Re: PKCS#1v1.5

Filed this as to
make sure we've captured the feedback for future discussion.

Thanks again.

On Wed, Sep 19, 2012 at 12:20 PM, Ryan Sleevi <> wrote:
> On Wed, Sep 19, 2012 at 11:50 AM, Travis Mayberry <> wrote:
>> Right, I can see how that could get out of hand rather quickly.  The
>> difference I see between those cases though is that counter mode and CBC
>> each have advantages/disadvantages (i.e. counter mode allows for random
>> access to encrypted data) that warrant using one over the other depending on
>> the scenario.  Hopefully developers will investigate the different modes
>> before they pick the one that most suits their situation.  PKCS#1 and OAEP
>> on the other hand are functionally equivalent, but one has potential
>> security holes and the other does not.
> Like Wan-Teh mentioned, the concern is not one necessarily of
> functionality (yes, they both use RSA keys to perform encryption or,
> in the case of PSS, signing), but of deployment/support. This includes
> both platform-native support (which is fairly good post XP-SP2), but
> also support for secure elements, TPMs, etc, where it's unfortunately
> lacking.
> So the concern is less one of functionality, and more one of
> compatibility between systems and between (existing) protocols.
> But yes, you've definitely picked on an issue we've discussed at a
> fair length so far (and for which other groups, such as the IETF's
> JOSE WG, have also discussed at fair length)

Received on Wednesday, 19 September 2012 23:14:52 UTC