[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Signature format and smart cards

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: Signature format and smart cards
From: Brian Swander <briansw@microsoft.com>
Date: Tue, 7 Jul 1998 15:28:09 -0700
Sender: owner-ipsec@ex.tis.com

The IKE signature format demands that the algo OID not be present in the
signature.  Smart card vendors are not supporting this format, but instead
doing the standard pkcs1 with the OID.

It is unlikely that all the vendors will ship using our format, and at the
same time, IKE needs to be able to use certs from smart cards.

I propose:

Set the reserved field of the sig_payload header to 1 to signal standard
pkcs1 with the OID, 0 otherwise.

bs

Follow-Ups:

Re: Signature format and smart cards

From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

Signature format and smart cards

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: simultaneous lifetime type support required?
Next by Date: Re: Signature format and smart cards
Prev by thread: Re: simultaneous lifetime type support required?
Next by thread: Re: Signature format and smart cards
Index(es):
- Main
- Thread