> RSASSA-PSS is MUST when implementing Digital Signature.
All these thing are not clear from the current text of the draft.
I was also confused as well as Yaron.
Why the following text is not clear enough:
With the use of Digital Signature, RSASSA-PKCS1-v1.5 MAY be
implemented. RSASSA-PSS MUST be implemented.
I think it very clearly says that RSASSA-PSS MUST be implemented when
Digital Signature authentication method is implemented.
As I've said in previous message, I'm not a fan of idea to tie
support for RSASSA-PSS with support for Digital Signature auth.
Nevertheless if this link is imposed by the draft, it must be
spelled out more clearly.
And you think the paragraph above is not clear enough? If not then
provide text that will say it even more clearly.
Section 4.2:
Old:
Recommendations for when a hash function is involved in a signature:
New:
When Digital Signature authentication method is implemented, then
the following recommendations are applied for hash functions:
(stress that this table is concerned only with Digital Signature Authentication
method).
Old:
With the use of Digital Signature, RSASSA-PKCS1-v1.5 MAY be
implemented. RSASSA-PSS MUST be implemented.
New:
When Digital Signature authentication method is used with RSA signature
algorithm, then RSASSA-PSS MUST be supported and RSASSA-PKCS1-v1.5
MAY be supported.
(stress that this requirement is applied to RSA only, not to ECDSA etc.)
Old:
Recommendation of Authentication Method described in [RFC7427]
notation:
+------------------------------------+------------+---------+
| Description | Status | Comment |
+------------------------------------+------------+---------+
| RSASSA-PSS with SHA-256 | SHOULD | |
| ecdsa-with-sha256 | SHOULD | |
| sha1WithRSAEncryption | SHOULD NOT | |
| dsa-with-sha1 | SHOULD NOT | |
| ecdsa-with-sha1 | SHOULD NOT | |
| RSASSA-PSS with Empty Parameters | SHOULD NOT | |
| RSASSA-PSS with Default Parameters | SHOULD NOT | |
+------------------------------------+------------+---------+
New:
The following table lists recommendations for authentication methods
in [RFC7427] notation. These recommendations are applied only if
Digital Signature authentication method is implemented.
+------------------------------------+------------+---------+
| Description | Status | Comment |
+------------------------------------+------------+---------+
| RSASSA-PSS with SHA-256 | MUST | |
| ecdsa-with-sha256 | SHOULD | |
| sha1WithRSAEncryption | SHOULD NOT | |
| dsa-with-sha1 | SHOULD NOT | |
| ecdsa-with-sha1 | SHOULD NOT | |
| RSASSA-PSS with Empty Parameters | SHOULD NOT | |
| RSASSA-PSS with Default Parameters | SHOULD NOT | |
+------------------------------------+------------+---------+
(RSASSA-PSS with SHA-256 changed to MUST, so that there is no confusion
with the above statements, but at the same time the text added clarifying that
these recommendations are only applicable if Digital Signature auth is implemented,
which is SHOULD according to the table 6).
Regards,
Valery.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
