[Top] [All Lists]

Re: Way Forward

2000-08-02 08:38:15
Russ Housley wrote:


I do not think that we are being gratuitous.  I think that it is good
security practice to remove any toe-hold that an attacker has.  Further, I
do not believe that the CMS layer in current S/MIME implementations exhibit
the behavior (or lack thereof) necessary to be immune from the attack
against RSA PKCS#1 v1.5.

I have to agree with Eric here. Protocols where are *MUCH* more vulnerable than
CMS or S/MIME were able to work around the attack. We know how to make out
toolkits  immune without sacrificing interoperability, we should do that.
Current implementations that don't exhibit the correct behavior to be immune,
still won't exhibit the correct behavior if you change the spec to OAEP.

If we were developing a new protocol from the ground up, then using OAEP would
be a no brainer. That is not the case here, though.


<Prev in Thread] Current Thread [Next in Thread>