Yaron Sheffer writes: > 4.1: have we considered making "Digital Signature" (#14) a SHOULD+ > instead of a SHOULD?
Yes, I think we discussed it, but I think we should really see at least one implementation before we pick it as SHOULD+ level... Has anybody implemented this yet? This is still quite new, i.e., about year old, and as product cycles tend to be quite slow in the VPN gateways, I have not yet seen any implementations. > 4.2: aren't we trying to move the world to the generic "Digital > Signature", even if they're still using old certs? Yes. > If we are, then (gasp) PKCS1 v1.5 needs to be SHOULD. Why? There is no relationship between the RSASSA-PSS and RSASSA-PKCS1-v1.5 signatures in the certificates and in the AUTH payload. I.e., you can have RSASSA-PKCS1-v1.5 signature in the certificate, and use the RSASSA-PSS with SHA-256 to generate the AUTH payload. Also as we do say that RSASSA-PSS MUST be implemented, that means that every implementation which sends out the SIGNATURE_HASH_ALGORITHMS and conforms to this document, must support RSASSA-PSS, thus implementations can always use it when using RSA keys. Only reason to support RSASSA-PKCS1-v1.5 is to support RFC7427 implementations which are made before this 4307bis document came out, and which do not support RSASSA-PSS required here. > And the table should mention sha256WithRSAEncryption. Which by defination is then MAY. And it is MAY because it is not using SHA1 (which would make it SHOULD NOT), and it is using old RSASSA-PKCS1-v1.5 which is only MAY. We did remove all MAY lines from the table in last round. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
