- From: merlin <merlin@baltimore.ie>
- Date: Wed, 30 Aug 2000 16:08:52 +0100
- To: w3c-ietf-xmldsig@w3.org
Hi,
Here's a summary from my pov..
WTLS (Wireless TLS) and TLS both use an RSA signature that is just
CRYPT (PAD (DIGEST (data))). Which I called "raw" digest. Because
the digest algorithm is fixed, no substitution attack is possible.
PKCS#1, as we know, is CRYPT (PAD (ASN.1 (OID, DIGEST (data)))).
So, among the options under discussion.
1) B64 (C(P(D(data)))) ("raw" digest)
2) B64 (C(P(ASN1(D(data))))) (PKCS#1 wrapped digest)
3) B64 (OID . C(P(D(data))))
4) B64 (OID . C(P(ASN1(D(data)))))
. I believe that no one desires 1) or 3).
. I desire just 2). This is secure, the ASN.1 part is supported
by all crypto toolkits, and it places no unnecessary ASN.1
burden on the XMLDSIG implementation.
. Some people propose 2) or 4) at the application's discretion.
Having a choice is just bad. In my opinion.
. Other people desire that it is just 4). I disagree with this.
If we want to use OIDs to identify crypto algorithms (which
has its merits) then we can use Signature Algorithm URIs of
'oid:1.2.3.4' instead of '&dsig;bar'.
Merlin
Received on Wednesday, 30 August 2000 11:09:17 UTC