- From: Dominik Tomaszuk <ddooss@wp.pl>
- Date: Fri, 22 Mar 2013 11:04:17 +0100
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- CC: Henry Story <henry.story@bblfish.net>, public-webid@w3.org
22.03.2013 09:41, Melvin Carvalho: > > > On 21 March 2013 18:56, Dominik Tomaszuk <ddooss@wp.pl > <mailto:ddooss@wp.pl>> wrote: > > > On 19 Mar 2013, at 16:48, Dominik Tomaszuk <ddooss@wp.pl > <mailto:ddooss@wp.pl>> wrote: > > W dniu 19.03.2013 12:36, Henry Story pisze: > > > On 19 Mar 2013, at 11:34, Dominik Tomaszuk <ddooss@wp.pl > <mailto:ddooss@wp.pl>> wrote: > > W dniu 19.03.2013 11:02, Melvin Carvalho pisze: > > > > On 19 March 2013 10:54, Dominik Tomaszuk > <ddooss@wp.pl <mailto:ddooss@wp.pl> > <mailto:ddooss@wp.pl <mailto:ddooss@wp.pl>>> wrote: > > W dniu 19.03.2013 10:27, Melvin Carvalho pisze: > > > > On 19 March 2013 10:20, Henry Story > <henry.story@bblfish.net > <mailto:henry.story@bblfish.net> > <mailto:henry.story@bblfish.__net > <mailto:henry.story@bblfish.net>> > <mailto:henry.story@bblfish. > <mailto:henry.story@bblfish.>____net > <mailto:henry.story@bblfish.__net > <mailto:henry.story@bblfish.net>>>> wrote: > > > On 19 Mar 2013, at 09:49, Mo McRoberts > <Mo.McRoberts@bbc.co.uk > <mailto:Mo.McRoberts@bbc.co.uk> > <mailto:Mo.McRoberts@bbc.co.uk > <mailto:Mo.McRoberts@bbc.co.uk>__> > <mailto:Mo.McRoberts@bbc.co.uk > <mailto:Mo.McRoberts@bbc.co.uk> > <mailto:Mo.McRoberts@bbc.co.uk > <mailto:Mo.McRoberts@bbc.co.uk>__>__>> wrote: > > > curiously, the ASN.1 modules > for RSA and DSA (in the > context of > PKIX) differ in terms of naming… > > > > where RSA speaks of 'modulus' > and 'publicExponent', DSA is > exclusively 'p', 'q', and 'g' for > the parameters and 'y' > for the key > itself. > > > > I can't help but wonder if > consistency should perhaps > outweigh > friendlier naming (such that 'p' > in an DSA key structure > maps to 'p' > in a set of RDF triples). > > > > rdfs:label and rdfs:comment > within the ontology of > course can go > a long way in clarifying things… > > This seems to be what the XMLSIG > standard does > > http://www.w3.org/TR/xmldsig-____core/#sec-DSAKeyValue > <http://www.w3.org/TR/xmldsig-__core/#sec-DSAKeyValue> > > <http://www.w3.org/TR/xmldsig-__core/#sec-DSAKeyValue > <http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue>> > > > Nice find! > > So we could simply go with g p q x y > > They all seem to be : ds:CryptoBinary > (which is the same as the RSA > exponent) > > +1 > > > > So this I think would match to our use > of xsd:hexBinary for all? > > I do not think so. Some values should be > xsd:int > > > It would be nice, but i think xsd int can only > store 32 bits or so, and > we'll need at least 100+ for each of these. > > xsd:int I think can only safely be applied to an > RSA exponent > > OK, I don't focus on limits of xsd:int. So maybe > unify all properties connected to DSA and RSA? There > are two possibilities: > 1. use xsd:base64, pros: XSD datatype > 2. use ds:CryptoBinary, pros: compatibile with > XMLSig. Note that this datatype is based on xsd:base64. > > > I think xsd:base64 and xsd:hexBinary are > interchangeable. Their domain is a binary sequence in > each case. If we add this we would need to mention the > equivalence as a note in the WebID over TLS spec, and we > should improve our programs to accept both. > > If someone wants to put together the ontology in N3 for > this and submitt it here for discussion we can then add > it to the cert ontology when