[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Signature format and smart cards

To: "'Brian Swander'" <briansw@microsoft.com>
Subject: RE: Signature format and smart cards
From: Greg Carter <greg.carter@entrust.com>
Date: Wed, 8 Jul 1998 09:41:51 -0400
Cc: "'ipsec@tis.com'" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

Hi Brian,

I have successfully tested with two smart cards and have had no problems, a
DataKey SignatureSure and a Chrysalis-ITS Luna Token, both use a PKCS-11
type interface.  As well Tero mentioned others.  

I remember discussing this a while ago, but can't remember whether it was on
the list or in person.  Either way since there was enough smart cards that
did support OIDless encryption it wasn't a problem.

Personally I would rather see a smart card vendor do a driver update than
change the spec at this point.
Bye.
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com


> ----------
> From: 	Brian Swander[SMTP:briansw@microsoft.com]
> Sent: 	Tuesday, July 07, 1998 6:28 PM
> To: 	'ipsec@tis.com'
> Subject: 	Signature format and smart cards
> 
> The IKE signature format demands that the algo OID not be present in the
> signature.  Smart card vendors are not supporting this format, but instead
> doing the standard pkcs1 with the OID.
> 
> It is unlikely that all the vendors will ship using our format, and at the
> same time, IKE needs to be able to use certs from smart cards.
> 
> I propose:
> 
> Set the reserved field of the sig_payload header to 1 to signal standard
> pkcs1 with the OID, 0 otherwise.
> 
> bs 
>

Prev by Date: Signature format and smart cards
Next by Date: RE: simultaneous lifetime type support required?
Prev by thread: Signature format and smart cards
Next by thread: RE: Signature format and smart cards
Index(es):
- Main
- Thread