Re: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters

Wed, 29 Aug 2012 18:52:48 -0700 

Fair question.  I believe that the working group has been trying to choose 
algorithms that are commonly available and so can result in widely deployed 
interoperable implementations.  Implementability across common development 
platforms is a core goal.  The attached spreadsheet is part of the data 
gathered to help us choose which algorithms to include, and whether to make 
them REQUIRED/RECOMMENDED/OPTIONAL.  (I presented this in Vancouver, as you'll 
recall.)

BouncyCastle is the one library I'm aware of that supports both SHA-256 based 
and SHA-1 based OAEP parameters.  Windows native may as well.  (I know that 
.NET doesn't.)  I don't know about Ruby, Python, PHP, Java without 
BouncyCastle, Mac OS, Android, iOS, Windows Phone, node.js, RedHat, SUSE, 
ChromeOS, etc.  If the working group is interested, we could certainly do the 
investigation.

                                -- Mike

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Stephen 
Farrell
Sent: Wednesday, August 29, 2012 5:05 PM
To: Manger, James H
Cc: [email protected]
Subject: Re: [jose] (REDO) POLL: RSA-OAEP/RSA-PSS default parameters



On 08/30/2012 12:58 AM, Manger, James H wrote:
> Consequently this question is really asking one of the following:
> 
> Q1. Should RSA OAEP with SHA-1 be defined for use with JOSE? Perhaps 
> additionally, should it be mandatory to implement?
> The core of this question is whether SHA-1 is cryptographically-compromised 
> enough that we shouldn't use it in new crypto specs, or is its 
> widespread-availability more important than any crypto weakness?

Just on this part. DKIM and DANE both decided to go with to
sha256 as the mandatory to implement digest alg. I think that is a trend.

I don't see why JOSE would be different in that respect. If JOSE do choose to 
stand out from the crowd and go with sha1 then I think you'll need to justify 
that explicitly and convincingly.

S.
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Attachment: Support for JWA Crypto Algorithms.xlsx
Description: Support for JWA Crypto Algorithms.xlsx

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to