IETF Logo Mail Archive

Re: [Cfrg] Question from JOSE working group

Russ Housley <housley@vigilsec.com> Tue, 03 July 2012 15:01 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C541511E8154 for <cfrg@ietfa.amsl.com>; Tue, 3 Jul 2012 08:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.119
X-Spam-Level:
X-Spam-Status: No, score=-102.119 tagged_above=-999 required=5 tests=[AWL=0.480, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J9ebSHh1NPsm for <cfrg@ietfa.amsl.com>; Tue, 3 Jul 2012 08:01:43 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id B177111E8151 for <cfrg@irtf.org>; Tue, 3 Jul 2012 08:01:43 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id B7722F24046; Tue, 3 Jul 2012 11:02:09 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id H3o0moNMwZka; Tue, 3 Jul 2012 11:01:33 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-10-63.washdc.fios.verizon.net [96.255.10.63]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id E144FF2403D; Tue, 3 Jul 2012 11:02:05 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <41F795C1-BD4F-4732-8F1A-62F909E9AA07@bbn.com>
Date: Tue, 03 Jul 2012 11:01:46 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <1499CA50-2239-4102-BA1A-04104EAC57DF@vigilsec.com>
References: <FFFFB6D6-08A6-4989-99B1-BC1F677AEBD0@vigilsec.com> <41F795C1-BD4F-4732-8F1A-62F909E9AA07@bbn.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>
X-Mailer: Apple Mail (2.1084)
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [Cfrg] Question from JOSE working group
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2012 15:01:45 -0000

Richard:

> Actually, the inclusion of the hash algorithm under the signature is optional:
> "
>      signedAttrs is a collection of attributes that are signed.  The
>      field is optional, but it MUST be present if the content type of
>      the EncapsulatedContentInfo value being signed is not id-data.
>      [...]  If the field is present, it MUST
>      contain, at a minimum, the following two attributes:
> 
>         ...
> 
>         A message-digest attribute, having as its value the message
>         digest of the content.  Section 11.2 defines the message-digest
>         attribute.
> "
> 
> Since "id-data" means "no more ASN.1 structure", for JOSE, the content type is effectively always "id-data".

In practice, there are other attributes that one wants signed, such as signing-time, so the algorithm identifier gets included.

Russ

v2.23.0 | Report a Bug | By Email