It's also worth noting that BERserk is one of many such incidents of this coming up in practice: https://cryptosense.com/why-pkcs1v1-5-signature-should-also-be-put-out-of-our-misery/
On Tue, Aug 9, 2016 at 2:13 PM, Tony Arcieri <basc...@gmail.com> wrote: > On Tue, Aug 9, 2016 at 7:16 AM, Martin Rex <m...@sap.com> wrote: > >> BERserk is an implementation defect, not a crypto weakness. >> > > Hence why I phrased the question the way I did. Per Izu, Shimoyama, and > Takenaka 2006, PKCS#1 v1.5 has sharp edges which implementers must avoid > (of course, the same can be said of BER in BERserk, and it was clearly the > bigger of the two problems). > > Peter Gutmann's response was the sort of thing I was looking for when I > originally asked the question. > > -- > Tony Arcieri > -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls