Valery Smyslov writes: > Hi Tero, > > how about: > > RFC7427 allows peers to indicate hash algorithms they support, thus > eliminating ambiguity in selecting a hash function for digital signature > authentication. However, recent advances in cryptography lead to > a situation when some signature algorithms have several signature formats. > A prominent example is RSASSA-PKCS#1 and RSASSA-PSS, however > it is envisioned that the same situation may repeat in future > with other signature algorithms. Currently IKE peers have no explicit way > to indicate each other which signature format(s) the support, that leads > to ineroperability problems. The WG will investigate the situation > and come up with a solution that allows peers to deal with the problem > in an interoperable way.
You know what I personally think about this, but as chair I have to say, added to the list of candidate items... -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec