On 2021-02-28 at 19:47:15, Stephen Farrell wrote:
Hiya,
On 28/02/2021 19:26, brian m. carlson wrote:
I think it's very clear, based on a history of CVEs, that as practically
implemented, PKCS #1 padding is weak compared to PSS and OAEP.
FWIW, my impression is that that is not clear. Quite a few
people do have that position for sure, but equally, the views
expressed by e.g. Werner and Peter Gutmann also seem fairly
commonly held afaics.
(As chair) would it be worthwhile pushing this question off
for a while? It may become easier to handle later on - or
even if it's no easier later, it still might be better to
postpone the bun fight for a bit:-)
Sure, I'm happy to defer this for the moment. We don't need to make a
decision immediately, and considering that I just proposed this
yesterday, we can definitely let folks think about it for a while before
coming back to it.
If pushing this to later made sense, I guess creating an
issue in gitlab would be the thing to do so's we don't lose
track of it. (Apologies if someone did that already, I didn't
go check just now.)
I've created one so we don't lose track of it:
https://gitlab.com/openpgp-wg/rfc4880bis/-/issues/22
--
brian m. carlson (he/him or they/them)
Houston, Texas, US
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp