Re: Way Forward

Russ Housley wrote:

Eric:

I do not think that we are being gratuitous.  I think that it is good
security practice to remove any toe-hold that an attacker has.  Further, I
do not believe that the CMS layer in current S/MIME implementations exhibit
the behavior (or lack thereof) necessary to be immune from the attack
against RSA PKCS#1 v1.5.


I have to agree with Eric here. Protocols where are *MUCH* more vulnerable than
CMS or S/MIME were able to work around the attack. We know how to make out
toolkits  immune without sacrificing interoperability, we should do that.
Current implementations that don't exhibit the correct behavior to be immune,
still won't exhibit the correct behavior if you change the spec to OAEP.

If we were developing a new protocol from the ground up, then using OAEP would
be a no brainer. That is not the case here, though.

bob

<Prev in Thread]	Current Thread	[Next in Thread>
Way Forward, Russ Housley Re: Way Forward, Eric Rescorla Re: Way Forward, Terry Hayes Re: Way Forward, Russ Housley Re: Way Forward, Eric Rescorla Re: Way Forward, Paul Hoffman / IMC Re: Way Forward, Russ Housley Re: Way Forward, Bob Relyea <= Re: Way Forward, Eric Rescorla Re: Way Forward, Russ Housley Re: Way Forward, Aram Perez RE: Way Forward, John G Ross Re: Way Forward, Eric Rescorla Re: Way Forward, Dr Stephen Henson Re[2]: Way Forward, Maxim Masiutin Re[2]: Way Forward, Russ Housley Re: Way Forward, Sean Turner Re: Way Forward, Paul Hoffman / IMC

Previous by Date:	Re: Way Forward, Russ Housley
Next by Date:	Re: Way Forward, Eric Rescorla
Previous by Thread:	Re: Way Forward, Russ Housley
Next by Thread:	Re: Way Forward, Eric Rescorla
Indexes:	[Date] [Thread] [Top] [All Lists]