Hello
Another question.
RFC 7935 states the following:
3.1. Public Key Format
(...)
algorithm (which is an AlgorithmIdentifier type):
The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
used in the algorithm field, as specified in Section 5 of
[RFC4055]. The value for the associated parameters from that
clause MUST also be used for the parameters field.
I've never seen a certificate that declares sha256WithRSAEncryption ({
pkcs-1 11 }) as its public key algorithm. Every certificate I've come
across labels its algorithm as rsaEncryption ({ pkcs-1 1 }).
(Certificates always define the signature algorithm as
sha256WithRSAEncryption, but that's a different field.)
Is everyone doing it wrong, or am I missing something?
I'm aware that this is likely a triviality--rsaEncryption and
sha256WithRSAEncryption probably mean the same in this context.
There's also a thread in this list in which people seem to have
experienced headaches over this topic. But the thread is talking about
CMS signed objects (which I believe is different from certificates),
and happened before 7935 was released, so it feels like the RFC should
mandate something consistent with reality by now.
Thanks for any pointers.
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
