[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: possible bug in examples [and archive?]
-----BEGIN PGP SIGNED MESSAGE-----
At 05:54 PM 4/16/98 -0400, Jeremy Hylton wrote:
>I am working on an implementation of SPKI and have run into trouble
>with the fifth example in draft-ietf-spki-cert-examples-01.txt.
>I can't verify the signature in the full sequence auto-certificate.
>
>I don't want to rule out a coding error on my part, but I could verify
>the signature in the example included in the previous version of the
>examples draft. (I'm using RSAREF 2.0 to verify.)
I believe that one example was one I made with Matt's original code, that
had a bug in signature formation. I will replace it with one made by my code.
>I also wanted to note that the structures-05 draft seems to
>underspecify the signature object. Without the examples, I'm not sure
>that I would have implemented it correctly.
Thanks for that catch. I will repair it.
>>3.8.3 <signature>
>>
>> <signature>:: "(" "signature" <hash> <principal> <sig-val> ")" ;
>>
>> A signature object is typically used for a certificate body and
>> typically follows that <cert> object in a <sequence>. One can also
>> sign objects other than certificate bodies, of course. For example,
>> one can form the signature of a file.
>
>The hash component isn't mentioned at all in the text and it didn't
>strike me as immediately obvious that <hash> is the hash of the
>canonical encoding of the <cert> object. After looking at the
>examples document, it seemed clear.
>
>In general, the structures-05 draft has very terse descriptions of the
>objects. In many cases, parts are given in the BNF and never
>mentioned in the text. It makes the draft much more difficult to read
>as an implementation guide. (Perhaps this is intentional?)
Welcome to the see-saw. I'm bounced between those who want a short, terse
document and those who want wordy explanations. I tend to write for the
latter camp, but appear to have gone overboard in the other direction in
structures-05.
>Finally, I couldn't find a link to an archive for this list from the
>IETF web pages. Does such an archive exist? I put the majordomo
>archive files into a Hypermail archive for my own use; if there is a
>need, I could make them available via HTTP.
Perry? I am not involved with the list management. I have my own archive,
in case we need to build one from list member private stock, but mine isn't
accessible.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
iQCVAwUBNTuR2RN3Wx8QwqUtAQHoqAP+Mou99p6DtTgumMClJmW4ZzP0PC2npduh
74/ydG1v0rufalEoDYR7pR37owOy16++pznvjaENAPoiM7RSavlADRPAZjXKrTQO
YSCZmjS2fz1VparsDueG0jdTJYqxeU2oefFVQ2siaPqWmRxkCahmf8vXZcickdsI
uwKUpLsFHLc=
=TrW2
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+