[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Proposal: CKM_RSA_PKCS_FIPS_186_4
Oscar, I was wrong -- the compatibility is definitely there, so no issues there. I think the bigger problem is that this standard restricts not only key sizes, but also key usages -- to the point even where a key which is used to perform an X9.31 signature, is not allowed to perform an RSASSA-PSS signature? I think that's too much to expect. So I go back to my original assertion about all these FIPS 186-4 mechanisms -- I think that having P11 mechanisms tied to this standard is too restrictive and could be better handled using profiles instead. Thanks, Bob > -----Original Message----- > From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] On > Behalf Of Burns, Robert > Sent: Thursday, August 01, 2013 10:55 AM > To: oscar.so@oracle.com; pkcs11@lists.oasis-open.org > Subject: RE: [pkcs11] Proposal: CKM_RSA_PKCS_FIPS_186_4 > > Oscar, > > Similarly, I am wondering if having a mechanism which is identical to > CKM_RSA_PKCS, but restricts key sizes is an appropriate restriction? Also, I > am not 100% confident that CKM_RSA_PKCS is compatible with the > restrictions put forth in 186-3/4 -- I'll look into this. > > Finally, I think the hard problems that 186-3/4 puts forth is in key generation > rather than algorithm usage -- so something to think about. > > Thanks, > > Bob > > > -----Original Message----- > > From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org] > > On Behalf Of Oscar K So Jr. > > Sent: Wednesday, July 31, 2013 5:10 PM > > To: pkcs11@lists.oasis-open.org > > Subject: [pkcs11] Proposal: CKM_RSA_PKCS_FIPS_186_4 > > > > Proposal: CKM_RSA_PKCS_FIPS_186_4 > > > > FIPS-183-4 algorithms: > > http://www.ofr.gov/OFRUpload/OFRData/2013-17396_PI.pdf > > > > This mechanism is equivalent to: CKM_RSA_PKCS > > > > > > > > -- > > > > Best, > > Oscar > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis- > open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]