Re: public key (was Re: consensus probe.)

To: "Andersson, Mats" <mats.andersson%appgate.com@localhost>
Subject: Re: public key (was Re: consensus probe.)
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: 11 Feb 2002 17:19:41 +0100

"Andersson, Mats" <mats.andersson%appgate.com@localhost> writes:

> On Thu, 7 Feb 2002, Joseph Galbraith wrote:
> > For example, we could specify (unambiguously) that x509v3-sign-rsa
> > keys would use ssh-rsa signatures.  There is no ambiguity here, hence
> 
> Why would we want to do this (though these two signatures happens to be of
> the same format as defined in PKCS1), what is the flexibility to be able
> to use keys of a certain format for generating (potentially) differently
> formatted signatures?

I don't have a strong opinion about this, but I think using several
names for things that are actually the same is a kind of bloat.

I currently use a single symbol table (generated using gperf) that
recognizes all symbol names used in the various specs, and the size of
this table is linear with the total number of symbols. If lots and
lots of symbols are added I'll have to consider splitting it into
several tables for different "namespaces".

BTW, when talking about signatures. ssh-rsa is specified as using
PKCS1 signatures. What is really meant is PKCS1 v1.5. PKCS1 v2
(currently only at draft stage, I think) defines a new improved and
incompatible padding mechanism. That's what happens when referenced
documents change and references don't include version information...

Regars,
/Niels

Follow-Ups:
- Re: public key (was Re: consensus probe.)
  - From: Markus Friedl

References:
- Re: public key (was Re: consensus probe.)
  - From: Andersson, Mats

Prev by Date: Re: an attack against SSH2 protocol
Next by Date: Re: an attack against SSH2 protocol
Previous by Thread: Re: public key (was Re: consensus probe.)
Next by Thread: Re: public key (was Re: consensus probe.)
Indexes:

Home | Main Index | Thread Index | Old Index