-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/05/2011 06:43 PM, Eric Rescorla wrote:
> On Fri, Aug 5, 2011 at 7:42 AM, Leif Johansson <[email protected]> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>>> Just doing the math yourself, from scratch, is pretty easy if you have the
>>>> bare key. It's nigh-on trivial if you have a bigint library. Solution:
>>>> don't use OpenSSL. I propose we don't get bogged down in the certificate
>>>> problem for the moment.
>>>
>>> Cryptographer's warning: do not do this. Hard hat area ahead.
>>>
>>
>> That is advice for implementors and not for spec writers, right?
>
> Correct. Getting the implementation right is tricky.
So in that case I still support having the spec explain (very carefully)
how you do "raw keys" - i.e keys with no intrinsic semantics - and then
also adding the cryptographers caveat to that.
Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk49KNAACgkQ8Jx8FtbMZnegGwCePWbm6onumygWk92zBNI2Kbhf
ecMAn16qCkD9uC+YpiyxpMKOT7oI0+4m
=ICmK
-----END PGP SIGNATURE-----
_______________________________________________
woes mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/woes
