It's also worth noting that BERserk is one of many such incidents of this coming up in practice: https://cryptosense.com/why-pkcs1v1-5-signature-should-also-be-put-out-of-our-misery/
On Tue, Aug 9, 2016 at 2:13 PM, Tony Arcieri <[email protected]> wrote: > On Tue, Aug 9, 2016 at 7:16 AM, Martin Rex <[email protected]> wrote: > >> BERserk is an implementation defect, not a crypto weakness. >> > > Hence why I phrased the question the way I did. Per Izu, Shimoyama, and > Takenaka 2006, PKCS#1 v1.5 has sharp edges which implementers must avoid > (of course, the same can be said of BER in BERserk, and it was clearly the > bigger of the two problems). > > Peter Gutmann's response was the sort of thing I was looking for when I > originally asked the question. > > -- > Tony Arcieri > -- Tony Arcieri
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
