On 28/02/11 09:53, Hanno Böck wrote: > Hi, > > I'm currently researching about the usage of RSA-PSS, an improved > padding method for RSA signatures (specified in PKCS #1 2.1/RFC 3447). > > I saw that domainkeys in RFC 4871 is hard-bound to the old PKCS #1 1.5 > method. RFC 4871 was developed years after IETF approved PKCS #1 2.1 in > RFC 3447, so I wonder what was the reason for that decision? > > Also, in the current draft of an RFC obsoleting 4871, still there is > only PKCS #1 1.5 padding allowed. Wouldn't it make sense to use that > update to provide a gradual transition?
That'd be a backwards-incompatible change so isn't really on the table for this WG at this point. AFAIK pkcs#1v1.5 signatures are still what's most easy to find in terms of code support etc. and that was what drove us to choose that for 4871. In future, someone might want to define a DKIM sig alg that uses PSS, but I've not heard that there's demand for that. S. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
