Re: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS

Mark Andrews <marka@isc.org> Wed, 20 October 2010 22:56 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D1003A6855; Wed, 20 Oct 2010 15:56:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.168
X-Spam-Level:
X-Spam-Status: No, score=-102.168 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1e-A2k07rQ6f; Wed, 20 Oct 2010 15:56:34 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C25493A68B1; Wed, 20 Oct 2010 15:56:31 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1P8hUo-000Isu-7M for namedroppers-data0@psg.com; Wed, 20 Oct 2010 22:50:58 +0000
Received: from mx.pao1.isc.org ([2001:4f8:0:2::2b]) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <marka@isc.org>) id 1P8hUl-000Isi-6V for namedroppers@ops.ietf.org; Wed, 20 Oct 2010 22:50:55 +0000
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id 91938C942A; Wed, 20 Oct 2010 22:50:44 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:ea06:88ff:fef3:4f9c]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id 42A6AE6030; Wed, 20 Oct 2010 22:50:44 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 21C785EE96A; Thu, 21 Oct 2010 09:50:42 +1100 (EST)
To: Hanno =?utf-8?q?B=C3=B6ck?= <hanno@hboeck.de>
Cc: namedroppers <namedroppers@ops.ietf.org>
From: Mark Andrews <marka@isc.org>
References: <201010201707.01361.hanno@hboeck.de>
Subject: Re: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS
In-reply-to: Your message of "Wed, 20 Oct 2010 17:07:00 +0200." <201010201707.01361.hanno@hboeck.de>
Date: Thu, 21 Oct 2010 09:50:42 +1100
Message-Id: <20101020225042.21C785EE96A@drugs.dv.isc.org>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

In message <201010201707.01361.hanno@hboeck.de>;, Hanno =?utf-8?q?B=C3=B6ck?= wr
ites:
> Hi,
> 
> I'm currently working on a study project about RSASSA-PSS. This is a paddin=
> g=20
> variant with security proofs and standardized within PKCS #1 2.1.
> 
> I saw that dnssec currently seems to use the old PKCS #1 1.5 padding method=
> s=20
> (RFC 5702, Section 3). I wonder if there was any discussion about that=20
> decision (there is some hint in section 8.1). RFC 5702 was published in 200=
> 9,=20
> so it's a pretty new standard.
> 
> Are there any plans to support algorithms with EMSA-PSS-padding within dnss=
> ec=20
> in the future?
> 
> regards,
> 
> =2D-=20
> Hanno B=C3=B6ck		Blog:		http://www.hboeck.de/
> GPG: 3DBD3B20		Jabber/Mail:	hanno@hboeck.de
> 
> http://schokokeks.org - professional webhosting

This is a decision for any new algorithm to make.

I can't see any point in issuing new code points just to change the
padding for existing algorithms.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org