Re: draft-harris-ssh-rsa-kex-01.txt

[Sam Hartman <hartmans-ietf%mit.edu@localhost>]

>>>>> "Ben" == Ben Harris <bjh21%bjh21.me.uk@localhost> writes:

    Ben> In article
    Ben> <200504030127.UAA27141%Sparkle.Rodents.Montreal.QC.CA@localhost> you
    Ben> write:
    >> Now, RFC3447 *does* specify that conversion.  But the encoding
    >> of this data blob as a string is deceptively close to the
    >> encoding of the big number as an mpint (the major difference is
    >> exactly how and when leading zero bits are included).  I'd like
    >> to see this similarly explicitly acknowledged and clarified.
    >> Maybe something like
    >> 
    >> Note that the encoding of the encrypted secret is similar to
    >> the "mpint" encoding of the raw RSA encryption result, but
    >> differs in its handling of high-order 0 bits.  The packet
    >> contains the octet sequence as a "string", not the raw RSA
    >> output as an "mpint".
    >> 
    >> (Assuming of course that that's what is intended; if not, the
    >> wording needs even mroe work.)

    Ben> That is the intention, yes, and I agree that it would
    Ben> probably be best to make this difference explicit.  Your text
    Ben> seems good to me.  Secsh-transport has a similar problem with
    Ben> the output of RSASSA-PKCS1-v1_5-SIGN, which is similarly an
    Ben> I2OSP-encoded integer.  For comparison, the text there is:

I'm a strong proponent of reuse of primitives and of other
specifications where appropriate.  Personally, I believe your decision
is correct.

--Sam