[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-saag
Subject: [saag] RSA Signature padding recommendations
From: Brian Weis <bew () cisco ! com>
Date: 2005-04-16 0:17:26
Message-ID: 42605996.1060308 () cisco ! com
[Download RAW message or body]
When an RSA signature is created, the signature algorithm input
encapsulates the hash output with a padding method. RFC 3447 (PKCS #1
v2.1) specifies two methods of padding: EMSA-PKCS1-v1_5 and EMSA-PSS.
EMSA-PKCS1-v1_5 is the traditional method of padding, but since attacks
have been found on that method PSS was added to PKCS#1 v2.1.
Due to its improved security properties, new protocols using RSA
signatures are being given the advice to adopt PSS as a MUST. However,
there are some complications with using PSS.
1. The base PSS specification has intellectual property claimed on it.
Whether or not the construction of PSS specified in RFC 3447 is covered
is not clear. (No IPR disclosure has been filed with the IETF. However,
the only publicly available statement regarding licensing its use
applies to IEEE P1363, not the IETF.)
2. Commonly used crypto toolkits and RSA hardware accelerators that I
have investigated do not typically support PSS padding.
So while PSS padding is a better security method, specifying it as a
required method will likely not result in those standards being adopted
until these issues are sorted out.
RFC 3447 suggests that no known attacks are known against the
EMSA-PKCS-v1_5 encoding method, yet "a gradual transition to EMSA-PSS is
recommended as a precaution against future developments". It doesn't
seem to me as if such a transition is yet possible, but I'd be
interested in other hearing other opinions.
Thanks,
Brian
--
Brian Weis
Advanced Security Development, Security Technology Group, Cisco Systems
Telephone: +1 408 526 4796
Email: bew@cisco.com
_______________________________________________
saag mailing list
saag@mit.edu
https://jis.mit.edu/mailman/listinfo/saag
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic