[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: public key algorithm naming
> At 10:49 AM 4/8/98 -0400, Matt Fredette wrote:
> >So, if the DSA <sig-val> is an S-expression, then, that S-expression ought
> >to be typed, in the spirit of language. Something like:
> >
> >(dsa-sig (r |123abc==|) (s |456def==|))
> >
> >But if we're doing things that way for DSA, how about always making
> ><sig-val> a typed S-expression? For RSA, I'm thinking:
> >
> >(rsa-sig |789f0e==|)
> >
> >These types, "dsa-sig" and "rsa-sig" don't have to repeat any of the
> >encoding or hash names, since we've already seen that they are elsewhere.
> >They really just serve to type the values of a signature in that
> cryptosystem,
> >which is (strongly in RSA, not-so-strongly in DSA) independent of the
> >encoding and hash used.
>
> I'll have to remain ambivalent on this suggestion until I see what it does
> to the code. Does any other implementor have an opinion on this?
>
> - Carl
To follow up, we've been going over this a little here at MIT, and what
we settled on is actually to have the <sig-val> type be exactly the
algorithm name as it appears on the verification key. In other words,
in structure-06 we'd like to see:
<sig-val>:: "(" <pub-sig-alg-id> <s-part>* ")" ;
Examples:
(rsa-pkcs1-md5 |123abc==|)
(rsa-pkcs1 |456ab2==|)
(dsa-sha1 (r |def456==|) (s |1687a9==|))
Some might complain about using a <pub-sig-alg-id> to type different things -
public-key parameters or signature values - in different places, but we
believe that it's enough to say that the outer, wrapping "public-key"
or "signature" type also serves to qualify what follows the <pub-sig-alg-id>.
The code I released yesterday will generate and parse signatures with
values of this form if SDSI2_FEATURE_STRUCTURE6_SIGS is defined in sdsi2.h.in
before building.
Matt
--
Matt Fredette
fredette@bbnplanet.com, fredette@mit.edu, fredette@theory.lcs.mit.edu
http://mit.edu/fredette/www
"The first time the Rolling Stones played, three people came."