Re: draft-harris-ssh-rsa-kex-01.txt

To: ietf-ssh%netbsd.org@localhost
Subject: Re: draft-harris-ssh-rsa-kex-01.txt
From: Ben Harris <bjh21%bjh21.me.uk@localhost>
Date: Sun, 03 Apr 2005 14:11:32 +0100

In article <200504030127.UAA27141%Sparkle.Rodents.Montreal.QC.CA@localhost> you write:
>Now, RFC3447 *does* specify that conversion.  But the encoding of this
>data blob as a string is deceptively close to the encoding of the big
>number as an mpint (the major difference is exactly how and when
>leading zero bits are included).  I'd like to see this similarly
>explicitly acknowledged and clarified.  Maybe something like
>
>   Note that the encoding of the encrypted secret is similar to the
>   "mpint" encoding of the raw RSA encryption result, but differs in
>   its handling of high-order 0 bits.  The packet contains the octet
>   sequence as a "string", not the raw RSA output as an "mpint".
>
>(Assuming of course that that's what is intended; if not, the wording
>needs even mroe work.)

That is the intention, yes, and I agree that it would probably be best to
make this difference explicit.  Your text seems good to me.  Secsh-transport
has a similar problem with the output of RSASSA-PKCS1-v1_5-SIGN, which is
similarly an I2OSP-encoded integer.  For comparison, the text there is:

   The value for 'rsa_signature_blob' is encoded as a string containing
   s (which is an integer, without lengths or padding, unsigned and in
   network byte order).

I think yours is better, since it still defers to PKCS#1.

-- 
Ben Harris

Follow-Ups:
- Re: draft-harris-ssh-rsa-kex-01.txt
  - From: Sam Hartman
- Re: draft-harris-ssh-rsa-kex-01.txt
  - From: Niels Möller

References:
- draft-harris-ssh-rsa-kex-01.txt
  - From: der Mouse

Prev by Date: Re: draft-harris-ssh-rsa-kex-01.txt
Next by Date: Re: draft-harris-ssh-rsa-kex-01.txt
Previous by Thread: Re: draft-harris-ssh-rsa-kex-01.txt
Next by Thread: Re: draft-harris-ssh-rsa-kex-01.txt
Indexes:

Home | Main Index | Thread Index | Old Index