Re: [openpgp] RSA-PSS and RSA-OAEP for v5
Werner Koch <wk@gnupg.org> Sun, 28 February 2021 18:45 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0694F3A1A91 for <openpgp@ietfa.amsl.com>; Sun, 28 Feb 2021 10:45:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNB0LSEhGvw3 for <openpgp@ietfa.amsl.com>; Sun, 28 Feb 2021 10:45:18 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 234473A1A90 for <openpgp@ietf.org>; Sun, 28 Feb 2021 10:45:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=j5pQ9pR15HwraOnX825ZvPGuL8dpTbKR/kjatxmawy4=; b=Rr/kyjbVKhsPADd4XcTAK0neYK iyuMDJE+PvYVk9iutdaMDp/RD9SmjLw5ypKKxMlAtP88sPMq7KUQBjZ4o8MsCLFOtu0ut9tlwMq0+ flB6fuP8qpeV5Z4YCK6/ijedfDH+paYCTalQ/i0S0D/PvpVL2BZlD8njPfCsXHNwZS/Q=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1lGR40-0003qB-2u for <openpgp@ietf.org>; Sun, 28 Feb 2021 19:45:08 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1lGR2M-0007Lu-3q; Sun, 28 Feb 2021 19:43:26 +0100
From: Werner Koch <wk@gnupg.org>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: openpgp@ietf.org
References: <YDrbaRiQ34MstP30@camp.crustytoothpaste.net>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
Date: Sun, 28 Feb 2021 19:43:19 +0100
In-Reply-To: <YDrbaRiQ34MstP30@camp.crustytoothpaste.net> (brian m. carlson's message of "Sat, 27 Feb 2021 23:53:13 +0000")
Message-ID: <87ft1g9goo.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=passwd_Ebola_TIE_Shell_virtual_Listeria_NBIC_bemd_LUK_LLNL=Shelter-i"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/868NW4vKDcvinPuvmftOCAic_aI>
Subject: Re: [openpgp] RSA-PSS and RSA-OAEP for v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2021 18:45:20 -0000
On Sat, 27 Feb 2021 23:53, brian m. carlson said: > I'm interested in seeing if we can require v5 SKESK packets with RSA use > RSA-OAEP with SHA-256 and MGF1-SHA-256 and require that v5 signatures That would add a lot of additional complexity for no good reason because RSA will over short or long anyway be replaces by 25519 and 448. > I realize this requires implementers to add additional code, but I think > the increase in security is worth it given the number of CVEs we've seen > for padding vulnerabilities. We can tell implementers to avoid this and replace them with bugs in the way more complext PSS and OAEP. I see no reason for it and doubt that this can be viewed as part of the WG's old and new charter. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Peter Gutmann
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Hanno Böck
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Werner Koch
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Stephen Farrell
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Stephen Farrell
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Santiago Torres-Arias
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Hanno Böck
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Werner Koch
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Peter Gutmann