In response to comment made by Gervase Markham[1], pointing out that Mozilla 
doesn't have an official RSA-PSS usage policy.

This is the thread to discuss it and make a proposal that could be later 
included in Mozilla Root Store Policy[2]

I'm proposing the following additions to the Policy (leaving out exactly which 
sections this needs to be added, as that's better left for the end of 
discussion):

 - RSA keys can be used to make RSASSA-PKCS#1 v1.5 or RSASSA-PSS signatures on 
issued certificates
 - certificates containing RSA parameters can be limited to perform RSASSA-PSS 
signatures only by specifying the X.509 Subject Public Key Info algorithm 
identifier to RSA-PSS algorithm
 - end-entity certificates must not include RSA-PSS parameters in the Public 
Key Info Algorithm Identifier - that is, they must not be limited to creating 
signatures with only one specific hash algorithm
 - issuing certificates may include RSA-PSS parameters in the Public Key Info 
Algorithm Identifier, it's recommended that the hash selected matches the 
security of the key
 - signature hash and the hash used for mask generation must be the same both 
in public key parameters in certificate and in signature parameters
 - the salt length must equal at least 32 for SHA-256, 48 for SHA-384 and 64 
bytes for SHA-512
 - SHA-1 and SHA-224 are not acceptable for use with RSA-PSS algorithm

 1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1400844#c15
 2 - https://www.mozilla.org/en-US/about/governance/policies/security-group/
certs/policy/
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to