Re: XMLDSIG RSA signatures


I oppose it. If I'm using hardware then I'll have to do two
verifies; one against the raw digest, the other against the
ASN.1 blob. And the ? security issues. I want no choice,
probably just a crypted ASN.1 blob.


>And we control what [1] means, consequently does anyone oppose Merlin's
>first option [2]?
> [...]
>1) The signature may be either an encrypted ASN.1 blob (PKCS#1)
>or an encrypted raw digest (like W?TLS)

Received on Tuesday, 29 August 2000 13:49:23 UTC