[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2-07 Comment on Signature Usage
IKEv2-07 says:
Optionally, messages 3 and 4 MAY include a certificate, or
certificate chain providing evidence that the key used to compute a
digital signature belongs to the name in the ID payload. The
signature or MAC will be computed using algorithms dictated by the
type of key used by the signer, an RSA-signed PKCS1-padded-hash for
an RSA digital signature, a DSS-signed SHA1-hash for a DSA digital
...
Unfortunately, this does not really work. Consider a certificate with an
RSA public key. The subject public key info contains the rsaEncryption
algorithm identifier. This public key can be used to validate signatures
generated with PKCS #1 version 1.5 or PSS. And, each of these signature
algorithms can be used with many different one-way hash functions.
A signature value needs to be coupled with an algorithm identifier.
Russ