XMLDSIG RSA signatures from merlin on 2000-08-29 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: merlin <merlin@baltimore.ie>
Date: Tue, 29 Aug 2000 14:24:28 +0100
To: w3c-ietf-xmldsig@w3.org
Message-Id: <200008291324.OAA31375@cougar.baltimore.ie>

Hi,

In 6.4.2, regarding RSA signatures, the following wording exists:

  A signature MAY contain a pre-pended algorithm object identifier,
  but the availability of an ASN.1 parser and recognition of OIDs is
  not required of a signature verifier.

Does this mean that a signature may be (before base 64 encoding):

  SEQUENCE { SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE } }
or:
  SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE }
or:
  SEQUENCE { OID . NULL } . SIGNATURE_VALUE
or:
  OID . SIGNATURE_VALUE

Or, is it suggesting that the OID _within_ the RSA signature
(before crypting) is optional?

Regardless, I think it adds options and thus confusion and thus
deserves, perhaps, to be eliminated..

merlin

Received on Tuesday, 29 August 2000 09:25:10 UTC