One thing we found very useful in XKMS was to have a set of examples
that showed the complete signature generation process, complete with
private key values and intermediate result values (SHA hash etc.).
These helped a great deal during interoperability testing and also
helped get convergence on the document text as inplementers could
immediately see where there was ambiguity.
-----Original Message-----
From: owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of
Michael Thomas
Sent: Monday, August 01, 2005 11:53 AM
To: Florian Weimer
Cc: EKR; ietf-mailsig(_at_)imc(_dot_)org
Subject: Re: Comments on draft-allman-dkim-base-00.txt
Florian Weimer wrote:
Also, "RSA" isn't a single function because of the padding
issue. You
need to specify PKCS#1 something or other. There's a
normative ref to
RFC 3447 but nothing in the text.
By the way, dk-milter invokes OpenSSL with
RSA_PKCS1_PADDING (whatever
that is). If a different algorithm is used, it shouldn't be called
"rsa-sha1", I guess.
(The description in the draft looks very much like unpadded
hashed RSA
signatures, which have already been broken for this sort of
application.)
Right -- I agree with EKR on this one: we should just
reference the algorithm and not try to explain it. We were
trying to get this ironed out before the draft deadline but
ran out of time.
And yes, we use RSA_PKCS1_PADDING.
Mike