Where a key size is required to fully specify the algorithm, it's included in
the name. Examples: HS256, A128GCM.
Where the size isn't required to fully specify the algorithm, it isn't.
Examples: RSA1_5, RSA-OAEP, ECSH-ES.
No inconsistency.
-- Mike
From: [email protected] [mailto:[email protected]] On Behalf Of Breno
de Medeiros
Sent: Wednesday, August 29, 2012 5:01 PM
To: Manger, James H
Cc: [email protected]
Subject: Re: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters
Concur with the analysis that 'RSA-OAEP' terminology appears inconsistent with
other acronym usage.
On Wed, Aug 29, 2012 at 4:58 PM, Manger, James H
<[email protected]<mailto:[email protected]>> wrote:
> Should SHA1 (and mgf1SHA1) be the default parameters for these
> algorithms?
We don't have "algorithm parameters" in JOSE - that is the subject of a
separate POLL ("Support multiple types for algorithms"). JOSE currently has
algorithm labels with no parameters.
Consequently this question is really asking one of the following:
Q1. Should RSA OAEP with SHA-1 be defined for use with JOSE? Perhaps
additionally, should it be mandatory to implement?
The core of this question is whether SHA-1 is cryptographically-compromised
enough that we shouldn't use it in new crypto specs, or is its
widespread-availability more important than any crypto weakness?
Q2. Should the label "RSA-OAEP" be used for RSA OAEP with SHA-1?
My answer to Q2 is NO. The "RSA-OAEP" label is inconsistent with other JOSE alg
names. JWA specifies "HS512", "RS512", "ES512", and "CS512" where the Sxxx
suffix indicates a hash algorithm. RSA OAEP with SHA-1 could use "ROS1" or
"ROS160".
--
James Manger
> -----Original Message-----
> From: [email protected]<mailto:[email protected]>
> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of
> Karen O'Donoghue
> Sent: Thursday, 30 August 2012 7:30 AM
> To: [email protected]<mailto:[email protected]>
> Subject: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters
>
> Folks,
>
> Given the confusion around the original version of this poll, I'd like
> to try again.
>
> The basic question is unchanged, the room count from Vancouver has been
> corrected, and a clarification regarding the status of SHA1 in the OAEP
> specification has been added. For those of you who voted and feel you
> may have misunderstood the question or voted incorrectly, please feel
> free to update your answer.
>
> Question:
> Should SHA1 (and mgf1SHA1) be the default parameters for these
> algorithms?
> Note: These are the default parameters specified in RFC 3447, Section
> A.2.1, and are widely deployed.
>
> Room vote: 5 yes, 0 no, 3 discuss
>
> Thanks,
> Karen
> _______________________________________________
> jose mailing list
> [email protected]<mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/jose
--
--Breno
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
