[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bugs in the BNF?
-----BEGIN PGP SIGNED MESSAGE-----
At 08:28 AM 8/28/97 GMT, William Allen Simpson wrote:
>Any kind of certificate without a signature doesn't make any sense.
Of course a cert without a signature doesn't make sense. It does make
sense, however, to build and hash a cert body as one operation and to form a
signature from that hash as a second, independent operation. Among other
things, you might have a signature blinding operation in the middle.
>> > The <sequence> is a set of signatures (and other cruft) on a single
>> > certificate.
>>
>> Nope. It may contain any number of certificates, preferably forming a
>> chain.
>>
>> <sequence>:: "(" "sequence" <seq-ent>* ")" ;
>> <seq-ent>:: <cert> | <pub-key> | <signature> | <op> ;
>>
>Another bug in the BNF. Note that a sequence can somehow form a list of
>signatures and ops without any keys or certs. I'll propose a
>replacement later today.
>
>Please don't blame me for bugs in someone else's draft.
Pardon me, but these aren't bugs. They are intentional. The fact that a
cert doesn't become a 5-tuple without a valid signature shouldn't show up in
the BNF. That's a part of the logic of the verification code. Perhaps I
need to spell that out more clearly in that section, but it doesn't belong
in the BNF. The same applies to the other operations in a (sequence...).
That is, you have to have all the public keys which certs refer to only
by hash and you have to have a full chain of certs which reduce properly.
If you think of a (sequence...) as a program, it's possible to write
incorrect programs. I can't imagine how to write the BNF for a language
which can produce only correct programs.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBNAZZYVQXJENzYr45AQElagP6Aj3y7Wkv1Sl1pTD0XJIzRyh6daiZrF54
jAJMlykhAvxme1W/u14QJaMQi59JivjUrjiMo+MBKB4GSCKwnthTBafSXQ4DupLL
RSpEz3zgjhC0skpcmj4lqQ2SaQP1KkhDp95kZKAUuvKkObOmBjVEj3r0g5Rwo6zn
mdSV+Z08F8A=
=QDeU
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: