On Fri, Dec 1, 2017 at 10:33 AM, Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > Depending on the prevalence of non-public CAs (not listed in public > indexes) based on openssl (this would be a smallish company thing more > than a big enterprise thing), it might be useful to have *two* fixed > salt lengths for each combination of hash algorithm and RSA key length: > > 1. The salt length=hash length case previously suggested. > > 2. The salt length=largest permitted by RSA key length and hash length > (OpenSSL default). > > Each of these could still be defined in a memcmp-able way. >
Yes. You could add flexibility if there was both data to support it and justification for the added complexity (passed on to all consumers). I think there is a tremendously high bar to suggest such things are good, and I don't think it's much useful to discuss what's possible without having a position in favor (and data to support) or against (and data to support). _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy