[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Photuris & signatures




1.
  I really appreciate Hugo's providing more detailed explanation of
his concerns.  His latest efforts have been much more easily
understood by me, at least.  However, I'm inclined to say that the
problem he sees with signatures is more of a "specification clarity"
issue than a "fundamental flaw" in the protocol.

2.
  I think that David Wagner, Bill Sommerfeld, & Ron Rivest have all
been extremely helpful here by providing proposed clarifying text.  I
like the language each has proposed.  Because it includes a bit more
rationale for the benefit of those not familiar with the cryptographic
issues, perhaps the Rivest language should be added to the spec in
an appropriate place.  IMHO, Bill's more general rewording of those
3 clarification proposals is not sufficient because it is too
generic and isn't blunt enough for lay people who aren't familiar with
the issues.  I would be greatly obliged if Bill would also take
the Rivest language (verbatim) into the draft in an appropriate place.

  I also believe that the following clarifying sentence should be
added at the very end of Section 1.0 (end of the paragraph just before
the start of Section 1.1):
	"Not all digital signature algorithms are suitable for use
	with Photuris.  This is discussed further in Section [which cite]
	of this document."

[which cite] == whichever section the Rivest language is added into.


3.
  I think it would also be helpful if a definition of "Signature" or
"Digital Signature" would be added to Section 1.1.  This definition
should NOT be a highly technical cryptographer's definition.  Instead
the definition should be one readable and understandable by network
protocol implementers (since that is the intended audience of this
document).

4.
  It is true that the theoretical cryptography community and the
computer networking community do not share the same meaning for the
term "protocol".  The former uses "protocol" in a way that the latter
would generally use "algorithm".  Neither group is wrong, but perhaps
it is helpful to remind folks of this.  I don't find flames on this
matter to be constructive.  We all need to try to cooperate and work
together here. :-)

  I'm still behind (due to other real work) in my study of the drafts
(SKIP and Photuris) and also on the mailing list, but I'm trying to
catch up soon. :-)

Regards,

Ran
rja@cs.nrl.navy.mil