[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signature format and smart cards
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Brian" == Brian Swander <briansw@microsoft.com> writes:
Brian> It is unlikely that all the vendors will ship using our format,
Brian> and at the same time, IKE needs to be able to use certs from smart
Brian> cards.
Brian> I propose:
Brian> Set the reserved field of the sig_payload header to 1 to signal
Brian> standard pkcs1 with the OID, 0 otherwise.
That is a silly thing to do.
It doesn't nothing to help interopability, nor signals to people who
haven't implemented this "hack" why the signatures fail.
Instead, you need to define a new signature format, as if it were
a totally different format. From isakmp-oakley-08:
- Authentication Method
pre-shared key 1
DSS signatures 2
RSA signatures 3
Encryption with RSA 4
Revised encryption with RSA 5
RSA signatures with OID 6 <--add
values 6-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties.
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson | SSH IPsec: http://www.ssh.fi/. Secure, strong, international
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNaKmWtiXVu0RiA21AQG7nwL/TIclOU31I3CVIZG8nonN01TzGj7D6LJz
BE9roolxmgZMsh1YGm4QyQhZP9ft7xXGmqe2N7jsH9DvodGWCiKdIH/+dT8R1L4g
k377FEmqvdJ9ndvnBW3c2wFXQ94kNpbw
=9sxX
-----END PGP SIGNATURE-----
References: