Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send

Alberto García <alberto@it.uc3m.es> Thu, 04 March 2010 11:30 UTC

Return-Path: <alberto@it.uc3m.es>
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D428C3A899A for <cga-ext@core3.amsl.com>; Thu, 4 Mar 2010 03:30:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aiMMw8DjPMer for <cga-ext@core3.amsl.com>; Thu, 4 Mar 2010 03:30:39 -0800 (PST)
Received: from smtp02.uc3m.es (smtp02.uc3m.es [163.117.176.132]) by core3.amsl.com (Postfix) with ESMTP id 9B2013A7F1E for <cga-ext@ietf.org>; Thu, 4 Mar 2010 03:30:39 -0800 (PST)
X-uc3m-safe: yes
Received: from bombo (bombo.it.uc3m.es [163.117.139.125]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by smtp02.uc3m.es (Postfix) with ESMTP id C9B8C6C25F7; Thu, 4 Mar 2010 12:30:39 +0100 (CET)
From: =?ISO-8859-15?Q?Alberto_Garc=EDa?= <alberto@it.uc3m.es>
To: "'Jari Arkko'" <jari.arkko@piuha.net>, "'Tony Cheneau'" <tony.cheneau@it-sudparis.eu>
References: <alpine.LNX.2.00.0911191100150.7833@whitebox><BF345F63074F8040B58C00A186FCA57F1C66087842@NALASEXMB04.na.qualcomm.com><alpine.LNX.2.00.0911201144010.7546@whitebox><BF345F63074F8040B58C00A186FCA57F1C65FB277D@NALASEXMB04.na.qualcomm.com><alpine.LNX.2.00.0911211025090.11248@localhost.localdomain><BF345F63074F8040B58C00A186FCA57F1C65FB2942@NALASEXMB04.na.qualcomm.com><alpine.LNX.2.00.0911242317130.11124@localhost.localdomain><BF345F63074F8040B58C00A186FCA57F1C65FB2A51@NALASEXMB04.na.qualcomm.com><alpine.LNX.2.00.0911260951580.7596@whitebox><37915D90-B246-48E4-9C7B-69DAF54FA43A@lacnic.net><4B210E23.4000908@piuha.net><alpine.LNX.2.00.0912102300220.11124@localhost.localdomain> <4B21DA81.30405@piuha.net>
Date: Thu, 4 Mar 2010 12:30:41 +0100
Message-ID: <B5ECF87DE53349CA9E810F121A0849B7@bombo>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acp6I/4oCVuEGCr2QeOLZb6djiefZQ74fLag
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
In-reply-to: <4B21DA81.30405@piuha.net>
X-TM-AS-Product-Ver: IMSS-7.0.0.3116-6.0.0.1038-17162.002
Cc: draft-ietf-csi-proxy-send@tools.ietf.org, cga-ext@ietf.org
Subject: Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 11:30:41 -0000

Hi

|  -----Mensaje original-----
|  De: cga-ext-bounces@ietf.org [mailto:cga-ext-bounces@ietf.org] En nombre
de
|  Jari Arkko
|  Enviado el: viernes, 11 de diciembre de 2009 6:37
|  Para: Tony Cheneau
|  CC: draft-ietf-csi-proxy-send@tools.ietf.org; cga-ext@ietf.org
|  Asunto: Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send
|  
|  Tony,
|  
|  > The padding field is exactly defined this way in RFC 3971 (although a
|  > Pad Length field was present on the -04 version of the SEND draft). I
|  > think the draft-ietf-csi-proxy-send-01 document only reuses the format
|  > of the badly defined RSA Signature Option.
|  
|  Ah, OK.
|  
|  > If RFC 3971 was to be updated, I agree that a padding length field
|  > should be defined somewhere in the RSA (or XXX) Signature Option. Was
|  > there a rational behind its removal during the RFC 3971
|  > standardisation process ?
|  
|  I can't recall. Maybe this is one of the bugs that we need to fix. Or
|  perhaps there is a way to determine the lengths but neither of us can't
|  just see it right now. In any case, it should be clearly specified in
|  3971bis and the proxy-send drafts.

The length of the Digital Signature can be obtained from parsing the PKCS#1
v1.5 signature itself, which is coded in ASN.1 BER. 
Therefore, I have changed in draft-ietf-csi-proxy-send-02 the statement
saying:

"The length of the
      	Digital Signature field is determined by the length of the RSA
      	Signature option minus the length of the other fields (including
      	the variable length Pad field.)

by
"The length of the Digital Signature field is determined by the ASN.1 BER
coding of the PKCS#1 v1.5 signature."

Then, I would still say that 
"The length of the padding field is determined by the length of the Proxy
Signature Option minus the length of the other fields."

Do you think this is correct?

Regards,
Alberto

|  
|  Jari
|  
|  _______________________________________________
|  CGA-EXT mailing list
|  CGA-EXT@ietf.org
|  https://www.ietf.org/mailman/listinfo/cga-ext