W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

AW: XMLDSIG RSA signatures

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Tue, 29 Aug 2000 16:01:48 +0200
To: "merlin" <merlin@baltimore.ie>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDKECBCKAA.gregor.karlinger@iaik.at>
Hi all,

I agree with Merlin, providing the option to wrap the RSA signature octets
into
a ASN.1 structure, however it looks like

  * has no benefits ,
  * adds options which result in a more complicated verification process,
  * is confusing (I had to read the text in 6.4.2 some times to get it).

Therefore I also vote to kick this option out.

Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------


> Hi,
>
> In 6.4.2, regarding RSA signatures, the following wording exists:
>
>   A signature MAY contain a pre-pended algorithm object identifier,
>   but the availability of an ASN.1 parser and recognition of OIDs is
>   not required of a signature verifier.
>
> Does this mean that a signature may be (before base 64 encoding):
>
>   SEQUENCE { SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE } }
> or:
>   SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE }
> or:
>   SEQUENCE { OID . NULL } . SIGNATURE_VALUE
> or:
>   OID . SIGNATURE_VALUE
>
> Or, is it suggesting that the OID _within_ the RSA signature
> (before crypting) is optional?
>
> Regardless, I think it adds options and thus confusion and thus
> deserves, perhaps, to be eliminated..
>
> merlin
>
>
>
Received on Tuesday, 29 August 2000 10:01:35 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:11 GMT