we get consensus. > > OK I can do it. BTW, it is good time to clear and rebuild > cert ont. > > > If you do that, please just edit the n3 ontology and change as > little as possible, so that > it is easy to look at the diffs to see what was changed. > > Please find the cert ont after my editions. > Changelog: > 1. Add classes: DSAKey and DSAPrivateKey > 2. Add missing RSAPrivateKey class > 3. Add properties: p, q, g, y (public key) and x (private key) > 4. Remove orphaned Signature class > > > +1 Looks great! > > Minor comments, non-critical: > > 1. This can now be removed: "TODO: - add some classes and relations for DSA" OK, I'll remove it in the next revision. > > 2. an integer in the range 2**159 < q < 2**160 (are you sure about 160, > I think 256 can also be used) Look to FIP186 [1]. > > 3. :g rdfs:label "property"@en; <-- I think this is called the "generator" Ups :-) I'll remove it in the next revision. > > Looks like some good improvements and bug fixes here. > > Thanks for adding the changes, I'll be able to develop DSA code now, on > the assumption that this will, at some point, move upstream [1] http://www.itl.nist.gov/fipspubs/fip186.htm > > > In free time I will try to put the changes to HG. > > Best, > Dominik 'domel' Tomaszuk > > > > Thanks. > > > > > > Henry > > PS. I have a bit of a flue so I can't do much just now. > > > Regards, > Dominik 'domel' Tomaszuk > > > > Next one would have to specify > what the types of the values > for each > of those relations are. Are they > integers or hexBinaries, > hexBinaries for very long integers > - since that is the only > way to > encode those in a hexadecidmal > format that can save a bit > of space. > Ie: what is the domain of those > values? > > > > > M. > > > > On Mon 2013-Mar-18, at 19:02, > Melvin Carvalho > <melvincarvalho@gmail.com > <mailto:melvincarvalho@gmail.com> > <mailto:melvincarvalho@gmail.__com > <mailto:melvincarvalho@gmail.com>> > <mailto:melvincarvalho@gmail. > <mailto:melvincarvalho@gmail.>____com > <mailto:melvincarvalho@gmail.__com > <mailto:melvincarvalho@gmail.com>>>> wrote: > > > >> > >> > >> On 18 March 2013 19:44, Henry > Story > <henry.story@bblfish.net > <mailto:henry.story@bblfish.net> > <mailto:henry.story@bblfish.__net > <mailto:henry.story@bblfish.net>> > <mailto:henry.story@bblfish. > <mailto:henry.story@bblfish.>____net > <mailto:henry.story@bblfish.__net > <mailto:henry.story@bblfish.net>>>> wrote: > >> > >> On 18 Mar 2013, at 18:08, > Melvin Carvalho > <melvincarvalho@gmail.com > <mailto:melvincarvalho@gmail.com> > <mailto:melvincarvalho@gmail.__com > <mailto:melvincarvalho@gmail.com>> > <mailto:melvincarvalho@gmail. > <mailto:melvincarvalho@gmail.>____com > <mailto:melvincarvalho@gmail.__com > <mailto:melvincarvalho@gmail.com>>>> wrote: > >> > >>> > >>> > >>> On 17 March 2013 22:31, Henry > Story > <henry.story@bblfish.net > <mailto:henry.story@bblfish.net> > <mailto:henry.story@bblfish.__net > <mailto:henry.story@bblfish.net>> > <mailto:henry.story@bblfish. > <mailto:henry.story@bblfish.>____net > <mailto:henry.story@bblfish.__net > <mailto:henry.story@bblfish.net>>>> wrote: > >>> > >>> On 17 Mar 2013, at 21:56, > Melvin Carvalho > <melvincarvalho@gmail.com > <mailto:melvincarvalho@gmail.com> > <mailto:melvincarvalho@gmail.__com > <mailto:melvincarvalho@gmail.com>> > <mailto:melvincarvalho@gmail. > <mailto:melvincarvalho@gmail.>____com > <mailto:melvincarvalho@gmail.