[jose] RSA-PSS salt size

Mike Jones <Michael.Jones@microsoft.com> Wed, 31 July 2013 14:27 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 116BA21F9EF6 for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 07:27:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.067
X-Spam-Level:
X-Spam-Status: No, score=-5.067 tagged_above=-999 required=5 tests=[AWL=1.531, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pj1Ifcoe5bBA for <jose@ietfa.amsl.com>; Wed, 31 Jul 2013 07:27:28 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id 008F421F9EB0 for <jose@ietf.org>; Wed, 31 Jul 2013 07:27:18 -0700 (PDT)
Received: from mail5-va3-R.bigfish.com (10.7.14.244) by VA3EHSOBE013.bigfish.com (10.7.40.63) with Microsoft SMTP Server id 14.1.225.22; Wed, 31 Jul 2013 14:27:18 +0000
Received: from mail5-va3 (localhost [127.0.0.1]) by mail5-va3-R.bigfish.com (Postfix) with ESMTP id 3891E4E00E5 for <jose@ietf.org>; Wed, 31 Jul 2013 14:27:18 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC103.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: 0
X-BigFish: VS0(zzc85fhzz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1d7338h17326ah18c673h1de096h8275bh8275dh1de097hz2fh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1b0ah1bceh1d0ch1d2eh1d3fh1dc1h1dfeh1dffh1e1dh1155h)
Received-SPF: pass (mail5-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC103.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail5-va3 (localhost.localdomain [127.0.0.1]) by mail5-va3 (MessageSwitch) id 1375280836886706_3718; Wed, 31 Jul 2013 14:27:16 +0000 (UTC)
Received: from VA3EHSMHS002.bigfish.com (unknown [10.7.14.228]) by mail5-va3.bigfish.com (Postfix) with ESMTP id CA6F180187 for <jose@ietf.org>; Wed, 31 Jul 2013 14:27:16 +0000 (UTC)
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS002.bigfish.com (10.7.99.12) with Microsoft SMTP Server (TLS) id 14.16.227.3; Wed, 31 Jul 2013 14:27:16 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.38]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.03.0136.001; Wed, 31 Jul 2013 14:26:41 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: RSA-PSS salt size
Thread-Index: Ac6N+fejNkFi8ohqS3yJY9KSEIzRlw==
Date: Wed, 31 Jul 2013 14:26:40 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436B7347E3@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.35]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436B7347E3TK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: [jose] RSA-PSS salt size
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2013 14:27:37 -0000

It was pointed out to me that we failed to specify the salt size for RSA PSS signatures.  RFC 3447 says that "Typical salt lengths in octets are hLen (the length of the output of the hash function Hash) and 0."  Having looked into it a bit I believe that it would be appropriate for us to specify that the salt length be the same as the output size of the hash function used.  So 256 for PS256, 384 for PS384, and 512 for PS512.

Any disagreement with that choice?

                                                            -- Mike