[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SIGNATURE in spki-960705.txt

At , Richard.Ankney@fisc.com wrote:
>Why not have the signature algorithm ID indicate the padding, e.g. RSA-PKCS-1
>vs. RSA-ISO-9796?  The hash algorithm could be included as well, e.g.

Hi Rich.

I was trying to avoid product sets.  If all 3 of those choices are encoded
in a single alg ID then each application will need a table mapping from a
single ID to the three components beccause the app needs them individually,
not together.  If one of the three is custom, then the app developer would
need to invent a new custom label for the composite and the user of that
label (in ASCII) would have to parse it to get the components.  The extra 2
bytes from sending the info already spread out seemed a good trade-off in
favor of the developer.

Mostly I was trying to avoid constructs like RSA-SHA1-PKCS1, having had
experience of thumbing through the BSAFE manual looking for the algorithm-id
I wanted.  With a description for each, there were too many to fit on one
page and therefore I couldn't see all the choices at a glance.  IMHO, BSAFE
really screwed up in that design decision.  The relevant choices are
inherently separate and could be communicated separately, saving effort for
both the user and the library.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |