>> >> B, more efficiently, on the sender side, as you said, the input of >> >> RSA signature should be a checksum with all 0, and after signature >> >> attached, the checksim is computed over the whole packet. However, >> >> this makes the signature over checksum totally meaningless. >> >> Alternatively, we may take checksum bits out from the RSA >> signature input. >> >> Performing the signature over the given layout with the null >> checksum prevents useless copies: you zero the field, pass >> the whole buffer to your signature function w/o the need to >> copy things to create a different layout. But I guess this >> does not matter anymore. > > Agree. If this is the initial design, it should be more efficient. However, > if we need to follow what is already in current specification, try to keep > consistent and compliant, don't break the existing implementations, then A > is the only choice.
sadly, yes. _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
