[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: EKR <ekr@terisa.com>*Subject*: Re: public key algorithm naming*From*: Carl Ellison <cme@Cybercash.COM>*Date*: Tue, 07 Apr 1998 10:46:09 -0400*Cc*: fredette@theory.lcs.mit.edu (Matt Fredette), spki@c2.net*In-Reply-To*: <3ogyelfij.fsf@kmac.terisa.com>*References*: <fredette@theory.lcs.mit.edu's message of "Mon, 6 Apr 1998 18:10:37 -0400 (EDT)"><199804062210.AA02783@magpie.lcs.mit.edu>*Sender*: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE----- At 04:03 PM 4/6/98 -0700, EKR wrote: >fredette@theory.lcs.mit.edu (Matt Fredette) writes: >> > Message-Id: <3.0.3.32.19980314020906.00a55100@cybercash.com> >> In a conversation Carl and I had at IETF, he remarked that he had convinced >> Eric Rescorla that the signature encoding algorithm does need to be part >> of a key's name. Here's the argument: if encoding algorithm could be >> specified on a signature-by-signature basis, I might construct a new, >> not-unreasonable encoding algorithm that, with certs of my choosing, lets >> me reuse your RSA-PKCS1 signatures as signatures using my marvelous new >> encoding. >Matt, I'm having a really hard time reading your message to see >what it is you currently believe. Is the above text a quote or >your current position? > >In any case, I do NOT agree that the signature encoding algorithm >needs to be part of a key's name. PKCS-1 itself prevents the >substitution attack, as I believe I indicated at IETF. Eric, Matt's wording was a little muddled here. PKCS-1 *is* the encoding algorithm he was talking about. What you and I agreed was that the PKCS-1 needs to be specified. If all you specify is "rsa", then I have an unpacking algorithm that can pull the hash of my own construction out of an RSA-PKCS1 block. [...] >There's another quibble I have with all of this: PKCS-1 is both >a message padding AND a format for RSA key encoding. But PKIX does >NOT use the PKCS-1 RSA key encoding. Consequently, having a >key tagged as rsa-pkcs1 seems kind of confusing. Are you suggesting we should write and name our own packing algorithm? What does PKIX call its algorithm? - Carl -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5.3 iQCVAwUBNSo8MBN3Wx8QwqUtAQEEeQP+KYZKA2r200Ip2weK2wR3LMIZtJ9Rhrg1 yhi0nJ+RZKMe2/IZx5CuOTR9aAbqvFHdT6EO0i9sht879QvFTkx8k/RCoqx04Jst i6R72G6+zdhlrwoLaEU3Qbz3CNySWgp+hSiYXff/gk6i1Vx+kUhMYosZYbnVingg VwCpvYHygkk= =eHU6 -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +------------------------------------------------------------------+

**Re: public key algorithm naming***From*: fredette@theory.lcs.mit.edu (Matt Fredette)**Re: public key algorithm naming***From*: EKR <ekr@terisa.com>

- Prev by Date:
**Re: public key algorithm naming** - Next by Date:
**Re: public key algorithm naming** - Prev by thread:
**Re: public key algorithm naming** - Next by thread:
**Re: public key algorithm naming** - Index(es):