Hi,
Thanks for your response, I am fine with your comments but I have a
question: in Sec. 4.2, we have: "With the use of Digital Signature,
RSASSA-PKCS1-v1.5 MAY be implemented. RSASSA-PSS MUST be implemented."
And then the table has SHOULD for RSA (as well as ECDSA). How come?
RSASSA-PSS MUST be implemented if Digital Signature authentication
method is implemented, but it can be implemented with multiple hash
algorithms. On the other hand in hash algorithms part we have just one
MUST and that is for SHA2-256.
The reason why RSASSA-PSS with SHA-256 is listed only as SHOULD, is
mostly caused by the fact that Digital Signature authentication method
is still onl SHOULD and we do not have implementations for it, so we
do not have implementor comments for it yet.
So Digital Signature in general is SHOULD.
SHA2-256 as hash algorithm is MUST when implementing Digital Signature
authentication method.
RSASSA-PSS is MUST when implementing Digital Signature.
All these thing are not clear from the current text of the draft.
I was also confused as well as Yaron.
As I've said in previous message, I'm not a fan of idea to tie support for RSASSA-PSS
with support for Digital Signature auth. Nevertheless if this link is imposed
by the draft, it must be spelled out more clearly.
Regards,
Valery.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
