[Servercert-wg] PSS is SubjectPublicKeyInfo
Kurt Roeckx
kurt at roeckx.be
Sat Jan 9 21:53:29 UTC 2021
Hi,
The current document has this text:
7.1.3.1 SubjectPublicKeyInfo
[...]
7.1.3.1.1 RSA
The CA SHALL indicate an RSA key using the rsaEncryption (OID: 1.2.840.113549.1.1.1) algorithm identifier. The parameters MUST be present, and MUST be an explicit NULL. The CA SHALL NOT use a different algorithm, such as the id-RSASSA-PSS (OID: 1.2.840.113549.1.1.10) algorithm identifier, to indicate an RSA key.
Why is id-RSASSA-PSS or id-RSAES-OAEP not allowed? RFC4055
specifies the use of those OIDs to restrict the use of the RSA
key. At least id-RSAES-OAEP is being used. Having the key
type being id-RSASSA-PSS looks useful to me.
Kurt
More information about the Servercert-wg
mailing list