Re: AlgorithmIdentifier, SHA-1, etc.
2007-04-06 13:32:55
At Fri, 06 Apr 2007 13:02:58 -0700,
Blake Ramsdell wrote:
Eric Rescorla wrote:
Technically these don't conflict, but obviously, it's undesirable to
have the encoding in the message not match that in the DigestInfo,
since doing binary comparisons is common practice here. So, what's the
right answer here?
In my case when I receive a digest AlgorithmIdentifier, I bust it open
and get the OID out and discard the wrapper (the outer
AlgorithmIdentifier). So I'm not affected by a mismatch if I do that.
But yeah, short of normalizing the values in some way, you're pretty
much done. That is, there's no binary comparison, and you perform an
equivalence check by converting both values in such a way that the same
answer comes out. So if you have { sha-1, NULL } and { sha-1 } you get
the same answer.
Yeah, my thinking is that it would be better for these to match
so that naive implementations work.
-Ekr
Previous by Date: |
AlgorithmIdentifier, SHA-1, etc., Eric Rescorla |
Next by Date: |
Re: AlgorithmIdentifier, SHA-1, etc., Blake Ramsdell |
Previous by Thread: |
Re: AlgorithmIdentifier, SHA-1, etc., Blake Ramsdell |
Next by Thread: |
Re: AlgorithmIdentifier, SHA-1, etc., Russ Housley |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|