Re: Comments on RSA-PSS - March 7 Editors Draft from Ryan Sleevi on 2014-03-07 (public-webcrypto@w3.org from March 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Fri, 7 Mar 2014 11:31:33 -0800
To: Jim Schaad <ietf@augustcellars.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvYbaXwo5JNaqChfdcPaJ-ZFFAR5YEExiNFxBfVSOOP4yw@mail.gmail.com>

On Fri, Mar 7, 2014 at 11:15 AM, Jim Schaad <ietf@augustcellars.com> wrote:

> 1.  It should be noted that RFC 4055 from the PKIX group makes the
> parameters field optional for id-RSASSA-PSS.  This means that depending on
> the standard used, these fields may be absent when importing the key.
>
> 2.  What happened to the deriveKey descriptions.  I would like to point out
> that Microsoft using CNG does not have the ability to get to the secret
> value from aa DH key agreement operation.  They will be completely unable
> to
> implement the current specification using their current code.
>

I would prefer that we allow implementors to speak for themselves.

While Vijay is correct in stating that Z is not directly exportable, and
instead fed to a hash algorithm, one can simply create a new CNG hash
provider that no-ops (eg: returns Z when told to H(Z)), to obtain Z.

So it's certainly *technically* possible.

Received on Friday, 7 March 2014 19:32:00 UTC