[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Names of algorithms

To: spki@c2.net
Subject: Names of algorithms
From: rivest@theory.lcs.mit.edu (Ron Rivest)
Date: Wed, 02 Apr 97 00:33:19 EST
Cc: blampson@microsoft.com, burt@rsa.com
Sender: owner-spki@c2.net

Relative to Carl's questions (below):

* We did talk about an "output format" portion of the name as well, but
  after some reflection, I decided that we probably don't need that.  The
  public key algorithm can specify its output as a byte string, or as an
  order list of byte strings, and that should be enough.  We can add
  a fourth parameter later for output format if necessary.

* I think what I am talking about is what you call the public-key block,
  which is what the old SDSI principal has become.  It specifies the 
  algorithm names, as well as the parameters it needs.  Perhaps I should
  have called the note something else, since there is ambiguity between
  a specific algorithm (with all keys and other parameters specified) and
  an algorithmic scheme (with parameters yet to be filled in).  

  The format you suggest below of e.g.
	(public-key (alg rsa sha-1 pkcs1 string) (e &03) (n &020f))
  doesn't work well for me, since the parameters at the end are really
  subordinate to the algorithms (the n and e should be nestled under the
  rsa).  I'm not sure we really have a need for a bare "algorithm name",
  (or algorithm scheme) although we could get something like that by 
  omitting the parameters, as noted above:
	(public-key (sha1) (pkcs1) (rsa))
  To get the full public-key you then stuff the parameters in under the
  algorithms that need those parameters:
	(public-key (sha1) (pkcs1) (rsa (n &15)(e &03)))
  Without this proper subordination, you can have troubles if two different
  algorithms (e.g. hash and signature algorithm) have parameters with the
  same name.

Ron Rivest

==============================================================================
Ron,

I think this message departs from our conversation on the phone today.
The structure you called an algorithm name is actually a public key
block.  The algorithm name, I thought, would be something like:

(alg <PK-alg-name> <hash-alg> <input-format-alg> <output-format-alg>)

e.g. (alg rsa sha-1 pkcs1 string)

where "string" is an output format that means "do nothing".

By this (as I remember our discussion), a public key block might be:

(public-key (alg rsa sha-1 pkcs1 string) (e &03) (n &020f))

I like the format you give for its slight brevity, but I don't think
we should call it an algorithm name when it is a full public key
description.  It also misses the output format algorithm name.

 - Carl

At 06:19 PM 4/1/97 EST, you wrote:
>The proposed format for the name of a signature (verification) algorithm is:
>	( <key-type> 
>          <hash-alg> 
>          <data-format-alg> 
>          <signature-alg> 
>	)
>
>An example of such an algorithm name is
>	( public-key
>	  ( md5 )
>	  ( pkcs1 )
>	  ( rsa ( n &7823fca14457 ) ( e &03 ) )
>        )

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: Names of algorithms

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: Light-weight certificate revocation lists ?
Next by Date: Light-weight certificate revocation lists ?
Prev by thread: Re: Names of algorithms
Next by thread: Re: Names of algorithms
Index(es):
- Main
- Thread