[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2-07 Comment on Signature Usage



IKEv2-07 says:

    Optionally, messages 3 and 4 MAY include a certificate, or
    certificate chain providing evidence that the key used to compute a
    digital signature belongs to the name in the ID payload. The
    signature or MAC will be computed using algorithms dictated by the
    type of key used by the signer, an RSA-signed PKCS1-padded-hash for
    an RSA digital signature, a DSS-signed SHA1-hash for a DSA digital
    ...

Unfortunately, this does not really work.  Consider a certificate with an 
RSA public key.  The subject public key info contains the rsaEncryption 
algorithm identifier.  This public key can be used to validate signatures 
generated with PKCS #1 version 1.5 or PSS.  And, each of these signature 
algorithms can be used with many different one-way hash functions.

A signature value needs to be coupled with an algorithm identifier.

Russ