Watson Ladd writes: > I might be confused, but the slides in > https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf > seem to very clearly want something else. Apologies for my > insufficient context inclusion.
Yes, with RSA I think it might be quite common for people to use same key for both RSA PKCS#1 v1.5 and RSA-PSS, and there is not really anything we can do for that. On the other hand the interoperability issue we have now does not really care whether you have one or two RSA private keys, as long as initiator can use either RSA-PSS or RSA PKCS#1 v1.5, and do not know which one responder will accept. I think we might want to add text in the rfc4307bis saying that same key should not be used with both RSA-PSS and PKCS#1 v1.5. The rfc4307bis will be in IETF Last Call soon, so if you can read that and see what it says about the signature algorithms and see if there is something we need to add there, that would be great. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
