On Thu, Nov 17, 2016 at 7:38 PM, Tero Kivinen <[email protected]> wrote: > Watson Ladd writes: >> I might be confused, but the slides in >> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf >> seem to very clearly want something else. Apologies for my >> insufficient context inclusion. > > Yes, with RSA I think it might be quite common for people to use same > key for both RSA PKCS#1 v1.5 and RSA-PSS, and there is not really > anything we can do for that. > > On the other hand the interoperability issue we have now does not > really care whether you have one or two RSA private keys, as long as > initiator can use either RSA-PSS or RSA PKCS#1 v1.5, and do not know > which one responder will accept.
What about the approach of treating these as different authentication methods? Or am I misunderstanding the scope of the problem? I'm not that familiar with IKE2. > > I think we might want to add text in the rfc4307bis saying that same > key should not be used with both RSA-PSS and PKCS#1 v1.5. > > The rfc4307bis will be in IETF Last Call soon, so if you can read that > and see what it says about the signature algorithms and see if there > is something we need to add there, that would be great. I will look over it. > -- > [email protected] -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
