[Swan-dev] Fwd: Mozilla RSA-PSS policy

Paul Wouters paul at nohats.ca
Tue Nov 21 14:33:24 UTC 2017


Some related PSS policies for certs, this might impact how we can use PSS.

Begin forwarded message:

> From: Hubert Kario <hkario at redhat.com>
> Date: November 21, 2017 at 09:26:24 EST
> To: mozilla's crypto code discussion list <dev-tech-crypto at lists.mozilla.org>
> Subject: Mozilla RSA-PSS policy
> Reply-To: mozilla's crypto code discussion list <dev-tech-crypto at lists.mozilla.org>
> In response to comment made by Gervase Markham[1], pointing out that Mozilla 
> doesn't have an official RSA-PSS usage policy.
> This is the thread to discuss it and make a proposal that could be later 
> included in Mozilla Root Store Policy[2]
> I'm proposing the following additions to the Policy (leaving out exactly which 
> sections this needs to be added, as that's better left for the end of 
> discussion):
> - RSA keys can be used to make RSASSA-PKCS#1 v1.5 or RSASSA-PSS signatures on 
> issued certificates
> - certificates containing RSA parameters can be limited to perform RSASSA-PSS 
> signatures only by specifying the X.509 Subject Public Key Info algorithm 
> identifier to RSA-PSS algorithm
> - end-entity certificates must not include RSA-PSS parameters in the Public 
> Key Info Algorithm Identifier - that is, they must not be limited to creating 
> signatures with only one specific hash algorithm
> - issuing certificates may include RSA-PSS parameters in the Public Key Info 
> Algorithm Identifier, it's recommended that the hash selected matches the 
> security of the key
> - signature hash and the hash used for mask generation must be the same both 
> in public key parameters in certificate and in signature parameters
> - the salt length must equal at least 32 for SHA-256, 48 for SHA-384 and 64 
> bytes for SHA-512
> - SHA-1 and SHA-224 are not acceptable for use with RSA-PSS algorithm
> 1 - https://bugzilla.mozilla.org/show_bug.cgi?id=1400844#c15
> 2 - https://www.mozilla.org/en-US/about/governance/policies/security-group/
> certs/policy/
> -- 
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
> -- 
> dev-tech-crypto mailing list
> dev-tech-crypto at lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20171121/291f14d9/attachment.html>

More information about the Swan-dev mailing list