Hi Tero,
how about:
RFC7427 allows peers to indicate hash algorithms they support, thus
eliminating ambiguity in selecting a hash function for digital signature
authentication. However, recent advances in cryptography lead to
a situation when some signature algorithms have several signature formats.
A prominent example is RSASSA-PKCS#1 and RSASSA-PSS, however
it is envisioned that the same situation may repeat in future
with other signature algorithms. Currently IKE peers have no explicit way
to indicate each other which signature format(s) the support, that leads
to ineroperability problems. The WG will investigate the situation
and come up with a solution that allows peers to deal with the problem
in an interoperable way.
Regards,
Valery.
Sahana Prasad writes:
> We could consider adding this item to the working charter :
>
> Explicitly negotiating different RSA versions (Specific case) :
If you want it to be considered as charter item, please provide text
suitable for charter.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
