On Thu, 2 Nov 2017, Valery Smyslov wrote:
RFC7427 allows peers to indicate hash algorithms they support, thus
eliminating ambiguity in selecting a hash function for digital signature
authentication. However, recent advances in cryptography lead to a situation
when some signature algorithms have several signature formats.
I think it is worth investigating a bit more.
A prominent example is RSASSA-PKCS#1 and RSASSA-PSS,
This example is indeed the first known problem. One of the most
widespread implementations of 7427 does not support PSS. I'm not
sure 8247 making RSASSA-PSS will help much.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
