[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: possible bug in examples [and archive?]


At 05:54 PM 4/16/98 -0400, Jeremy Hylton wrote:
>I am working on an implementation of SPKI and have run into trouble
>with the fifth example in draft-ietf-spki-cert-examples-01.txt.
>I can't verify the signature in the full sequence auto-certificate.
>I don't want to rule out a coding error on my part, but I could verify 
>the signature in the example included in the previous version of the
>examples draft.  (I'm using RSAREF 2.0 to verify.)

I believe that one example was one I made with Matt's original code, that 
had a bug in signature formation.  I will replace it with one made by my code.

>I also wanted to note that the structures-05 draft seems to
>underspecify the signature object.  Without the examples, I'm not sure 
>that I would have implemented it correctly.

Thanks for that catch.  I will repair it.

>>3.8.3 <signature>
>>   <signature>:: "(" "signature" <hash> <principal> <sig-val> ")" ;
>>   A signature object is typically used for a certificate body and
>>   typically follows that <cert> object in a <sequence>.  One can also
>>   sign objects other than certificate bodies, of course.  For example,
>>   one can form the signature of a file.
>The hash component isn't mentioned at all in the text and it didn't
>strike me as immediately obvious that <hash> is the hash of the
>canonical encoding of the <cert> object.  After looking at the
>examples document, it seemed clear.
>In general, the structures-05 draft has very terse descriptions of the
>objects.  In many cases, parts are given in the BNF and never
>mentioned in the text.  It makes the draft much more difficult to read
>as an implementation guide.  (Perhaps this is intentional?)

Welcome to the see-saw.  I'm bounced between those who want a short, terse 
document and those who want wordy explanations.  I tend to write for the 
latter camp, but appear to have gone overboard in the other direction in 

>Finally, I couldn't find a link to an archive for this list from the
>IETF web pages.  Does such an archive exist?  I put the majordomo
>archive files into a Hypermail archive for my own use; if there is a
>need, I could make them available via HTTP.

Perry?  I am not involved with the list management.  I have my own archive, 
in case we need to build one from list member private stock, but mine isn't 

 - Carl

Version: PGP for Personal Privacy 5.5.3


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |