Re: AlgorithmIdentifier, SHA-1, etc.
2007-04-06 13:32:57
Eric Rescorla wrote:
Technically these don't conflict, but obviously, it's undesirable to
have the encoding in the message not match that in the DigestInfo,
since doing binary comparisons is common practice here. So, what's the
right answer here?
In my case when I receive a digest AlgorithmIdentifier, I bust it open
and get the OID out and discard the wrapper (the outer
AlgorithmIdentifier). So I'm not affected by a mismatch if I do that.
But yeah, short of normalizing the values in some way, you're pretty
much done. That is, there's no binary comparison, and you perform an
equivalence check by converting both values in such a way that the same
answer comes out. So if you have { sha-1, NULL } and { sha-1 } you get
the same answer.
Blake
--
Blake Ramsdell | Sendmail, Inc. | http://www.sendmail.com
Previous by Date: |
Re: AlgorithmIdentifier, SHA-1, etc., Eric Rescorla |
Next by Date: |
Re: AlgorithmIdentifier, SHA-1, etc., Russ Housley |
Previous by Thread: |
AlgorithmIdentifier, SHA-1, etc., Eric Rescorla |
Next by Thread: |
Re: AlgorithmIdentifier, SHA-1, etc., Eric Rescorla |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|