[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Names of algorithms
Relative to Carl's questions (below):
* We did talk about an "output format" portion of the name as well, but
after some reflection, I decided that we probably don't need that. The
public key algorithm can specify its output as a byte string, or as an
order list of byte strings, and that should be enough. We can add
a fourth parameter later for output format if necessary.
* I think what I am talking about is what you call the public-key block,
which is what the old SDSI principal has become. It specifies the
algorithm names, as well as the parameters it needs. Perhaps I should
have called the note something else, since there is ambiguity between
a specific algorithm (with all keys and other parameters specified) and
an algorithmic scheme (with parameters yet to be filled in).
The format you suggest below of e.g.
(public-key (alg rsa sha-1 pkcs1 string) (e &03) (n &020f))
doesn't work well for me, since the parameters at the end are really
subordinate to the algorithms (the n and e should be nestled under the
rsa). I'm not sure we really have a need for a bare "algorithm name",
(or algorithm scheme) although we could get something like that by
omitting the parameters, as noted above:
(public-key (sha1) (pkcs1) (rsa))
To get the full public-key you then stuff the parameters in under the
algorithms that need those parameters:
(public-key (sha1) (pkcs1) (rsa (n &15)(e &03)))
Without this proper subordination, you can have troubles if two different
algorithms (e.g. hash and signature algorithm) have parameters with the
same name.
Ron Rivest
==============================================================================
Ron,
I think this message departs from our conversation on the phone today.
The structure you called an algorithm name is actually a public key
block. The algorithm name, I thought, would be something like:
(alg <PK-alg-name> <hash-alg> <input-format-alg> <output-format-alg>)
e.g. (alg rsa sha-1 pkcs1 string)
where "string" is an output format that means "do nothing".
By this (as I remember our discussion), a public key block might be:
(public-key (alg rsa sha-1 pkcs1 string) (e &03) (n &020f))
I like the format you give for its slight brevity, but I don't think
we should call it an algorithm name when it is a full public key
description. It also misses the output format algorithm name.
- Carl
At 06:19 PM 4/1/97 EST, you wrote:
>The proposed format for the name of a signature (verification) algorithm is:
> ( <key-type>
> <hash-alg>
> <data-format-alg>
> <signature-alg>
> )
>
>An example of such an algorithm name is
> ( public-key
> ( md5 )
> ( pkcs1 )
> ( rsa ( n &7823fca14457 ) ( e &03 ) )
> )
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups: