Eric:
I do not think that we are being gratuitous. I think that it is good
security practice to remove any toe-hold that an attacker has. Further, I
do not believe that the CMS layer in current S/MIME implementations exhibit
the behavior (or lack thereof) necessary to be immune from the attack
against RSA PKCS#1 v1.5.
Russ
At 02:18 PM 08/01/2000 -0700, Eric Rescorla wrote:
Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
> The attack is probably impossible to mount using S/MIME against a
> human-operated mail agent; however, I am not convinced that a mail list
> agent (or other automated mail agent) would be immune. Further, CMS is
> being used in many environments, not just S/MIME, and some of those
> environments may have issues.
Understood, but it's trivial to patch these S/MIME agents to
be completely immune to this attack without compromising compatibility.
> OAEP have been available for years. PKCS#1 v2.0 includes it. I do not
> think that it is immature.
That's not the issue that I am concerned with. Rather, I'm concerned
with introducing gratuitous incompatibilities.
-Ekr