AW: XMLDSIG RSA signatures from Gregor Karlinger on 2000-08-30 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Wed, 30 Aug 2000 08:38:02 +0200
To: "Joseph M. Reagle Jr." <reagle@w3.org>, "merlin" <merlin@baltimore.ie>
Cc: "Philip Hallam-Baker" <pbaker@verisign.com>, "'Barb Fox'" <bfox@Exchange.Microsoft.com>, "Gregor Karlinger" <gregor.karlinger@iaik.at>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDAEDCCKAA.gregor.karlinger@iaik.at>

Hi Joseph,

> And we control what [1] means, consequently does anyone oppose Merlin's
> first option [2]?

Yes, I strongly oppose Merlin's first option:

* We cite RSASSA-PKCS1-v1_5 as normative reference, and encrypting the
  raw digest instead of the ASN.1 structure is not an option there.

* As Phil stated in [1], the OID for the digest algorithm has been added
  to prevent a chosen digest attack.

* To allow this option only because WTLS does it, is not a really good
  reason

---
[1]
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JulSep/0377.html

Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------

Received on Wednesday, 30 August 2000 02:38:23 UTC