> On 29 Feb 2016, at 8:00 PM, Hanno Böck <ha...@hboeck.de> wrote: > > On Mon, 29 Feb 2016 09:32:04 -0800 > Joseph Salowey <j...@salowey.net> wrote: > >> We make RSA-PSS mandatory to implement (MUST implement instead of MUST >> offer). Clients can advertise support for PKCS-1.5 for backwards >> compatibility in the transition period. >> Please respond on the list on whether you think this is a reasonable >> way forward or not. > > I recently already saw the message here asking for PKCS #1 1.5 > compatibilty and was quite angry about it, but as there wasn't much > discussion I thought this issue would go away. It seems it did not. > > RSA-PSS was specified as RFC 3447 in 2003. That was 13 years ago. > > Therefore we can conclude: > * Whoever created that hardware implementation either did so more than > 13 years ago (probably unlikely) or deliberately created hardware > crypto with sub-standard algorithm support. > * This can mean a couple of things: > a) The hardware vendor knew about it and expected that they could > prevent a move to RSA-PSS by lobbying standardization bodies (this is > what they seem to do right now). In this case they deliberately want to > weaken security and that behavior should not be encouraged. > b) They didn't know about RFC 3447. That probably means they shouldn't > develop crypto products at all. > c) Something else?
Yeah, such as all of their customers are using PKCS#1 because that is what everybody uses in all current versions of TLS and several other protocols? Regardless, hardware vendors should rejoice. We’re giving their customers a good reason to buy new hardware. Yoav
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
