On Sun, 28 Feb 2021 03:49:45 +0000
Peter Gutmann <pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz> wrote:
See also my post to the cryptography list last year about all the
games an attacker can play with OAEP because the parameters aren't
authenticated and therefore attacker-controlled.
This is a valid concern, but it can be completely eliminated by fixing
all parameters in the standard.
--
Hanno Böck
https://hboeck.de/
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp