Something to de-emphasize RSAES-PKCS1-v1_5 seems like a good idea. Working in the Java world, OAEP is readily available but I can't really comment on its deployment beyond that.
On Sat, Oct 11, 2014 at 2:23 PM, Mike Jones <[email protected]> wrote: > > From: Richard Barnes [mailto:[email protected]] > > Sent: Friday, October 10, 2014 2:58 PM > > To: Mike Jones > > Cc: The IESG; [email protected]; > [email protected]; [email protected] > > Subject: Re: [jose] Richard Barnes' Discuss on > draft-ietf-jose-json-web-algorithms-33: (with DISCUSS and COMMENT) > > > Thanks for the pointer to 8.3. I had missed that. That helps, but > doesn't resolve the issue. > > My concern here is that by having RSAES-PKCS1-v1_5 as a REQUIRED > algorithm, we will encourage the creation of more vulnerable stacks, and > extend the life of those that already exist. (Note that this is > independent of the guidance in RFC 3447.) Could we compromise on moving > the requirement level for this algorithm to OPTIONAL, and promoting OAEP to > REQUIRED? > > Rather than Optional, I'd counter-propose to change it to Recommended- and > changing OAEP to Recommended+. It's not clear that OAEP is widely enough > deployed yet to make it REQUIRED. What do others in the working group > think? >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
