On Wed, 18 Apr 2007 11:39, [EMAIL PROTECTED] said: > RFC 3279 is updated by RFC 4055 which says in section 2.1 (in > particular the second paragraph):
Which is actually Peter's text but with a different suggestion. > Although it may be argued that RFC 4055 only applies to RSA-PSS, > although this particular section is not clear that it only applies to > RSA-PSS. The problem is that allowing for different encodings will require a complete DER (or well for some old specs even BER) parser in libgcrypt. Not long ago most crypto libraries showed implementaion flaws in that - libgcrypt didn't suffer from this due its poor man's and simple approach to checkthe RSA signature. Given that the code in gpgsm/libgcrypt has passed several compatibility tests I doubnt that it is a good idea to change it now and open the way to introduce new bugs. > I should probably change GnuTLS here. I'd appreciate that. If it later turns out that too many gnutls created certificates are in use we might consider to add a hack to gpgsm just for the SHA-1 case. Shalom-Salam, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users