Hi Tero,
> | RSASSA-PSS with Empty Parameters | MUST NOT | |
> | RSASSA-PSS with Default Parameters | MUST NOT | |
>
> Well, I'm a confused with these requirements. As far as I
> understand the RSASSA-PSS parameters default to using a SHA1 for
> both hashAlgorithm and maskGenAlgorithm. Isn't more clear for
> readers to include
>
> | RSASSA-PSS with SHA1 | MUST NOT | |
>
> instead of these two lines, which in their current form don't
> explicitely refer to any cryptographic algorithm and force
> reader to dig into RSASSA-PSS specification to just get
> know that it was SHA1 meant? Or did I miss something?
I'll leave this one to Tero.
This is aligned with RFC7427, which has 3 examples for RSASSA-PSS.
Ah, I see your reason. However, I think that few extra words (probably in
a comment) would make things more clear. Just clarify that both
Empty and Default parameters mean using SHA1 which is MUST NOT.
Note, that RFC7427 lists them only in Appendix, which is optional
for reading and implementers might have been confused.
Regards,
Valery.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
