| -----Mensaje original----- | De: Tony Cheneau [mailto:[email protected]] | Enviado el: domingo, 21 de marzo de 2010 18:04 | Para: Alberto García | CC: 'Jari Arkko'; [email protected]; [email protected] | Asunto: RE: [CGA-EXT] Review of draft-ietf-csi-proxy-send | | Hello Alberto, | | I agree with your new text.
Thanks, Tony | However, I can not help but think that the PadLen field will be | requiered later on, when other signature algorithms will be used (where | the signature may not encode its own lenght). | I think the WG should have a discussion on re-introducing or justifying | the lack of PadLen field. Because, if you choose not to introduce it in | this spec, there might be two specs to fix later on. It is ok for me to discuss this point, but my opinion is that, in case there is an agreement to use other signature algorithms, changes will be so relevant that at the end this spec would need to be updated, regardless the introduction of a PadLen field. | | Also, I spotted a small typo in the Reserved field: | "A 11-bit field reserved" => "A 16-bit field reserved" Thanks, I correct it in a new version just being issued Regards, alberto | | Regards, | Tony | | On Thu, 4 Mar 2010, Alberto García wrote: | | > Hi | > | > | -----Mensaje original----- | > | De: [email protected] [mailto:[email protected]] En nombre | > de | > | Jari Arkko | > | Enviado el: viernes, 11 de diciembre de 2009 6:37 | > | Para: Tony Cheneau | > | CC: [email protected]; [email protected] | > | Asunto: Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send | > | | > | Tony, | > | | > | > The padding field is exactly defined this way in RFC 3971 (although a | > | > Pad Length field was present on the -04 version of the SEND draft). I | > | > think the draft-ietf-csi-proxy-send-01 document only reuses the format | > | > of the badly defined RSA Signature Option. | > | | > | Ah, OK. | > | | > | > If RFC 3971 was to be updated, I agree that a padding length field | > | > should be defined somewhere in the RSA (or XXX) Signature Option. Was | > | > there a rational behind its removal during the RFC 3971 | > | > standardisation process ? | > | | > | I can't recall. Maybe this is one of the bugs that we need to fix. Or | > | perhaps there is a way to determine the lengths but neither of us can't | > | just see it right now. In any case, it should be clearly specified in | > | 3971bis and the proxy-send drafts. | > | > The length of the Digital Signature can be obtained from parsing the PKCS#1 | > v1.5 signature itself, which is coded in ASN.1 BER. | > Therefore, I have changed in draft-ietf-csi-proxy-send-02 the statement | > saying: | > | > "The length of the | > Digital Signature field is determined by the length of the RSA | > Signature option minus the length of the other fields (including | > the variable length Pad field.) | > | > by | > "The length of the Digital Signature field is determined by the ASN.1 BER | > coding of the PKCS#1 v1.5 signature." | > | > Then, I would still say that | > "The length of the padding field is determined by the length of the Proxy | > Signature Option minus the length of the other fields." | > | > Do you think this is correct? | > | > Regards, | > Alberto | > | > | | > | Jari | > | | > | _______________________________________________ | > | CGA-EXT mailing list | > | [email protected] | > | https://www.ietf.org/mailman/listinfo/cga-ext | > | > _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
