> > RSASSA-PSS is just a specific problem we ran into, I suspect > > we can have the same sort of problem in future with other signature > > algorithms, provided their number is nowdays increasing > > rapidly. > > If I remember right on discussion about the different elliptic curve > algorithms, the situation was same there, i.e., even if you could use > the same key for different algorithms, it is considered bad idea...
We are not talking about different algorithms. Consider the situation when the same signature can we represented in a different ways (e.g. different ASN.1 encodings). In this case we'll run into the problem if one of the peers supports only one way. The only reliable way for the initiator to select a proper form of signature now is pre-configuration. But it doesn't scale well and is problematic with opportunistic encryption. Regards, Valery. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
