- From: merlin <merlin@baltimore.ie>
- Date: Tue, 29 Aug 2000 16:50:49 +0100
- To: "Barb Fox" <bfox@Exchange.Microsoft.com>
- Cc: "Gregor Karlinger" <gregor.karlinger@iaik.at>, w3c-ietf-xmldsig@w3.org
Hi, We must already massage DSA signatures to meet the XMLDSIG encoding; I would strongly endorse a requirement that RSA signatures MUST be massaged into the simplest form too. For crypto environments such as you describe, the effort is no greater than the DSA massage; for everyone else, life would be much simpler. Merely having the option of an OID turns ASN.1 parsing into a mandatory requirement of all toolkits that wish to interop, which is expressly undesirable. Merlin r/bfox@Exchange.Microsoft.com/2000.08.29/08:13:21 > >The reason that I added this as a MAY is because many toolkits >automatically pre-pend that OID in an RSA signature.=20 > >--Barb > >-----Original Message----- >From: Gregor Karlinger [mailto:gregor.karlinger@iaik.at] >Sent: Tuesday, August 29, 2000 7:02 AM >To: merlin; w3c-ietf-xmldsig@w3.org >Subject: AW: XMLDSIG RSA signatures > > >Hi all, > >I agree with Merlin, providing the option to wrap the RSA signature >octets >into >a ASN.1 structure, however it looks like > > * has no benefits , > * adds options which result in a more complicated verification >process, > * is confusing (I had to read the text in 6.4.2 some times to get it). > >Therefore I also vote to kick this option out. > >Regards, Gregor >--------------------------------------------------------------- >Gregor Karlinger >mailto://gregor.karlinger@iaik.at >http://www.iaik.at >Phone +43 316 873 5541 >Institute for Applied Information Processing and Communications >Austria >--------------------------------------------------------------- > > >> Hi, >> >> In 6.4.2, regarding RSA signatures, the following wording exists: >> >> A signature MAY contain a pre-pended algorithm object identifier, >> but the availability of an ASN.1 parser and recognition of OIDs is >> not required of a signature verifier. >> >> Does this mean that a signature may be (before base 64 encoding): >> >> SEQUENCE { SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE } >} >> or: >> SEQUENCE { OID . NULL } . BIT_STRING { SIGNATURE_VALUE } >> or: >> SEQUENCE { OID . NULL } . SIGNATURE_VALUE >> or: >> OID . SIGNATURE_VALUE >> >> Or, is it suggesting that the OID _within_ the RSA signature >> (before crypting) is optional? >> >> Regardless, I think it adds options and thus confusion and thus >> deserves, perhaps, to be eliminated.. >> >> merlin
Received on Tuesday, 29 August 2000 11:54:23 UTC