On Monday, July 28, 1997 2:55 PM, Ned Freed
So I gather from your approach, you'd be OK with simple micalg
parameters like SHA-1 and MD5.
Sure would. Frankly, I think we botched it when we assigned pgp-md5. While
it is true that PGP adds stuff to the signature calculation besides the
signed data, I think a better course of action would have been to simply
note that this is in fact the case, that the signature state should
be passed to the signature verifier without being finalized, and we should
have stuck with md5 (or sha-1 or whatever digests PGP is now using).
Man, this is exactly the answer that I've been fishing for *forever*
about micalg! I would absolutely *love* to get this right! It is
completely arbitrary to the sender, but if the receiver can get more
useful information about how to process the message based on the value
of micalg, then we should fix it! If the trend is that people are
implementing some kind of table-based mapping between "micalgs that are
different just for the sake of being different" and the actual digest
algorithm that is being used, then we should try and keep down the
number of entries if there's no good reason to differentiate.
Forget my previous proposal about pkcs7-md5 and pkcs7-sha1 -- use "md5"
(I'm easy to make happy.)