Add RSA v1.5 Signature to the set of accepted algorithms

[jimsch]

Moving this issue from the internal tracker because it has not been resolved in discussions on the list (which start here).

Does COSE need to have RSA v1.5 signatures added as an algorithm in the base specification?

Pro: People seem to think that RSA-PSS is not sufficiently wide spread so that if RSA is going to be supported then v1.5 needs to be supported. There are enough recognized attacks against v1.5 encryption that nobody thinks it should be kept.

Con: RSA told us almost 15 years ago to stop using it, use RSA-PSS instead. Yes there are no known attacks against it, but if we don't switchover now when are we going to do so.

Don't Care: Everybody, especially in constrained environments, are going to use ECDSA if they use any signature algorithm so who cares what the decision is.

People commenting in the email discussion: 3 (two of which are the editors)

Punt this issue off until sometime in october.

[jimsch]

There’s consensus for dropping RSA 1.5 encryption support entirely, so that will be done.

There’s also enough support for supporting RSA 1.5 signatures that putting them into an auxiliary draft sounds like the best approach. The chairs would like to ask for volunteers to edit such an auxiliary draft.

— Justin, your COSE chair

[selfissued]

I volunteer to add this to the next version of draft-jones-cose-rsa.