[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SIGNATURE in spki-960705.txt
At , Richard.Ankney@fisc.com wrote:
>Why not have the signature algorithm ID indicate the padding, e.g. RSA-PKCS-1
>vs. RSA-ISO-9796? The hash algorithm could be included as well, e.g.
>RSA-SHA1-PKCS-1.
Hi Rich.
I was trying to avoid product sets. If all 3 of those choices are encoded
in a single alg ID then each application will need a table mapping from a
single ID to the three components beccause the app needs them individually,
not together. If one of the three is custom, then the app developer would
need to invent a new custom label for the composite and the user of that
label (in ASCII) would have to parse it to get the components. The extra 2
bytes from sending the info already spread out seemed a good trade-off in
favor of the developer.
Mostly I was trying to avoid constructs like RSA-SHA1-PKCS1, having had
experience of thumbing through the BSAFE manual looking for the algorithm-id
I wanted. With a description for each, there were too many to fit on one
page and therefore I couldn't see all the choices at a glance. IMHO, BSAFE
really screwed up in that design decision. The relevant choices are
inherently separate and could be communicated separately, saving effort for
both the user and the library.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+--------------------------------------------------------------------------+