- From: Anthony Nadalin <tonynad@microsoft.com>
- Date: Mon, 16 Jul 2012 22:48:28 +0000
- To: Eric Rescorla <ekr@rtfm.com>, Wan-Teh Chang <wtc@google.com>
- CC: David Rogers <david.rogers@copperhorses.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, "S.Durbha@cablelabs.com" <S.Durbha@cablelabs.com>
Agree on the PKCS 1.5, I would not say the same thing for OAEP -----Original Message----- From: Eric Rescorla [mailto:ekr@rtfm.com] Sent: Monday, July 16, 2012 3:45 PM To: Wan-Teh Chang Cc: David Rogers; public-webcrypto@w3.org; S.Durbha@cablelabs.com Subject: Re: Action-8 - Base set of mandatory algorithms On Mon, Jul 16, 2012 at 3:35 PM, Wan-Teh Chang <wtc@google.com> wrote: > Hi David, > > Thank you for sending your proposal. I agree with your selection > criteria in general. I have some comments. > > 1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't > seem useful in practice. In addition, FIPS 186-3, which extends DSA > to support key sizes greater than 1024 bits, does not specify a DSA > key size of 1536 bits. > > 2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite > B" specification. > > 3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both? > Similarly for "RSASSA". FWIW, I think it's clear that we need to have PKCS #1 1.5, since that's basically what all current protocols use. -Ekr
Received on Monday, 16 July 2012 22:49:08 UTC