[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] KMIP Spec v1.2 wd05: Multiple Cryptographic Parameters for a Single Key
On Tuesday, 2 July 2013 2:13 PM (AEST), Tim Hudson wrote: > The Usage Guide in 3.22.1 (wd03) shows a clear example where the private > and public keys end up with two Cryptographic Parameters values where > the Padding Method is contained in each and has a different value. Sorry, I should have picked that up a couple of years ago. The Usage Guide is showing an example of a specification for a key that allows insecure use of padding for RSA encryption. I wonder if the original authors realised this when they wrote it? My question to the TC still remains: Should we tighten the rules on Cryptographic Parameters or not? If not, then we should probably change the Usage Guide example so that it does not show a known insecure usage of RSA padding. Even if we don't change this in the specification, I don't think that it looks good for KMIP to show insecure examples (unless we're providing guidance on what NOT to do). To quote from the padded oracle attack thread going on in the PKCS11 TC: "The more general guidance - and this is in line with NIST's FIPS 140-2 stuff - is that a given RSA key pair should only be used for either signature/verify or encrypt/decrypt and not both; and that it should be used with one and only one padding scheme." -- Mike StJohns, NthPermutation "... moving to v2 with OAEP itself is not sufficient unless you also disable support for 1.5." -- Chris Duane, RSA John
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]