Am Mon, 28 Feb 2011 09:44:25 -0500 schrieb Dave CROCKER <[email protected]>:
> Just for archive completeness (and to comfort folks like me who lack > crypto clue) could you offer a very brief summary of the difference > between what DKIM currently uses and what is being suggested, > especially in terms of how the newer one is better and why that might > be important? The difference is merely protection against hypothetical weaknesses in the padding scheme. Old padding schemes have been made more or less in a naive way (usually hash-then-sign), while PSS (specified in PKCS #1 2.1) provides provable security properties under certain model asumptions. There are no known flaws in the old padding scheme. But in theory, there could be flaws which can be excluded by using PSS. For details, the research papers this is based on can be found here: http://www.cs.ucdavis.edu/~rogaway/papers/exact.html So yes, this is nothing in any way urgent. Citing RFC 3447 / PKCS #1 2.1: "RSASSA-PKCS1-v1_5 is included for compatibility with existing applications, and while still appropriate for new applications, a gradual transition to RSASSA-PSS is encouraged." cu, -- Hanno Böck mail/jabber: [email protected] GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature
_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
