[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Requirements for IKEv2 implementations

To: Russ Housley <housley@vigilsec.com>
Subject: Re: Requirements for IKEv2 implementations
From: Lauri Tarkkala <ltarkkal@ssh.com>
Date: Mon, 5 May 2003 18:51:35 +0300
Cc: ipsec@lists.tislabs.com
In-Reply-To: <5.2.0.9.2.20030430161520.034b0a28@mail.binhost.com>
References: <541402FFDC56DA499E7E13329ABFEA87E66CD7@SARATOGA.netscreen.com> <5.2.0.9.2.20030430161520.034b0a28@mail.binhost.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.5.3i

On Wed, Apr 30, 2003 at 04:17:47PM -0400, Russ Housley wrote:
> Greg:
> 
> I question the PSS as the mandatory to implement.  While I am for an 
> advocate for this algorithm, I do not think that it is widely deployed 
> today.  I think that RSA PKCS#1 v1.5 is a more appropriate signature 
> algorithm for MUST.  RSA PSS is the up and coming signature algorithm, and 
> as such I think that SHOULD is the way to go.

I agree.

Technically PSS is superior to PKSC#1, but I have seen very
little support for it in practice. Considering that it would
be an advantage to preserve the ability to generate these
signatures on misc.  devices (smart-cards, USB tokens, and
other things I seldom see people using ;-) I would be in favor
of the above proposal.

Lauri

-- 
Lauri Tarkkala
SSH Communications Security Corp

Prev by Date: Re: Terminology question: "suites" vs "set of cryptographic algorithms"
Next by Date: Re: Confirm decision on identity handling.
Prev by thread: RE: Requirements for IKEv2 implementations
Next by thread: Re: Crypto algorithms for IKEv2
Index(es):
- Date
- Thread