[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on DSS Certificate RFC

To: jkennedy@cylink.com, johnmarc@cylink.com
Subject: Comments on DSS Certificate RFC
From: Richard.Ankney@fisc.com
Date: Sunday, 25 February 1996 11:19am ET
Cc: lovornj@dyniet.com, ipsec@ans.net
Sender: ipsec-request@neptune.tis.com

I have a few comments on the draft:

1.  What is the representation of the actual subjectPublicKey? Given
    the use of the DoD algorithm identifier, I assume it's the one from
    the Mosaic documentation, ie. version number + type + privileges +
    the actual key.  All that's needed for commercial use is the actual
    key.  If you're only conveying the actual key, you can't very well
    use the DoD identifier, since it implies a different structure.
    I suggest using the representation in ANSI X9.57, which is just
    an INTEGER.  OIDs are:

    algorithm OBJECT IDENTIFIER ::=
       { iso(1) identified-organization(3) oiw(14) secsig(3)
      algorithm(2) }
    dsa OBJECT IDENTIFIER ::= { algorithm 12 }
    dsaWithSHA-1 OBJECT IDENTIFIER ::= { algorithm 27 }


2.  All of the parameters and signature fields are conveyed as OCTET
    STRINGs.  Are these big-endian integers?  If so they could be
    conveyed as ASN.1 INTEGERs per X9.57; this only changes the tags,
    not the actual data within the fields.  X9.57 uses the following:

         DSAParameters ::= SEQUENCE {
             modulusLength     INTEGER,     -- length of p in bits
             prime1            INTEGER,     -- modulus p
             prime2            INTEGER,     -- modulus q
      base        INTEGER }    -- base g

 DSASignature ::= SEQUENCE {
     r  INTEGER,
     s  INTEGER }


Regards,
Rich

Prev by Date: Re: technical clarification request to RFC-1828.
Next by Date: reserved SAID values
Prev by thread: Re: technical clarification request to RFC-1828.
Next by thread: reserved SAID values
Index(es):
- Main
- Thread