It was pointed out to me that we failed to specify the salt size for RSA PSS
signatures. RFC 3447 says that "Typical salt lengths in octets are hLen (the
length of the output of the hash function Hash) and 0." Having looked into it
a bit I believe that it would be appropriate for us to specify that the salt
length be the same as the output size of the hash function used. So 256 for
PS256, 384 for PS384, and 512 for PS512.
Any disagreement with that choice?
-- Mike
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
