[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: <cert> versus <sequence>

To: "William Allen Simpson" <wsimpson@greendragon.com>
Subject: Re: <cert> versus <sequence>
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 29 Aug 1997 01:14:56 -0400
Cc: spki@c2.net
In-Reply-To: <6496.wsimpson@greendragon.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 09:00 AM 8/28/97 GMT, William Allen Simpson wrote:
>( pgpki 6.0i
>  #12345678# |Z5pxCD64YwgS1IY4Rh61oA==|
>  ( assert
>    ( not-after 1970-01-02_03:04:05 )
>    ( user "test pgpki user <user@pgpki.test>" )
>    ( signature #87654321# verbal
>      (dsa-sha1 |Txoz1GxK/uBvJbx3prIhEw==|)
>    )
>  )
>  ( assert
>    ...
>  )
>)

I have a problem with signature on an object as the last element of the 
object.  I rated that as a bug in SDSI 1.0 and corrected in SPKI by 
separating signatures from the bodies they sign.

The problem here is that the object you're signing doesn't exist in this 
structure.

In the first one:

  ( assert
    ( not-after 1970-01-02_03:04:05 )
    ( user "test pgpki user <user@pgpki.test>" )
    ( signature #87654321# verbal
      (dsa-sha1 |Txoz1GxK/uBvJbx3prIhEw==|)
    )
  )

the signed object is

  ( assert
    ( not-after 1970-01-02_03:04:05 )
    ( user "test pgpki user <user@pgpki.test>" )
  )

which is an editing of the original object.  I've been burned too many times 
by having to do processing over the transmitted form in order to get the 
bytes which have to be hashed to form or verify a signature.  I wanted the 
hashed byte string to be transmitted and stored intact, with no editing 
necessary.

Granted, your editing is simple compared to the re-ordering and parsing and
packing involved in PEM's certificate verification, but from that one bad
example I learned that any editing is evil and should be avoided (and can 
be avoided easily since the signer had to put together the relevant byte string
and can just transmit it from then on).

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNAZaz1QXJENzYr45AQE8kAP8Dj5uwfT54ZdVt/E+lpQhknbK+t5rpTp6
KwjaL3LzqI1ALvHkRxpa3PVxWR0m7P87FJ5QCNLphdmn0W1dvcGjeK2Ed6igynma
mcy4lWEVUpFzeJU94k3c3loON9ygKmnzPQdg3XyrPgeuuRT7zX5YfYlRBikDAdOw
1tXxR7nm/7o=
=ahwU
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: <cert> versus <sequence>

From: "William Allen Simpson" <wsimpson@greendragon.com>

Prev by Date: bugs in the BNF?
Next by Date: Re: Drastic SPKI simplifications
Prev by thread: Re: <cert> versus <sequence>
Index(es):
- Main
- Thread