Concur with the analysis that 'RSA-OAEP' terminology appears inconsistent with other acronym usage.
On Wed, Aug 29, 2012 at 4:58 PM, Manger, James H < [email protected]> wrote: > > Should SHA1 (and mgf1SHA1) be the default parameters for these > > algorithms? > > We don’t have "algorithm parameters" in JOSE – that is the subject of a > separate POLL ("Support multiple types for algorithms"). JOSE currently has > algorithm labels with no parameters. > > Consequently this question is really asking one of the following: > > Q1. Should RSA OAEP with SHA-1 be defined for use with JOSE? Perhaps > additionally, should it be mandatory to implement? > The core of this question is whether SHA-1 is > cryptographically-compromised enough that we shouldn't use it in new crypto > specs, or is its widespread-availability more important than any crypto > weakness? > > Q2. Should the label "RSA-OAEP" be used for RSA OAEP with SHA-1? > > My answer to Q2 is NO. The "RSA-OAEP" label is inconsistent with other > JOSE alg names. JWA specifies "HS512", "RS512", "ES512", and "CS512" where > the Sxxx suffix indicates a hash algorithm. RSA OAEP with SHA-1 could use > "ROS1" or "ROS160". > > -- > James Manger > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Karen O'Donoghue > > Sent: Thursday, 30 August 2012 7:30 AM > > To: [email protected] > > Subject: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters > > > > Folks, > > > > Given the confusion around the original version of this poll, I'd like > > to try again. > > > > The basic question is unchanged, the room count from Vancouver has been > > corrected, and a clarification regarding the status of SHA1 in the OAEP > > specification has been added. For those of you who voted and feel you > > may have misunderstood the question or voted incorrectly, please feel > > free to update your answer. > > > > Question: > > Should SHA1 (and mgf1SHA1) be the default parameters for these > > algorithms? > > Note: These are the default parameters specified in RFC 3447, Section > > A.2.1, and are widely deployed. > > > > Room vote: 5 yes, 0 no, 3 discuss > > > > Thanks, > > Karen > > _______________________________________________ > > jose mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > -- --Breno
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
