> On 3 Nov 2015, at 1:33 PM, Tero Kivinen <[email protected]> wrote: > > Yoav Nir writes: >> There is 1 for “RSA Digital Signature” and you can encode any hash >> function the you would like, but for ECDSA there is: >> 9 - ECDSA with SHA-256 on the P-256 curve >> 10 - ECDSA with SHA-384 on the P-384 curve >> 11 - ECDSA with SHA-512 on the P-521 curve > > Also number 3 DSS Digital Signature uses a SHA-1 hash.... > >> So unless you go by RFC 7427, you can’t mix and match. > > So everybody should move to use that :-)
It could work for DSA. ECDSA with P-256 gets as input a 256-bit number. So you couldn’t fit the output of SHA-384 in there. It does work the other way around (SHA-256 and P-384), but I’m not sure whether that is any more secure than SHA-256 with P-256. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
