Re: FW: Re: rsa/oaep

Your dissent is noted as such in the bottom issue in:

On Friday 26 April 2002 07:42, Tom Gindin wrote:
>       I wish to document my view that treating the default MGF as
> MGF1(SHA-1) rather than MGF1(DigestMethod) is a mistake, although I
> appear to have been outvoted.  The currently posted draft does not make
> clear which interpretation is to be used ("using the mask generator
> function MGF1 specified in RFC 2437"), and the apparent reason for the
> defaulting in PKCS#1 is that it is easiest to default values to a literal
> constant in ASN.1.  There is no syntax defined in the draft by which the
> MGF1's digest method can be specified, unlike in PKCS#1.  While Don is
> correct that there are no reasons why the DigestMethod and the MGF1's
> digest method must match, the reasons for increasing the range size of
> one apply almost equally strongly to the other, and increases in the
> range size of a digest method are IMO the principal reason for the use of
> an algorithm other than SHA-1 in this context.
>       Current implementations which use SHA-1 for both the DigestMethod
> and the MGF's digest method would be unaffected by either interpretation.
> Nobody has stated AFAIK that they have implemented anything other than
> SHA-1 for either digest method.

Received on Friday, 26 April 2002 11:23:58 UTC