They’re in the first category, in which a key size is required to fully specify the algorithm.
From: [email protected] [mailto:[email protected]] On Behalf Of Manger, James H Sent: Wednesday, August 29, 2012 5:11 PM To: Mike Jones; Breno de Medeiros Cc: [email protected] Subject: Re: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters So what about RS256, RS384, and RS512? -- James Manger From: Mike Jones [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, 30 August 2012 10:07 AM To: Breno de Medeiros; Manger, James H Cc: [email protected]<mailto:[email protected]> Subject: RE: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters Where a key size is required to fully specify the algorithm, it’s included in the name. Examples: HS256, A128GCM. Where the size isn’t required to fully specify the algorithm, it isn’t. Examples: RSA1_5, RSA-OAEP, ECSH-ES. No inconsistency. -- Mike From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Breno de Medeiros Sent: Wednesday, August 29, 2012 5:01 PM To: Manger, James H Cc: [email protected]<mailto:[email protected]> Subject: Re: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters Concur with the analysis that 'RSA-OAEP' terminology appears inconsistent with other acronym usage. On Wed, Aug 29, 2012 at 4:58 PM, Manger, James H <[email protected]<mailto:[email protected]>> wrote: > Should SHA1 (and mgf1SHA1) be the default parameters for these > algorithms? We don’t have "algorithm parameters" in JOSE – that is the subject of a separate POLL ("Support multiple types for algorithms"). JOSE currently has algorithm labels with no parameters. Consequently this question is really asking one of the following: Q1. Should RSA OAEP with SHA-1 be defined for use with JOSE? Perhaps additionally, should it be mandatory to implement? The core of this question is whether SHA-1 is cryptographically-compromised enough that we shouldn't use it in new crypto specs, or is its widespread-availability more important than any crypto weakness? Q2. Should the label "RSA-OAEP" be used for RSA OAEP with SHA-1? My answer to Q2 is NO. The "RSA-OAEP" label is inconsistent with other JOSE alg names. JWA specifies "HS512", "RS512", "ES512", and "CS512" where the Sxxx suffix indicates a hash algorithm. RSA OAEP with SHA-1 could use "ROS1" or "ROS160". -- James Manger > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]<mailto:[email protected]>] On Behalf Of > Karen O'Donoghue > Sent: Thursday, 30 August 2012 7:30 AM > To: [email protected]<mailto:[email protected]> > Subject: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters > > Folks, > > Given the confusion around the original version of this poll, I'd like > to try again. > > The basic question is unchanged, the room count from Vancouver has been > corrected, and a clarification regarding the status of SHA1 in the OAEP > specification has been added. For those of you who voted and feel you > may have misunderstood the question or voted incorrectly, please feel > free to update your answer. > > Question: > Should SHA1 (and mgf1SHA1) be the default parameters for these > algorithms? > Note: These are the default parameters specified in RFC 3447, Section > A.2.1, and are widely deployed. > > Room vote: 5 yes, 0 no, 3 discuss > > Thanks, > Karen > _______________________________________________ > jose mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/jose -- --Breno
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
