On Mon, Aug 12, 2002 at 10:55:27AM -0700, Len Sassaman wrote:
On Mon, 12 Aug 2002, Werner Koch wrote:
I see no more problem with the draft. How lets try again to kick off
the the interop tests.
I think that it would be nice to have the NAI X.509 packets documented.
Having quasi-offical data formats that implimentors need to deal with, but
are not documented, sounds like a bad idea to me. (Though, if it belongs
in a seperate Internet Draft, I have no problem with that. But there
should be some place to go other than the PGP source for this
information.)
Speaking about the X.509 signatures, I wonder if they are strictly
compliant with this draft. 2440bis seems to say that v4 signatures
require (MUST) an issuer subpacket and a timestamp subpacket, and that
those subpackets are both hashed (as per the "two or more" language in
section 5.2.3, and section 5.2.4.1. Subpacket Hints). The X.509 sigs
don't have an issuer subpacket at all. If this reading is incorrect,
it may be good to clarify things a bit. I suppose it could be argued
that since the X.509 sigs are made with an experimental public key
algorithm (100), the signature format does not necessarily follow.
Come to think, both PGP and GnuPG create v4 signatures with a hashed
timestamp, and an unhashed issuer. Are they compliant? ;)
David
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson