Re: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS
Olafur Gudmundsson <ogud@ogud.com> Thu, 21 October 2010 00:18 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 87B3C3A685B; Wed, 20 Oct 2010 17:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.11
X-Spam-Level:
X-Spam-Status: No, score=-101.11 tagged_above=-999 required=5 tests=[AWL=-1.111, BAYES_00=-2.599, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPZwwvjuUX-m; Wed, 20 Oct 2010 17:18:34 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 97B843A657C; Wed, 20 Oct 2010 17:18:34 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1P8ioJ-000Nzl-AQ for namedroppers-data0@psg.com; Thu, 21 Oct 2010 00:15:11 +0000
Received: from stora.ogud.com ([66.92.146.20]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <ogud@ogud.com>) id 1P8ioF-000NyV-WD for namedroppers@ops.ietf.org; Thu, 21 Oct 2010 00:15:08 +0000
Received: from [IPv6:::1] (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id o9L0EwEh011930; Wed, 20 Oct 2010 20:14:59 -0400 (EDT) (envelope-from ogud@ogud.com)
Message-ID: <4CBF8600.4000902@ogud.com>
Date: Wed, 20 Oct 2010 20:14:56 -0400
From: Olafur Gudmundsson <ogud@ogud.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
MIME-Version: 1.0
To: Hanno Böck <hanno@hboeck.de>
CC: namedroppers <namedroppers@ops.ietf.org>
Subject: Re: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS
References: <201010201707.01361.hanno@hboeck.de>
In-Reply-To: <201010201707.01361.hanno@hboeck.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
On 20/10/2010 11:07 AM, Hanno Böck wrote: > Hi, > > I'm currently working on a study project about RSASSA-PSS. This is a padding > variant with security proofs and standardized within PKCS #1 2.1. > > I saw that dnssec currently seems to use the old PKCS #1 1.5 padding methods > (RFC 5702, Section 3). I wonder if there was any discussion about that > decision (there is some hint in section 8.1). RFC 5702 was published in 2009, > so it's a pretty new standard. > > Are there any plans to support algorithms with EMSA-PSS-padding within dnssec > in the future? > There are no such plans at this point in time. RFC5702 is likely to be the last change to any RSA algorithm for DNSSEC, as ECC based algorithms are likely to become the recommended algorithms in the not so distant future. Olafur
- [dnsext] RSA algorithm padding in RFC 5702, RSASS… Hanno Böck
- Re: [dnsext] RSA algorithm padding in RFC 5702, R… Mark Andrews
- Re: [dnsext] RSA algorithm padding in RFC 5702, R… Olafur Gudmundsson
- [dnsext] new recommendations for algs? was Re: RS… Edward Lewis
- Re: [dnsext] RSA algorithm padding in RFC 5702, R… Paul Wouters