On Mon, Jul 14, 2008 at 11:16:58AM -0700, Eric Rescorla wrote:
Implementations SHOULD generate SHA-1
AlgorithmIdentifiers with absent parameters.
...
However, as far as I can tell OpenSSL currently generates the encoding
with NULL rather than absent, and my memory is that the last time I
discussed this with the OpenSSL implementors, they weren't interested
in changing this.
When we were last working on this a few years ago, I got some message
from Fluffy saying that we should try to generate an encoding with
absent regardless. I spent some time patching OpenSSL to make it do
this, but upon reexamination, it seems kind of lame to have an example
in the draft that requires some one-off patch to generate, so I
thought it might be a good idea to get some more advice from the WG.
I'm not suggesting we change 3370, but is it really necessary to
have examples which need to be hand-tooled?
From RFC 2119:
3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
I say that the OpenSSL implementation emitting NULL and the prevalence of
that implementation constitutes a valid reason in a particular circumstance,
and the full implication is understood (receiving implementations MUST support
NULL). This email exchange constitutes careful weighing before choosing a
different course.
So emit NULL and feel bad about it. You might consider submitting the patch to
OpenSSL anyway though.
Blake