[dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS

Hanno Böck <hanno@hboeck.de> Wed, 20 October 2010 15:13 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 1DD533A683F; Wed, 20 Oct 2010 08:13:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.999
X-Spam-Status: No, score=-99.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id hPbCAgbncP4h; Wed, 20 Oct 2010 08:13:36 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 55F803A67D3; Wed, 20 Oct 2010 08:13:34 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1P8aG0-0006Vm-PR for namedroppers-data0@psg.com; Wed, 20 Oct 2010 15:07:12 +0000
Received: from cl-2144.ham-01.de.sixxs.net ([2001:6f8:900:85f::2] helo=zucker.schokokeks.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <hanno@hboeck.de>) id 1P8aFx-0006VE-LG for namedroppers@ops.ietf.org; Wed, 20 Oct 2010 15:07:09 +0000
Received: from laverne.localnet (brln-4d0c35b4.pool.mediaWays.net [::ffff:]) (AUTH: PLAIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by zucker.schokokeks.org with esmtp; Wed, 20 Oct 2010 17:07:05 +0200 id 000000000001819F.000000004CBF0599.00002885
From: Hanno Böck <hanno@hboeck.de>
To: namedroppers <namedroppers@ops.ietf.org>
Subject: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS
Date: Wed, 20 Oct 2010 17:07:00 +0200
User-Agent: KMail/1.13.5 (Linux/2.6.36-rc8; KDE/4.5.2; x86_64; ; )
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3206057.BvX2uDenoB"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Content-Transfer-Encoding: 7bit
Message-Id: <201010201707.01361.hanno@hboeck.de>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>


I'm currently working on a study project about RSASSA-PSS. This is a padding 
variant with security proofs and standardized within PKCS #1 2.1.

I saw that dnssec currently seems to use the old PKCS #1 1.5 padding methods 
(RFC 5702, Section 3). I wonder if there was any discussion about that 
decision (there is some hint in section 8.1). RFC 5702 was published in 2009, 
so it's a pretty new standard.

Are there any plans to support algorithms with EMSA-PSS-padding within dnssec 
in the future?


Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@hboeck.de

http://schokokeks.org - professional webhosting