Re: [Cfrg] Question from JOSE working group
"Richard L. Barnes" <rbarnes@bbn.com> Tue, 03 July 2012 19:58 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9A521F86D5; Tue, 3 Jul 2012 12:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.543
X-Spam-Level:
X-Spam-Status: No, score=-106.543 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 45E5ZNi-Ei77; Tue, 3 Jul 2012 12:58:26 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 57A7421F854E; Tue, 3 Jul 2012 12:58:26 -0700 (PDT)
Received: from ros-dhcp192-1-51-6.bbn.com ([192.1.51.6]:52297) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1Sm9F1-000LaW-UK; Tue, 03 Jul 2012 15:58:31 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <03b301cd5943$693f2800$3bbd7800$@augustcellars.com>
Date: Tue, 03 Jul 2012 15:58:31 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7C1A94EE-8633-4FA7-A936-E82FDA6A5FB9@bbn.com>
References: <FFFFB6D6-08A6-4989-99B1-BC1F677AEBD0@vigilsec.com> <41F795C1-BD4F-4732-8F1A-62F909E9AA07@bbn.com> <1499CA50-2239-4102-BA1A-04104EAC57DF@vigilsec.com> <03b301cd5943$693f2800$3bbd7800$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.1278)
Cc: cfrg@irtf.org, 'Russ Housley' <housley@vigilsec.com>, jose@ietf.org
Subject: Re: [Cfrg] Question from JOSE working group
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2012 19:58:27 -0000
More precisely: RSASSA-PKCS1-v1_5 includes the hash algorithm under the signature RSASSA-PSS (introduced in PKCS#1 v2.1) does not include the hash algorithm Doesn't this seem to argue against the need to protect parameters, since the security of RSASSA-PSS is tightly related to the RSA problem itself? On Jul 3, 2012, at 1:43 PM, Jim Schaad wrote: > I would also note that when PKCS#7 was designed, the hash algorithm was > always protected independent the presence of signed attributes. Either the > hash algorithm was in the signed attributes or it was in the RSA signature > block encoding. It was only with the introduction of other algorithms that > this was no longer true. > > Jim > > >> -----Original Message----- >> From: cfrg-bounces@irtf.org [mailto:cfrg-bounces@irtf.org] On Behalf Of >> Russ Housley >> Sent: Tuesday, July 03, 2012 8:02 AM >> To: Richard L.Barnes >> Cc: cfrg@irtf.org; jose@ietf.org >> Subject: Re: [Cfrg] Question from JOSE working group >> >> Richard: >> >>> Actually, the inclusion of the hash algorithm under the signature is > optional: >>> " >>> signedAttrs is a collection of attributes that are signed. The >>> field is optional, but it MUST be present if the content type of >>> the EncapsulatedContentInfo value being signed is not id-data. >>> [...] If the field is present, it MUST >>> contain, at a minimum, the following two attributes: >>> >>> ... >>> >>> A message-digest attribute, having as its value the message >>> digest of the content. Section 11.2 defines the message-digest >>> attribute. >>> " >>> >>> Since "id-data" means "no more ASN.1 structure", for JOSE, the content >> type is effectively always "id-data". >> >> In practice, there are other attributes that one wants signed, such as > signing- >> time, so the algorithm identifier gets included. >> >> Russ >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> http://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] Question from JOSE working group Richard L. Barnes
- Re: [Cfrg] Question from JOSE working group Mike Jones
- Re: [Cfrg] [jose] Fwd: Question from JOSE working… Richard L. Barnes
- Re: [Cfrg] Question from JOSE working group Russ Housley
- Re: [Cfrg] Question from JOSE working group Richard L. Barnes
- Re: [Cfrg] Question from JOSE working group Richard L. Barnes
- Re: [Cfrg] [jose] Question from JOSE working group John Bradley
- Re: [Cfrg] [jose] Question from JOSE working group Weger, B.M.M. de
- Re: [Cfrg] [jose] Question from JOSE working group John Bradley
- Re: [Cfrg] Question from JOSE working group Russ Housley
- Re: [Cfrg] Question from JOSE working group Jim Schaad
- Re: [Cfrg] Question from JOSE working group Richard L. Barnes
- Re: [Cfrg] Question from JOSE working group Jim Schaad