On Sat, 27 Feb 2021 23:53, brian m. carlson said:
I'm interested in seeing if we can require v5 SKESK packets with RSA use
RSA-OAEP with SHA-256 and MGF1-SHA-256 and require that v5 signatures
That would add a lot of additional complexity for no good reason because
RSA will over short or long anyway be replaces by 25519 and 448.
I realize this requires implementers to add additional code, but I think
the increase in security is worth it given the number of CVEs we've seen
for padding vulnerabilities. We can tell implementers to avoid this
and replace them with bugs in the way more complext PSS and OAEP.
I see no reason for it and doubt that this can be viewed as part of the
WG's old and new charter.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp