On 28/02/11 09:53, Hanno Böck wrote:
Hi,
I'm currently researching about the usage of RSA-PSS, an improved
padding method for RSA signatures (specified in PKCS #1 2.1/RFC 3447).
I saw that domainkeys in RFC 4871 is hard-bound to the old PKCS #1 1.5
method. RFC 4871 was developed years after IETF approved PKCS #1 2.1 in
RFC 3447, so I wonder what was the reason for that decision?
Also, in the current draft of an RFC obsoleting 4871, still there is
only PKCS #1 1.5 padding allowed. Wouldn't it make sense to use that
update to provide a gradual transition?
That'd be a backwards-incompatible change so isn't really on the
table for this WG at this point.
AFAIK pkcs#1v1.5 signatures are still what's most easy to find
in terms of code support etc. and that was what drove us to choose
that for 4871.
In future, someone might want to define a DKIM sig alg that uses
PSS, but I've not heard that there's demand for that.
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html