ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DigestEncryptionAlgorithmIdentifiers for DSS / DSA (was RE: S/MIME V3 Msg Spec Comments)

1997-11-07 14:56:06
from [John Pawling] [Permanent Link] 
Blake,

IMHO, id-dsa should be used in the DigestEncryptionAlgorithmIdentifier (with
parameters absent) when a DSS signature is included in the SignerInfo.
Recommend that an appendix to S/MIME v3 Message Spec entitled should be
generated which includes all of the details of using the id-dsa OID and
accompanying data structures.  For example, the format of the DSS signature
value should be the ASN.1 encoded data structure as follows:

DSASignature ::= SEQUENCE  {
   r          INTEGER
   s          INTEGER }

This definition is already used with the id-dsa-with-sha1 OID, but we would
need to specify its use in conjunction with id-dsa.  (Note: I would prefer
to use OCTET STRINGs to represent r and s, but there are many
implementations already in existence that use INTEGERs, so we should stick
with that standard.)

================================
John Pawling   
jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.           
================================





At 12:51 PM 11/7/97 -0800, Blake Ramsdell wrote:

On Thursday, November 06, 1997 11:49 AM, jsp(_at_)jgvandyke(_dot_)com
[SMTP:jsp(_at_)jgvandyke(_dot_)com] wrote:

2) Sec 2.2, I am not sure what you mean by "DH/DSS" as the "MUST support"
DigestEncryptionAlgorithmIdentifier.  The PKIX X.509 Certificate and CRL
Profile (aka PKIX I), Section 7.2.2, recommends using the Digital Signature
Algorithm (DSA) OID (and asscoiated ASN.1 syntaxes) defined in the X9.57
specification as follows: id-dsa-with-sha1 ID  ::=  {iso(1) member-body(2)
us(840) x9-57 (10040) x9cm(4) 3 }.  The problem with this OID is that
combines the SHA-1 and DSA into one value.  The X9.57 id-dsa OID {1 2 840
10040 4 1} is intended for use in the X.509 Certificate subjectPublicKeyInfo
algorithmIdentifier field to identify a DSA public key, but I assume that it
could also be used as a DigestEncryptionAlgorithmIdentifier (with parameters
absent).  I recommend using id-dsa with text explaining that the algorithm
parameters will always be absent.


Most errors like this are because of my current ignorance of DSA, DH,
etc. and their OIDs and parameters.  Thanks for finding this.

So logically, what should appear in the
DigestEncryptionAlgorithmIdentifier?  Is it the DSA OID?  It should
*not* be the signature algorithm identifier (id-dsa-with-sha1).  I
personally agree that it should be id-dsa as you pointed out, since
rsaEncryption is used in a certificate to identify an RSA public key.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DH keypair generation (was RE: S/MIME V3 Msg Spec Comments), John Pawling
Next by Date:  RE: DH keypair generation (was RE: S/MIME V3 Msg Spec Comments), Blake Ramsdell
Previous by Thread:  DigestEncryptionAlgorithmIdentifiers for DSS / DSA (was RE: S/MIME V3 Msg Spec Comments), Blake Ramsdell
Next by Thread:  Section 2.6.1-2.6.3 (40-bit crypto) (was RE: S/MIME V3 Msg Spec Comments), Blake Ramsdell
Indexes:  [Date] [Thread] [Top] [All Lists]