- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Tue, 29 Aug 2000 16:01:48 +0200
- To: "merlin" <merlin@baltimore.ie>, <w3c-ietf-xmldsig@w3.org>
Hi all,
I agree with Merlin, providing the option to wrap the RSA signature octets
into
a ASN.1 structure, however it looks like
* has no benefits ,
* adds options which result in a more complicated verification process,
* is confusing (I had to read the text in 6.4.2 some times to get it).
Therefore I also vote to kick this option out.
Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
> Hi,
>
> In 6.4.2, regarding RSA signatures, the following wording exists:
>
> A signature MAY contain a pre-pended algorithm object identifier,
> but the availability of an ASN.1 parser and recognition of OIDs is
> not required of a signature verifier.
>
> Does this mean that a signature may be (before base 64 encoding):
>
> SEQUENCE { SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE } }
> or:
> SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE }
> or:
> SEQUENCE { OID . NULL } . SIGNATURE_VALUE
> or:
> OID . SIGNATURE_VALUE
>
> Or, is it suggesting that the OID _within_ the RSA signature
> (before crypting) is optional?
>
> Regardless, I think it adds options and thus confusion and thus
> deserves, perhaps, to be eliminated..
>
> merlin
>
>
>
Received on Tuesday, 29 August 2000 10:01:35 UTC