Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:
My preference is:
ESSCertIDEx ::= SEQUENCE {
hashAlg AlgorithmIdentifier DEFAULT {id-sha256},
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
I would rather see the algorithm identifier before the hash value.
Since a new OID is going to be assigned, it is not really important to me
whether the default is sha256 or sha1. If implementors see a reason to go
with sha1, I can live with it.
Looking at Denis' backwards-compatibility issue, if you do want backwards-
compatibility you'd have to default to SHA-1 and not SHA-2. For SHA-1 you'd
then get:
ESSCertIDEx ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
which is identical to the original ESSCertID since the 'DEFAULT sha1'
vanishes. Since something that doesn't know about the -Ex form isn't going to
be able to handle either the AlgorithmIdentifier or the use of a hash other
than SHA-1, it doesn't really matter where the AlgorithmIdentifier goes,
because it'll choke on the non-SHA1 hash anyway whether the
AlgorithmIdentifier precedes or follows it.
(Of course since you're using a different OID to identify it, it could
probably be argued that you can stick an MPEG-of-cat in there as well without
causing any problems. However, the backwards-compatible format means that you
don't need to special-case the two versions but can just treat the old one as
one particular instance of the new one, which simplifies implementation).
Peter.