Re: FW: Re: rsa/oaep


      No, SHA-1 is the default MGF hash, not the only one.  In fact, I
don't even see a constraint that the MGF and regular hash functions need to
be the same size.  A suggestion that the two hash functions should be the
same is made with respect to the PSS signature technique.
      In any case, we won't be defaulting anything in code.  The only
defaults are in the naming convention.

            Tom Gindin

Joseph Reagle <> on 04/16/2002 01:56:26 PM

Please respond to

To:    Tom Gindin/Watson/IBM@IBMUS, "Eastlake
Subject:    Re: FW: Re: rsa/oaep

On Monday 15 April 2002 11:36, Tom Gindin wrote:
>       I was proposing this as a long-term naming convention for the use
> of OAEP.  I did not propose that we replace the existing URI, merely that
> we document that the existing URI is "RSA with OAEP and SHA-1 used for
> both the hash algorithm and the MGF".

Sorry for the misunderstaing Tom. Let me ask a question then. I've stated
I'm not comfortable with change to making SHA-1 the default value of the
DigestMethod being SHA-1. (Implicit semantics are generally avoided). I
plan to remove this on the next edits I do. *Whatever* algorithm provided
in DigestMethod is used by RSAES-OAEP-ENCRYPT. However, regardless of the
specified DigestMethod, SHA-1 is always used for the MGF1?

Received on Tuesday, 16 April 2002 14:16:28 UTC