W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: Inclusion of rsaes-pkcs1

From: Ryan Sleevi <sleevi@google.com>
Date: Wed, 5 Sep 2012 12:48:53 -0700
Message-ID: <CACvaWvZ0et+RTAaEFTOQD+vpEnAbi=TVh1GzR33tYzwKs8UwxA@mail.gmail.com>
To: Arun Ranganathan <arun@mozilla.com>
Cc: "public-webcrypto@w3.org Working Group" <public-webcrypto@w3.org>
On Wed, Sep 5, 2012 at 12:07 PM, Arun Ranganathan <arun@mozilla.com> wrote:
> rsleevi,
> Given NSS support, I'm inclined to add "rsaes-pkcs1" to the list of recommended algorithms.  This came up when tweaking sample code with ddahl.  We're trying to write against NSS, but have something that's cut-pastable (and redactable) for spec. inclusion.
> Thoughts?
> -- A*

PKCS#1 v1.5 has been "discouraged" for new applications since roughly
1997. Implementation issues such as padding checks have also been a
wide source of security issues, including against PKCS#11
implementations, as mentioned previously.

That said, it's the only one that's widely implemented across the wide
variety of platforms. PSS and OAEP are still not widely implemented -
even NSS doesn't (yet) support OAEP.

The distinction is whether "Recommended" should mean "Recommended for
Developers" or "Recommended for Implementers". Ideally, there'd be no
distinction - but practically speaking, RSAES-PKCS1 is something more
for the latter than the former.
Received on Wednesday, 5 September 2012 19:49:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:13 UTC