[ietf-dkim] DKIM using old RSA padding?
stephen.farrell at cs.tcd.ie
Mon Feb 28 02:45:28 PST 2011
On 28/02/11 09:53, Hanno Böck wrote:
> I'm currently researching about the usage of RSA-PSS, an improved
> padding method for RSA signatures (specified in PKCS #1 2.1/RFC 3447).
> I saw that domainkeys in RFC 4871 is hard-bound to the old PKCS #1 1.5
> method. RFC 4871 was developed years after IETF approved PKCS #1 2.1 in
> RFC 3447, so I wonder what was the reason for that decision?
> Also, in the current draft of an RFC obsoleting 4871, still there is
> only PKCS #1 1.5 padding allowed. Wouldn't it make sense to use that
> update to provide a gradual transition?
That'd be a backwards-incompatible change so isn't really on the
table for this WG at this point.
AFAIK pkcs#1v1.5 signatures are still what's most easy to find
in terms of code support etc. and that was what drove us to choose
that for 4871.
In future, someone might want to define a DKIM sig alg that uses
PSS, but I've not heard that there's demand for that.
More information about the ietf-dkim