Thanks for the information.
I see that PKCS#1v1.5 is still used (as mentioned for instance in the SSLv3), however I remember some time ago that there was a vulnerabilty (CERT CA-1998-07)related to this version. One of the solution is OAEP in PKCS#1 v2.0.
Is NSS vulnerable to this attack? Note: apparently, this attack is not easy to implement.
Does the OAEP implementation in nss/lib/softoken/rsawrapr.c cover totally or partially this case? I've seen that Nelson is involved in a enhancement related to this feature (Bug 158747).
I suppose that all these issues were already discussed, sorry for repeating questions.
Thks
Mig
Nelson B. Bolyard wrote:
Miguel wrote:I am looking for the version of the standards supported by NSS: for instance PKCS#x version?. I was searching in all the web site but without success. Can please someone tell me where to find the information.
IMO, that info really should be on this page
http://www.mozilla.org/projects/security/pki/nss/nss-3.4/nss-3.4-algorithms.html
That page cites certain specific documents for some standards, e.g. SSL3,
TLS, SMIME, but for the PKCS standards, it does not cite version numbers,
and IMO, it should.
Here are the PKCS version numbers that (AFAIK) NSS uses now:
PKCS 1: v 1.5
PKCS 3: v 1.4
PKCS 5: v 2.0 *
PKCS 8: v 1.2
PKCS 11: v 2.11 *
PKCS 12: v 1.0 *
*: I'm not 100% sure. They guy who keeps track of this will be back after the holidays.
--
Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
