Re: PKCS#1v1.5 from Wan-Teh Chang on 2012-09-19 (public-webcrypto-comments@w3.org from September 2012)

From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 19 Sep 2012 11:15:42 -0700
To: Travis Mayberry <travism@ccs.neu.edu>
Cc: public-webcrypto-comments@w3.org
Message-ID: <CALTJjxHTyVC-xg+dpih=SHG+jr4zF=qG6-VcLzQXkibG-i-W1w@mail.gmail.com>

On Wed, Sep 19, 2012 at 11:00 AM, Travis Mayberry <travism@ccs.neu.edu> wrote:
> Makes sense.  I would suggest then that a note be put in emphasizing it
> should be used carefully and that OAEP is the better choice if you are not
> forced to use PKCS#1.  My main concern is that a developer, upon deciding to
> use this API but not being familiar with the issues we are discussing, will
> simply pick one of the two at random and potentially open himself up to an
> attack that could have easily been avoided.

Adding a note (or creating a FAQ document) is a good idea. Thank you
for the suggestion.

Another factor for us to include PKCS#1 v1.5 is its support in
underlying native crypto libraries. PKCS#1 v1.5 is widely supported,
but we're less sure about the availability of RSA OAEP.

Wan-Teh

Received on Wednesday, 19 September 2012 18:16:13 UTC