Re: XMLDSIG RSA signatures from merlin on 2000-08-29 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: merlin <merlin@baltimore.ie>
Date: Tue, 29 Aug 2000 16:50:49 +0100
To: "Barb Fox" <bfox@Exchange.Microsoft.com>
Cc: "Gregor Karlinger" <gregor.karlinger@iaik.at>, w3c-ietf-xmldsig@w3.org
Message-Id: <200008291550.QAA01156@cougar.baltimore.ie>

Hi,

We must already massage DSA signatures to meet the XMLDSIG
encoding; I would strongly endorse a requirement that
RSA signatures MUST be massaged into the simplest form too.

For crypto environments such as you describe, the effort is
no greater than the DSA massage; for everyone else, life
would be much simpler.

Merely having the option of an OID turns ASN.1 parsing into
a mandatory requirement of all toolkits that wish to interop,
which is expressly undesirable.

Merlin

r/bfox@Exchange.Microsoft.com/2000.08.29/08:13:21
>
>The reason that I added this as a MAY is because many toolkits
>automatically pre-pend that OID in an RSA signature.=20
>
>--Barb
>
>-----Original Message-----
>From: Gregor Karlinger [mailto:gregor.karlinger@iaik.at]
>Sent: Tuesday, August 29, 2000 7:02 AM
>To: merlin; w3c-ietf-xmldsig@w3.org
>Subject: AW: XMLDSIG RSA signatures
>
>
>Hi all,
>
>I agree with Merlin, providing the option to wrap the RSA signature
>octets
>into
>a ASN.1 structure, however it looks like
>
>  * has no benefits ,
>  * adds options which result in a more complicated verification
>process,
>  * is confusing (I had to read the text in 6.4.2 some times to get it).
>
>Therefore I also vote to kick this option out.
>
>Regards, Gregor
>---------------------------------------------------------------
>Gregor Karlinger
>mailto://gregor.karlinger@iaik.at
>http://www.iaik.at
>Phone +43 316 873 5541
>Institute for Applied Information Processing and Communications
>Austria
>---------------------------------------------------------------
>
>
>> Hi,
>>
>> In 6.4.2, regarding RSA signatures, the following wording exists:
>>
>>   A signature MAY contain a pre-pended algorithm object identifier,
>>   but the availability of an ASN.1 parser and recognition of OIDs is
>>   not required of a signature verifier.
>>
>> Does this mean that a signature may be (before base 64 encoding):
>>
>>   SEQUENCE { SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE }
>}
>> or:
>>   SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE }
>> or:
>>   SEQUENCE { OID . NULL } . SIGNATURE_VALUE
>> or:
>>   OID . SIGNATURE_VALUE
>>
>> Or, is it suggesting that the OID _within_ the RSA signature
>> (before crypting) is optional?
>>
>> Regardless, I think it adds options and thus confusion and thus
>> deserves, perhaps, to be eliminated..
>>
>> merlin

Received on Tuesday, 29 August 2000 11:54:23 UTC