europe: +44.(0)1274.730909
www.comodo.com

Comodo CA Limited, Registered in England No. 04058690
Registered Office:
  3rd Floor, 26 Office Village, Exchange Quay,
  Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.

References:
- RSA Signature Padding
  - From: Santosh Chokhani

Prev by Date: Re: Last Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC
Previous by thread: RE: RSA Signature Padding
Next by thread: Fwd: Last Call: draft-solinas-suiteb-cert-profile (Suite B Certificate and Certificate Revocation List (CRL) Profile) to Informational RFC
Index(es):
- Date
- Thread