[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Canonical encoding for hash values

To: spki@c2.org
Subject: Canonical encoding for hash values
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Thu, 02 May 96 13:55:13 EDT
Cc: blampson@microsoft.com
Sender: owner-spki@c2.org


A concern was raised that one-pass hashing should be very easy to do,
and that the proposed SDSI canonical form might make this difficult,
because the length precedes the data in the verbatim encoding.

This is easy to fix, if it is really an issue.  Two approches come to mind:
	(1) Use the hex format for octet strings in canonical encodings,
            since it doesn't have a length field.
        (2) Break verbatim strings up into fragments of at most 4096 bytes
            each.  SDSI has a mechanism for fragmentation: follow each
            fragment but the last with a minus sign.
                     a- b- c   is the same as    abc
            For this purpose, every fragment but the last should have length
            exactly 4096 bytes.

I prefer the second alternative, since it is more compact.

	Cheers,
	Ron

Prev by Date: Re: Delegation in SDSI
Next by Date: SDSI DNS namespace
Prev by thread: Australian Public Key Infrastructure
Next by thread: Re: [raph@cs.berkeley.edu: Re: SDSI syntax]
Index(es):
- Main
- Thread