>From Mike O.: I asked Russ about the history of the duplicate signatureAlgorithm in X.509. The answer is that in like 1984 -- before PKCS#1 was invented, before hash-then-sign was invented -- there was concern that some future algorithms might sign by encrypting the TBSCertificate, and so you would need to know the signatureAlgorithm in order to decrypt the TBSCertificate. So the unprotected copy was put there literally as a hint for how to parse the signature value in cases where the contents of the TBSCertificate.signatureAlg is opaque.
So, yeah, it's 100% an artifact of evolution. Please get rid of it in C509. -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
_______________________________________________ COSE mailing list COSE@ietf.org https://www.ietf.org/mailman/listinfo/cose
