Tero, thanks for updating the document. However, I'm not sure the first issue is solved.
Tero Kivinen wrote on 20.07.2014 21:02: > Changed to: > > With RSASSA-PSS, the algorithm object identifier must always > be id-RSASSA-PSS, and the hash function and padding parameters > are conveyed in the parameters (which are not optional in this > case). See <xref target="RFC4055"/> for more information. > > In the RSASSA-PSS the parameters are required, but they can be empty, > so they are not optional in this case. > Really? Section 3.1 of RFC 4055 states When RSASSA-PSS is used in an AlgorithmIdentifier, the parameters MUST employ the RSASSA-PSS-params syntax. The parameters may be either absent or present when used as subject public key information. My understanding of this is that the parameters can indeed be absent not just empty. IMHO the semantic is different: If the parameters are empty (empty sequence in RSASSA-PSS-param), the default values apply, and according to Section 3.3, case 3, of RFC 4055, the parameters in a signature MUST be validated against the (default) parameters specified in SPKI. However, if the parameters are absent, then, according to Section 3.3, case 2, of RFC 4055, no parameter validation is needed in a signature validation, i.e. a signature may use any parameters. Maybe, I misinterpret the spec here? -- Johannes _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
