- From: Arun Ranganathan <arun@mozilla.com>
- Date: Wed, 5 Sep 2012 17:33:33 -0400
- To: Wan-Teh Chang <wtc@google.com>
- Cc: "public-webcrypto@w3.org Working Group" <public-webcrypto@w3.org>, Ryan Sleevi <sleevi@google.com>
On Sep 5, 2012, at 5:07 PM, Wan-Teh Chang wrote: > On Wed, Sep 5, 2012 at 12:07 PM, Arun Ranganathan <arun@mozilla.com> wrote: >> rsleevi, >> >> Given NSS support, I'm inclined to add "rsaes-pkcs1" to the list of recommended >> algorithms. > > Since RSASSA-PKCS1-v1_5 using SHA-256 (as opposed to RSA-PSS using > SHA-256) is on the list of recommended algorithms, I think it is > reasonable extrapolation to add RSAES-PKCS1-v1_5 to the list as a > recommended key transport algorithm. > > Note: in draft-ietf-jose-json-web-algorithms-05, RSAES-PKCS1-V1_5 > (called "RSA1_5") is REQUIRED whereas RSA-OAEP is OPTIONAL. > This leads me to wonder whether we should say "recommended for" and "only recommended for" in terms of usage. Maybe we should discourage signing, for example. > Wan-Teh >
Received on Thursday, 6 September 2012 14:23:27 UTC