[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comments on DSS Certificate RFC
I have a few comments on the draft:
1. What is the representation of the actual subjectPublicKey? Given
the use of the DoD algorithm identifier, I assume it's the one from
the Mosaic documentation, ie. version number + type + privileges +
the actual key. All that's needed for commercial use is the actual
key. If you're only conveying the actual key, you can't very well
use the DoD identifier, since it implies a different structure.
I suggest using the representation in ANSI X9.57, which is just
an INTEGER. OIDs are:
algorithm OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) oiw(14) secsig(3)
algorithm(2) }
dsa OBJECT IDENTIFIER ::= { algorithm 12 }
dsaWithSHA-1 OBJECT IDENTIFIER ::= { algorithm 27 }
2. All of the parameters and signature fields are conveyed as OCTET
STRINGs. Are these big-endian integers? If so they could be
conveyed as ASN.1 INTEGERs per X9.57; this only changes the tags,
not the actual data within the fields. X9.57 uses the following:
DSAParameters ::= SEQUENCE {
modulusLength INTEGER, -- length of p in bits
prime1 INTEGER, -- modulus p
prime2 INTEGER, -- modulus q
base INTEGER } -- base g
DSASignature ::= SEQUENCE {
r INTEGER,
s INTEGER }
Regards,
Rich