- From: merlin <merlin@baltimore.ie>
- Date: Thu, 31 Jan 2002 06:20:40 +0000
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Cc: dee3@torque.pothole.com, w3c-ietf-xmldsig@w3.org, xml-encryption@w3.org
- Message-Id: <20020131062040.200FB43C56@yog-sothoth.ie.baltimore.com>
Hi Christian, I seem to be in discord with your HMAC/SHA-384 and HMAC/SHA-512 signatures, which would lead me to suggest that either your, or my, HMAC block size is incorrect in these instances. Similarly, I am at variance with all three of your RSA/SHA-variant signatures. Poking about, it appears that you may have used OAEP, as mentioned in [1], although even with this assumption I failed (with the minimal effort I put in) to achieve harmony. Attached are my attempts at same, with the following caveat: Donald, I believe (but will gladly yield to anyone who knows) that OAEP only applies to the use of RSA for encryption, and that PKCS#1 padding remains safe and appropriate for RSA signatures, so your thought under section 2.3.2 might bear removal. Merlin [1] http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt r/geuer-pollmann@nue.et-inf.uni-siegen.de/2002.01.30/14:34:26 >Hi Donald, > >please find attached some test vectors for [1]. > >Regards, >Christian > >[1] >http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002JanMar/0038.html > ----------------------------------------------------------------------------- Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. http://www.baltimore.com
Attachments
- application/x-tar-gzip attachment: merlin-xmldsig-twenty-two.tar.gz
Received on Thursday, 31 January 2002 01:20:53 UTC