[saag] RSA-PSS

Tero Kivinen <kivinen@iki.fi> Thu, 05 December 2013 11:16 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 7FE3A1ADED5 for <saag@ietfa.amsl.com>; Thu, 5 Dec 2013 03:16:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4F-PxXeXNQ52 for <saag@ietfa.amsl.com>; Thu, 5 Dec 2013 03:16:07 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 104FB1ADF26 for <saag@ietf.org>; Thu, 5 Dec 2013 03:16:06 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost []) by mail.kivinen.iki.fi (8.14.7/8.14.5) with ESMTP id rB5BG16D028314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 5 Dec 2013 13:16:01 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.7/8.12.11) id rB5BG0Lh019834; Thu, 5 Dec 2013 13:16:00 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21152.24688.575258.209944@fireball.kivinen.iki.fi>
Date: Thu, 05 Dec 2013 13:16:00 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Russ Housley <housley@vigilsec.com>
In-Reply-To: <F56DAA5B-C531-4FD9-A287-953D30C55315@vigilsec.com>
References: <F56DAA5B-C531-4FD9-A287-953D30C55315@vigilsec.com>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 5 min
X-Total-Time: 5 min
X-Mailman-Approved-At: Mon, 09 Dec 2013 08:04:22 -0800
Cc: IETF SAAG <saag@ietf.org>
Subject: [saag] RSA-PSS
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 11:16:08 -0000

Russ Housley writes:
> We have seen very little movement toward RSA-PSS.  While we are
> reviewing algorithm choices in light of the pervasive surveillance
> situation, I think we should take the time to consider improvements
> in our algorithm choices. 

In the IPsecME WG we have draft-kivinen-ipsecme-signature-auth
document which allows also using the RSASSA-PSS in addition to the
RSASSA-PKCS1-v1_5 in the IKEv2. Unfortunately I have not received that
many reviews on the document, especially for the RSASSA-PSS parts.

The RSASSA-PSS is quite a lot more complex than RSASSA-PKCS1-v1_5,
especially with all the ASN.1 in the parameters etc, and I am not sure
if the text I have written about it is correct. It would be useful if
someone who is really familiar with RSASSA-PSS would review the