[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signature format and smart cards
>>>>> "Paul" == Paul Koning <pkoning@xedia.com> writes:
Paul> Why can't this wait?
Paul> I tend to agree with Micheal that hacking up the protocol at this
Paul> late stage is not desirable. Given that there are devices that
Paul> work with the spec as it stands, why the rush?
I want to point out that even if there were a rush, the protocol provides
for extending the number of signature types by using signature ids 65001
to 65535. This can be without need of a vendor id, since a compliant
implementation will simply not accept that proposal. If there are alternate
proposals, then a different will be chosen. If there aren't alternate
proposals, then it will clear that the algorithms just don't match.
(Kivinen, Darren, please confirm for me this interpretation)
I would suggest that you still include a vendor id so that another
implementation can determine which private address space is in use.
RSA signatures (sans OID) are not a MUST in the spec, so if you can't
support them, no big deal.
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson | SSH IPsec: http://www.ssh.fi/. Secure, strong, international
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
References: