ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: I-D ACTION:draft-ietf-smime-sha2-08.txt

2008-10-04 15:38:01
from [Turner, Sean P.] [Permanent Link] 

In para 2, I'll remove the paragraph that starts "There are two possible
encodings for the SHA AlgorithmIdentifier ..." and I'll change the last
paragraph in 2 from:

 The AlgorithmIdentifier parameters field is OPTIONAL.  If present, 
 the parameters field MUST contain a NULL.  Implementations MUST 
 accept SHA2 AlgorithmIdentifiers with absent parameters.  
 Implementations MUST accept SHA2 AlgorithmIdentifiers with NULL 
 parameters.  Implementations SHOULD generate SHA2 
 AlgorithmIdentifiers with absent parameters. 

To:

 The AlgorithmIdentifier parameters field is OPTIONAL. 
 Implementations MUST 
 accept SHA2 AlgorithmIdentifiers with absent parameters.  
 Implementations MUST accept SHA2 AlgorithmIdentifiers with NULL 
 parameters.  Implementations MUST generate SHA2 
 AlgorithmIdentifiers with absent parameters. 

I'll post a new version Monday and I think we'll re-do a WGLC with a one
week period.  This time will give implementers with experience to chime in.

spt


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Blake 
Ramsdell
Sent: Friday, October 03, 2008 10:05 PM
To: Turner, Sean P.
Cc: Jim Schaad; ietf-smime(_at_)imc(_dot_)org
Subject: Re: I-D ACTION:draft-ietf-smime-sha2-08.txt


On Fri, Oct 3, 2008 at 2:09 PM, Turner, Sean P. 
<turners(_at_)ieca(_dot_)com> wrote:

1. I was just following the conventions for SHA-1.  I take it you're 
suggesting we should break with those conventions?


This is something we debated back in the DSA days. The bottom 
line is that we were younger and dumber back in the 90's for 
AlgorithmIdentifier, and now we know that the parameters are 
an optional field. So the bottom line is that new algorithms 
should be absent parameters instead of encoded as NULL.

From RFC 2633:

2.2 SignatureAlgorithmIdentifier

  Sending and receiving agents MUST support id-dsa defined in [DSS].
  The algorithm parameters MUST be absent (not encoded as NULL).

So yeah, we're kind of jerks for carting around some of this 
NULL for the older algorithms, but the rule of thumb is that 
"for any new algorithms, the parameters are absent if there 
aren't any".

Blake
--
Blake Ramsdell | http://www.blakeramsdell.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I-D ACTION:draft-ietf-smime-sha2-08.txt, Blake Ramsdell
Next by Date:  RE: I-D ACTION:draft-ietf-smime-sha2-08.txt, Jim Schaad
Previous by Thread:  Re: I-D ACTION:draft-ietf-smime-sha2-08.txt, Blake Ramsdell
Next by Thread:  RE: I-D ACTION:draft-ietf-smime-sha2-08.txt, Jim Schaad
Indexes:  [Date] [Thread] [Top] [All Lists]