W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: XMLDSIG RSA signatures

From: merlin <merlin@baltimore.ie>
Date: Wed, 30 Aug 2000 16:08:52 +0100
Message-Id: <200008301508.QAA10840@cougar.baltimore.ie>
To: w3c-ietf-xmldsig@w3.org


Here's a summary from my pov..

WTLS (Wireless TLS) and TLS both use an RSA signature that is just
CRYPT (PAD (DIGEST (data))). Which I called "raw" digest. Because
the digest algorithm is fixed, no substitution attack is possible.
PKCS#1, as we know, is CRYPT (PAD (ASN.1 (OID, DIGEST (data)))).

So, among the options under discussion.

1) B64 (C(P(D(data))))            ("raw" digest)
2) B64 (C(P(ASN1(D(data)))))      (PKCS#1 wrapped digest)
3) B64 (OID . C(P(D(data))))
4) B64 (OID . C(P(ASN1(D(data)))))

. I believe that no one desires 1) or 3).

. I desire just 2). This is secure, the ASN.1 part is supported
  by all crypto toolkits, and it places no unnecessary ASN.1
  burden on the XMLDSIG implementation.

. Some people propose 2) or 4) at the application's discretion.
  Having a choice is just bad. In my opinion.

. Other people desire that it is just 4). I disagree with this.
  If we want to use OIDs to identify crypto algorithms (which
  has its merits) then we can use Signature Algorithm URIs of
  'oid:' instead of '&dsig;bar'.

Received on Wednesday, 30 August 2000 11:09:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:34 UTC