Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
You are correct. We did deal with this case. However, I think is is a good
idea to use the algorithm in such a way that future users of CMS cannot
make a simple mistake and be susceptable to the partion attack.
I agree.
And, the fix is
very simple. We need to simply include the key length in the hash input.
I'm prepared to do it, but I'm not sure that just shoving it in the
pubInfo is the right choice. I'll think about this and try to write
up a proposal by monday.
If you are going to the RSA Confernce, I will gladly have a hallway chat
regarding the best way forward.
Yes, I'll be there.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]