I could be wrong, but my current understanding of the `Recommended`, `Recommended+`, etc labels is that they are a signal to implementers (library authors) of what should be supported for completeness, not a cryptographic theory recommendation for application developers.
- Les On Wed, May 11, 2022 at 5:19 AM Sergey Beryozkin <[email protected]> wrote: > > > On Mon, May 9, 2022 at 8:40 AM Neil Madden <[email protected]> > wrote: > >> >> On 6 May 2022, at 17:26, Sergey Beryozkin <[email protected]> wrote: >> >> >> Hi Everyone >> >> I'm contributing to a project where `RSA-OAEP` [1] is currently a >> default key encryption algorithm for encrypting JWT claims and we've had a >> request to replace it with `RSA-OAEP-256` because `SHA-1` is used in >> `RSA-OAEP`. >> >> I'd like to ask the experts, why does `RSA-OAEP` have a `Recommended+` >> status, while `RSA-OAEP-256` - optional, at [1] ? >> >> Also, while it is not a JOSE specific question, I'd appreciate some >> comments on whether having an 'SHA-1' element in the `RSA-OAEP` encryption >> process makes `RSA-OAEP` less secure or not. My basic understanding, based >> on some Web search results, is that `RSA-OAEP` remains a secure algorithm. >> >> >> It may be better to ask this question of CFRG. I am not aware of any >> attacks on SHA-1 in the context of MGF1 at the current time. But that may >> be partly because nobody is looking for them: SHA-1 has been proven >> insecure, do cryptographers have to publicly break every individual use of >> it before people stop using it? >> >> > Thanks for your answer, it makes sense. But now I'm even more interested > in finding out why RSA-OAEP has a `Recommended+` status in the JOSE space > in [1], even though the JWA spec is outdated, it was known, when it was > created, that SHA-1 was insecure. > > Thanks, Sergey > > >> >> Thanks, Sergey >> >> [1] https://tools.ietf.org/html/rfc7518#section-4.3%5BRSA-OAEP%5D >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >> >> — Neil >> > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
