Re: [openpgp] RSA-PSS and RSA-OAEP for v5
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 28 February 2021 19:47 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 904A53A1B73 for <openpgp@ietfa.amsl.com>; Sun, 28 Feb 2021 11:47:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.1
X-Spam-Level:
X-Spam-Status: No, score=-5.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j41tNWHRQ-bW for <openpgp@ietfa.amsl.com>; Sun, 28 Feb 2021 11:47:21 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2E273A1B71 for <openpgp@ietf.org>; Sun, 28 Feb 2021 11:47:20 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2E894BE3E; Sun, 28 Feb 2021 19:47:18 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6O5MXSYVuOz3; Sun, 28 Feb 2021 19:47:16 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 92C54BE2F; Sun, 28 Feb 2021 19:47:16 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1614541636; bh=5RHZl1FyETK9OkSm2BrCOAO4oJ7n7Y8yZb4RHh6jWDo=; h=Subject:To:References:From:Date:In-Reply-To:From; b=lXmLf5clA56BQxuHsnzhFBY0d7C/9GX5uq7H1FGf0M1gZ/F2DW0CLIkB9SPXETPzD skFW0uNhpy9Cba4PnUj/d1oTEDPwlYBgmafO/Np8wrzq2YXX197k+4iyi9fGYFuD/b cMjuzA9vP+b/rNRWQ7e/MMSoy2droATWZo+taoe4=
To: "brian m. carlson" <sandals@crustytoothpaste.net>, openpgp@ietf.org
References: <YDrbaRiQ34MstP30@camp.crustytoothpaste.net> <87ft1g9goo.fsf@wheatstone.g10code.de> <YDvuaAXgwEDffYbt@camp.crustytoothpaste.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <6a1649f1-1b64-0a44-7a7d-07dae7b0dc20@cs.tcd.ie>
Date: Sun, 28 Feb 2021 19:47:15 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <YDvuaAXgwEDffYbt@camp.crustytoothpaste.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="OKuKaaXt8DsqH3Oxfu0QTXs2BuYtsYgDv"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vtJEEE7a5JieHj85DLDd_kDOCp8>
Subject: Re: [openpgp] RSA-PSS and RSA-OAEP for v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2021 19:47:24 -0000
Hiya, On 28/02/2021 19:26, brian m. carlson wrote: > > I think it's very clear, based on a history of CVEs, that as practically > implemented, PKCS #1 padding is weak compared to PSS and OAEP. FWIW, my impression is that that is not clear. Quite a few people do have that position for sure, but equally, the views expressed by e.g. Werner and Peter Gutmann also seem fairly commonly held afaics. (As chair) would it be worthwhile pushing this question off for a while? It may become easier to handle later on - or even if it's no easier later, it still might be better to postpone the bun fight for a bit:-) If pushing this to later made sense, I guess creating an issue in gitlab would be the thing to do so's we don't lose track of it. (Apologies if someone did that already, I didn't go check just now.) S.
- [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Peter Gutmann
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Hanno Böck
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Werner Koch
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Stephen Farrell
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 brian m. carlson
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Stephen Farrell
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Santiago Torres-Arias
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Hanno Böck
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Werner Koch
- Re: [openpgp] RSA-PSS and RSA-OAEP for v5 Peter Gutmann