To clarify we are talking about the internal hash algorithm for the OAEP or PSS padding calculation and NOT the hash of the size of the hash for the message or the size of the key for AES.
In most cases the internal hash size is not exposed but baked in to OAEP and PSS calculation. If we were talking about making SHA1 the default hash size for RSA signatures I would be opposed to this, but we are talking about a internal of the padding calculation. I have not seen any indication that SHA1 is in any way compromised for that use. My vote was to make SHA1 the hash function used for PSS/OAEP padding in the RSA-OAEP and RSA-PSS algorithms. The size of the hash for signing and the size of the key for encryption are separate issues. John B. On 2012-08-29, at 8:06 PM, Mike Jones <[email protected]> wrote: > Where a key size is required to fully specify the algorithm, it’s included in > the name. Examples: HS256, A128GCM. > Where the size isn’t required to fully specify the algorithm, it isn’t. > Examples: RSA1_5, RSA-OAEP, ECSH-ES. > > No inconsistency. > > -- Mike > > From: [email protected] [mailto:[email protected]] On Behalf Of Breno > de Medeiros > Sent: Wednesday, August 29, 2012 5:01 PM > To: Manger, James H > Cc: [email protected] > Subject: Re: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters > > Concur with the analysis that 'RSA-OAEP' terminology appears inconsistent > with other acronym usage. > > > On Wed, Aug 29, 2012 at 4:58 PM, Manger, James H > <[email protected]> wrote: > > Should SHA1 (and mgf1SHA1) be the default parameters for these > > algorithms? > > We don’t have "algorithm parameters" in JOSE – that is the subject of a > separate POLL ("Support multiple types for algorithms"). JOSE currently has > algorithm labels with no parameters. > > Consequently this question is really asking one of the following: > > Q1. Should RSA OAEP with SHA-1 be defined for use with JOSE? Perhaps > additionally, should it be mandatory to implement? > The core of this question is whether SHA-1 is cryptographically-compromised > enough that we shouldn't use it in new crypto specs, or is its > widespread-availability more important than any crypto weakness? > > Q2. Should the label "RSA-OAEP" be used for RSA OAEP with SHA-1? > > My answer to Q2 is NO. The "RSA-OAEP" label is inconsistent with other JOSE > alg names. JWA specifies "HS512", "RS512", "ES512", and "CS512" where the > Sxxx suffix indicates a hash algorithm. RSA OAEP with SHA-1 could use "ROS1" > or "ROS160". > > -- > James Manger > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Karen O'Donoghue > > Sent: Thursday, 30 August 2012 7:30 AM > > To: [email protected] > > Subject: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters > > > > Folks, > > > > Given the confusion around the original version of this poll, I'd like > > to try again. > > > > The basic question is unchanged, the room count from Vancouver has been > > corrected, and a clarification regarding the status of SHA1 in the OAEP > > specification has been added. For those of you who voted and feel you > > may have misunderstood the question or voted incorrectly, please feel > > free to update your answer. > > > > Question: > > Should SHA1 (and mgf1SHA1) be the default parameters for these > > algorithms? > > Note: These are the default parameters specified in RFC 3447, Section > > A.2.1, and are widely deployed. > > > > Room vote: 5 yes, 0 no, 3 discuss > > > > Thanks, > > Karen > > _______________________________________________ > > jose mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > > > > -- > --Breno > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
