On Sun, 15 Feb 2015 21:34:04 -0800 Brian Smith <br...@briansmith.org> wrote:
> I believe there are only a small number of (hashAlgorithm, mgf alg, > salt length) combinations that need to be supported, namely these two: [...] > The PSS RFC also says > that SHA-1 is mandatory, but that silliness is just an invitation for > somebody to get their name as an author of a new, reasonable, RFC. > > Thoughts? Having new oids with sane pre-defined parameters would vastly simplify things. Back when I wrote that code I thought changing the standard is harder than implementing the non-optimal spec, but I might've been wrong. Such an RFC could also just declare that keys not divisable by 8 are disallowed and by that fix that problem as well. I don't really know what channels I'd have to go through to pursue such a preset-OID. Can an OID be defined by an RFC? How does the interaction between the OID registration and RFCs work? Is this something the CFRG would do or some other entity in the IETF? -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpn9dEMx_fIz.pgp
Description: OpenPGP digital signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
