[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Marc Branchaud <marcnarc@xcert.com>*Subject*: Re: public key algorithm naming*From*: EKR <ekr@terisa.com>*Date*: 07 Apr 1998 11:43:26 -0700*Cc*: spki@c2.net*In-Reply-To*: Marc Branchaud's message of "Tue, 07 Apr 1998 10:17:49 -0700"*References*: <199804071717.KAA13422@crack.x509.com>*Sender*: owner-spki@c2.net

Marc Branchaud <marcnarc@xcert.com> writes: > -----BEGIN PGP SIGNED MESSAGE----- > > Content-Type: text/plain; charset=us-ascii > > > EKR <ekr@terisa.com> scrawled: > > > > There's another quibble I have with all of this: PKCS-1 is both > > a message padding AND a format for RSA key encoding. But PKIX does > > NOT use the PKCS-1 RSA key encoding. Consequently, having a > > key tagged as rsa-pkcs1 seems kind of confusing. > > > > I don't understand your point here. PKIX Part 1, section 7.2.1 (RSA > Signature Algorithm) clearly says to use PKCS1 -- the algorithm IDs it > specifies for RSA signatures are PKCS IDs. I'll admit that the same section > contains a description of a signature algorithm that is _not_ PKCS1, but I > suspect that's more an editing oversight than an intended deviation. You're right. This is a thinko. I meant to say 'SPKI' here. PKIX, of course, does use PKCS-1 everywhere that it's appropriate. SPKI, however, uses it's own format for representing RSA keys. > Anyway, for the record, I think it's better to just use rsa-pkcs1 and > dsa-sha1 (couldn't that just be "dss"?), but here's a little caveat: PKCS1 > doesn't specifically talk about SHA1. In fact, for RSA-with-SHA1, PKIX uses > a non-PKCS algorithm ID (instead it's one from the OSI Interoperability > Workshop). There's no reason I can see that SHA1 can't be used in the PKCS1 > style just like MD* are, and I'm 99.9% sure that's how its done in practice, > but it's not actually specified in PKCS1. There is a pkcs-1 with SHA OID out there somewhere. -Ekr -- [Eric Rescorla Terisa Systems, Inc.] "Put it in the top slot."

**Re: public key algorithm naming***From*: Marc Branchaud <marcnarc@xcert.com>

- Prev by Date:
**Re: public key algorithm naming** - Next by Date:
**Re: public key algorithm naming** - Prev by thread:
**Re: public key algorithm naming** - Next by thread:
**Re: public key algorithm naming** - Index(es):