[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: spki@c2.net*Subject*: Names of algorithms*From*: rivest@theory.lcs.mit.edu (Ron Rivest)*Date*: Wed, 02 Apr 97 00:33:19 EST*Cc*: blampson@microsoft.com, burt@rsa.com*Sender*: owner-spki@c2.net

Relative to Carl's questions (below): * We did talk about an "output format" portion of the name as well, but after some reflection, I decided that we probably don't need that. The public key algorithm can specify its output as a byte string, or as an order list of byte strings, and that should be enough. We can add a fourth parameter later for output format if necessary. * I think what I am talking about is what you call the public-key block, which is what the old SDSI principal has become. It specifies the algorithm names, as well as the parameters it needs. Perhaps I should have called the note something else, since there is ambiguity between a specific algorithm (with all keys and other parameters specified) and an algorithmic scheme (with parameters yet to be filled in). The format you suggest below of e.g. (public-key (alg rsa sha-1 pkcs1 string) (e &03) (n &020f)) doesn't work well for me, since the parameters at the end are really subordinate to the algorithms (the n and e should be nestled under the rsa). I'm not sure we really have a need for a bare "algorithm name", (or algorithm scheme) although we could get something like that by omitting the parameters, as noted above: (public-key (sha1) (pkcs1) (rsa)) To get the full public-key you then stuff the parameters in under the algorithms that need those parameters: (public-key (sha1) (pkcs1) (rsa (n &15)(e &03))) Without this proper subordination, you can have troubles if two different algorithms (e.g. hash and signature algorithm) have parameters with the same name. Ron Rivest ============================================================================== Ron, I think this message departs from our conversation on the phone today. The structure you called an algorithm name is actually a public key block. The algorithm name, I thought, would be something like: (alg <PK-alg-name> <hash-alg> <input-format-alg> <output-format-alg>) e.g. (alg rsa sha-1 pkcs1 string) where "string" is an output format that means "do nothing". By this (as I remember our discussion), a public key block might be: (public-key (alg rsa sha-1 pkcs1 string) (e &03) (n &020f)) I like the format you give for its slight brevity, but I don't think we should call it an algorithm name when it is a full public key description. It also misses the output format algorithm name. - Carl At 06:19 PM 4/1/97 EST, you wrote: >The proposed format for the name of a signature (verification) algorithm is: > ( <key-type> > <hash-alg> > <data-format-alg> > <signature-alg> > ) > >An example of such an algorithm name is > ( public-key > ( md5 ) > ( pkcs1 ) > ( rsa ( n &7823fca14457 ) ( e &03 ) ) > ) +------------------------------------------------------------------+ |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +------------------------------------------------------------------+

**Re: Names of algorithms***From*: Carl Ellison <cme@cybercash.com>

- Prev by Date:
**Re: Light-weight certificate revocation lists ?** - Next by Date:
**Light-weight certificate revocation lists ?** - Prev by thread:
**Re: Names of algorithms** - Next by thread:
**Re: Names of algorithms** - Index(es):