__com > <mailto:melvincarvalho@gmail.com>>>> wrote: > >>> > >>>> http://www.w3.org/ns/auth/cert > >>>> > >>>> "The modulus of an RSA > public and private key. Or the > modulus > of a DSA Key." > >>>> > >>>> Yet there is no class for a > DSA public key. > >>>> > >>>> It would be great if this > could be added as I'm currently > looking into an integration > between WebID and a payments > system that > uses DSA. > >>> > >>> Sounds like a good idea. > Would be worth opening an > issue for. > >>> > >>> Thanks for the advice, Henry. > I've opened an issue. > >>> > >>> Could we break down what > needs to be done to get this > actioned, > are there any bottle necks? > >> > >> There is probably very little > to do. One needs to look > at how > DSA keys can be described, write > out those relations, > verify them, > and then add them to the ontology. > >> > >> > >> Ah good. > >> > >> Well as you know, RSA keys are > described as follows: > >> > >> Private key description: (n, > d) is the (modulus, > private key > exponent) > >> Public key description: (n, > e) is the (modulus, public key > exponent) > >> > >> In DSA as per: > >> > >> Private key description: (x, > g, p, q) is the (private key, > generator, modulus, sub-group order) > >> Public key description: (y, g, > p, q) is the (public key, > generator, modulus, sub-group order) > >> > >> Source: > https://www.dlitz.net/____software/pycrypto/api/current/____Crypto.PublicKey.DSA.___DSAobj-__class.html > <https://www.dlitz.net/__software/pycrypto/api/current/__Crypto.PublicKey.DSA._DSAobj-__class.html> > > <https://www.dlitz.net/__software/pycrypto/api/current/__Crypto.PublicKey.DSA._DSAobj-__class.html > <https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.DSA._DSAobj-class.html>> > >> Source: > https://www.dlitz.net/____software/pycrypto/api/current/____Crypto.PublicKey.DSA-module.____html > <https://www.dlitz.net/__software/pycrypto/api/current/__Crypto.PublicKey.DSA-module.__html> > > <https://www.dlitz.net/__software/pycrypto/api/current/__Crypto.PublicKey.DSA-module.__html > <https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.DSA-module.html>> > >> > >> So I think the naming is > doable. To start with what do you > think of the terms: > >> > >> g=generator > >> p=modulus > >> q=subGroupOrder > >> > >> > >> > >> > >>> > >>> > >>> Henry > >>> > >>> > >>> Social Web Architect > >>> http://bblfish.net/ > >>> > >>> > >> > >> Social Web Architect > >> http://bblfish.net/ > >> > >> > > > > > > > > > > -- > > Mo McRoberts - Analyst - BBC > Archive Development, > > Zone 1.08, BBC Scotland, 40 > Pacific Quay, Glasgow G51 1DA, > > Room 7066, BBC Television > Centre, London W12 7RJ, > > 0141 422 6036 (Internal: > 01-26036) - PGP key CEBCF03E > > > > > > > > ----------------------------- > > http://www.bbc.co.uk > > This e-mail (and any > attachments) is confidential and > > may contain personal views > which are not the views of > the BBC > unless specifically stated. > > If you have received it in > > error, please delete it from > your system. > > Do not use, copy or disclose the > > information in any way nor act > in reliance on it and > notify the > sender > > immediately. > > Please note that the BBC > monitors e-mails > > sent or received. > > Further communication will > signify your consent to > > this. > > ----------------------------- > > Social Web Architect > http://bblfish.net/ > > -- Dominik Tomaszuk Research Fellow University of Bialystok Poland
Received on Friday, 22 March 2013 10:04:43 UTC