[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bugs in the BNF?


At 08:28 AM 8/28/97 GMT, William Allen Simpson wrote:
>Any kind of certificate without a signature doesn't make any sense.

Of course a cert without a signature doesn't make sense.  It does make 
sense, however, to build and hash a cert body as one operation and to form a 
signature from that hash as a second, independent operation.  Among other 
things, you might have a signature blinding operation in the middle.

>> > The <sequence> is a set of signatures (and other cruft) on a single
>> > certificate.
>> Nope. It may contain any number of certificates, preferably forming a
>> chain.
>>    <sequence>:: "(" "sequence" <seq-ent>* ")" ;
>>    <seq-ent>:: <cert> | <pub-key> | <signature> | <op> ;
>Another bug in the BNF.  Note that a sequence can somehow form a list of
>signatures and ops without any keys or certs.  I'll propose a
>replacement later today.
>Please don't blame me for bugs in someone else's draft.

Pardon me, but these aren't bugs.  They are intentional.  The fact that a 
cert doesn't become a 5-tuple without a valid signature shouldn't show up in 
the BNF.  That's a part of the logic of the verification code.  Perhaps I 
need to spell that out more clearly in that section, but it doesn't belong 
in the BNF.  The same applies to the other operations in a (sequence...).
That is, you have to have all the public keys which certs refer to only
by hash and you have to have a full chain of certs which reduce properly.
If you think of a (sequence...) as a program, it's possible to write
incorrect programs.  I can't imagine how to write the BNF for a language
which can produce only correct programs.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |