[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: fatal: Botan::PRNG_Unseeded

From: Zack Weinberg
Subject: Re: [Monotone-devel] Re: fatal: Botan::PRNG_Unseeded
Date: Tue, 1 Apr 2008 21:24:11 -0400

On Tue, Apr 1, 2008 at 2:43 PM, Markus Schiltknecht <address@hidden> wrote:
> > Monotone uses EMSA3 (aka PKCS#1 v1.5), which is a deterministic
> > encoding. So for a fixed input, the same key will always produce the
> > same signature. (The generally accepted solution for RSA signature
> > padding is EMSA4 aka PSS, which is a randomized method).
>  Sorry if this is a stupid question, but what prevents us from to switching
> to EMSA4?

I'm not aware of any reason other than backward compatibility, but
that's a doozy: this is yet another of the changes that would require
a cert-reissuing event.

(It would be *great* if certs had some kind of tag describing how they
were signed, so we could make a change that affected new certs only,
but I don't see any way to do that without a network protocol break.)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]