IETF Logo Mail Archive

Re: [CFRG] RSA PSS Salt Length for HTTP Message Signatures

Richard Outerbridge <outer@interlog.com> Thu, 27 May 2021 19:18 UTC

Return-Path: <outer@interlog.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B906C3A091E for <cfrg@ietfa.amsl.com>; Thu, 27 May 2021 12:18:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPTstJOfbZ9A for <cfrg@ietfa.amsl.com>; Thu, 27 May 2021 12:18:49 -0700 (PDT)
Received: from mail-1.ca.inter.net (mail-1.ca.inter.net [208.85.220.69]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C3023A0922 for <cfrg@irtf.org>; Thu, 27 May 2021 12:18:48 -0700 (PDT)
Received: from localhost (offload-3.ca.inter.net [208.85.220.70]) by mail-1.ca.inter.net (Postfix) with ESMTP id 9392E2EA73D; Thu, 27 May 2021 15:18:47 -0400 (EDT)
Received: from mail-1.ca.inter.net ([208.85.220.69]) by localhost (offload-3.ca.inter.net [208.85.220.70]) (amavisd-new, port 10024) with ESMTP id 1Io6BW9JJwvn; Thu, 27 May 2021 14:56:37 -0400 (EDT)
Received: from [192.168.168.101] (bras-base-toroon0246w-grc-16-70-53-126-140.dsl.bell.ca [70.53.126.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: outer@interlog.com) by mail-1.ca.inter.net (Postfix) with ESMTPSA id 75D732EA40C; Thu, 27 May 2021 15:18:46 -0400 (EDT)
From: Richard Outerbridge <outer@interlog.com>
Message-Id: <C0724B82-F976-427E-A2D9-B741261AA7AE@interlog.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C5B700B0-4E0D-4D9F-8367-5B00DF91DFE7"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Date: Thu, 27 May 2021 15:18:46 -0400
In-Reply-To: <F5BBDCAC-17FE-49E8-B3DC-FE6C9BC22B64@mit.edu>
Cc: John Mattsson <john.mattsson@ericsson.com>, Russ Housley <housley@vigilsec.com>, Justin Richer <jricher@mit.edu>
To: IRTF CFRG <cfrg@irtf.org>
References: <1EED8807-C5C5-461F-BE60-34C44791849E@mit.edu> <1BF68544-CB14-4A60-88BB-4E80E2D9A094@vigilsec.com> <3C751F77-2362-4099-850B-263C08F60AC4@mit.edu> <HE1PR0701MB30509CFAC2752751667D11EA89239@HE1PR0701MB3050.eurprd07.prod.outlook.com> <F5BBDCAC-17FE-49E8-B3DC-FE6C9BC22B64@mit.edu>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Bo62GgokUq0v1jg-cVdAoOK_3jY>
Subject: Re: [CFRG] RSA PSS Salt Length for HTTP Message Signatures
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 19:18:54 -0000

> On 2021-05-27 (147), at 15:08:04, Justin Richer <jricher@mit.edu> wrote:
> 
> Thank you for this follow up. When I was just updating my test vector implementation I saw this as another optional parameter alongside the salt length and so I was about to ask if this was important to specify. I see here that it is. :)
> 
> I will swing back around to this list once I have a PR on the HTTP document for feedback on the details of the specification text across the different algorithm types.
> 
> Thank you all again, this has been very helpful.
>  — Justin
> 
>> On May 27, 2021, at 1:10 PM, John Mattsson <john.mattsson@ericsson.com <mailto:john.mattsson@ericsson.com>> wrote:
>> 
>> Don't forget to specify the mask generation function (MGF). 

Why is this still obscure rocket science?  Have we out done ourselves?  Is crypto still & set to remain the domain of arcane wizards?
__outer

v2.23.0 | Report a Bug | By Email