FYI, Some related PSS policies for certs, this might impact how we can use PSS.
Begin forwarded message: > From: Hubert Kario <[email protected]> > Date: November 21, 2017 at 09:26:24 EST > To: mozilla's crypto code discussion list <[email protected]> > Subject: Mozilla RSA-PSS policy > Reply-To: mozilla's crypto code discussion list > <[email protected]> > > In response to comment made by Gervase Markham[1], pointing out that Mozilla > doesn't have an official RSA-PSS usage policy. > > This is the thread to discuss it and make a proposal that could be later > included in Mozilla Root Store Policy[2] > > I'm proposing the following additions to the Policy (leaving out exactly > which > sections this needs to be added, as that's better left for the end of > discussion): > > - RSA keys can be used to make RSASSA-PKCS#1 v1.5 or RSASSA-PSS signatures on > issued certificates > - certificates containing RSA parameters can be limited to perform RSASSA-PSS > signatures only by specifying the X.509 Subject Public Key Info algorithm > identifier to RSA-PSS algorithm > - end-entity certificates must not include RSA-PSS parameters in the Public > Key Info Algorithm Identifier - that is, they must not be limited to creating > signatures with only one specific hash algorithm > - issuing certificates may include RSA-PSS parameters in the Public Key Info > Algorithm Identifier, it's recommended that the hash selected matches the > security of the key > - signature hash and the hash used for mask generation must be the same both > in public key parameters in certificate and in signature parameters > - the salt length must equal at least 32 for SHA-256, 48 for SHA-384 and 64 > bytes for SHA-512 > - SHA-1 and SHA-224 are not acceptable for use with RSA-PSS algorithm > > 1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1400844#c15 > 2 - https://www.mozilla.org/en-US/about/governance/policies/security-group/ > certs/policy/ > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic > -- > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
