Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send

[Alberto García <alberto@it.uc3m.es>]

|  -----Mensaje original-----
|  De: Tony Cheneau [mailto:tony.cheneau@it-sudparis.eu]
|  Enviado el: domingo, 21 de marzo de 2010 18:04
|  Para: Alberto García
|  CC: 'Jari Arkko'; draft-ietf-csi-proxy-send@tools.ietf.org;
cga-ext@ietf.org
|  Asunto: RE: [CGA-EXT] Review of draft-ietf-csi-proxy-send
|  
|  Hello Alberto,
|  
|  I agree with your new text.

Thanks, Tony
 
|  However, I can not help but think that the PadLen field will be
|  requiered later on, when other signature algorithms will be used (where
|  the signature may not encode its own lenght).
|  I think the WG should have a discussion on re-introducing or justifying
|  the lack of PadLen field. Because, if you choose not to introduce it in
|  this spec, there might be two specs to fix later on.

It is ok for me to discuss this point, but my opinion is that, in case there
is an agreement to use other signature algorithms, changes will be so
relevant that at the end this spec would need to be updated, regardless the
introduction of a PadLen field. 

|  
|  Also, I spotted a small typo in the Reserved field:
|  "A 11-bit field reserved" => "A 16-bit field reserved"

Thanks, I correct it in a new version just being issued

Regards,
alberto
|  
|  Regards,
|   	Tony
|  
|  On Thu, 4 Mar 2010, Alberto García wrote:
|  
|  > Hi
|  >
|  > |  -----Mensaje original-----
|  > |  De: cga-ext-bounces@ietf.org [mailto:cga-ext-bounces@ietf.org] En
nombre
|  > de
|  > |  Jari Arkko
|  > |  Enviado el: viernes, 11 de diciembre de 2009 6:37
|  > |  Para: Tony Cheneau
|  > |  CC: draft-ietf-csi-proxy-send@tools.ietf.org; cga-ext@ietf.org
|  > |  Asunto: Re: [CGA-EXT] Review of draft-ietf-csi-proxy-send
|  > |
|  > |  Tony,
|  > |
|  > |  > The padding field is exactly defined this way in RFC 3971
(although a
|  > |  > Pad Length field was present on the -04 version of the SEND
draft). I
|  > |  > think the draft-ietf-csi-proxy-send-01 document only reuses the
format
|  > |  > of the badly defined RSA Signature Option.
|  > |
|  > |  Ah, OK.
|  > |
|  > |  > If RFC 3971 was to be updated, I agree that a padding length field
|  > |  > should be defined somewhere in the RSA (or XXX) Signature Option.
Was
|  > |  > there a rational behind its removal during the RFC 3971
|  > |  > standardisation process ?
|  > |
|  > |  I can't recall. Maybe this is one of the bugs that we need to fix.
Or
|  > |  perhaps there is a way to determine the lengths but neither of us
can't
|  > |  just see it right now. In any case, it should be clearly specified
in
|  > |  3971bis and the proxy-send drafts.
|  >
|  > The length of the Digital Signature can be obtained from parsing the
PKCS#1
|  > v1.5 signature itself, which is coded in ASN.1 BER.
|  > Therefore, I have changed in draft-ietf-csi-proxy-send-02 the statement
|  > saying:
|  >
|  > "The length of the
|  >      	Digital Signature field is determined by the length of the
RSA
|  >      	Signature option minus the length of the other fields
(including
|  >      	the variable length Pad field.)
|  >
|  > by
|  > "The length of the Digital Signature field is determined by the ASN.1
BER
|  > coding of the PKCS#1 v1.5 signature."
|  >
|  > Then, I would still say that
|  > "The length of the padding field is determined by the length of the
Proxy
|  > Signature Option minus the length of the other fields."
|  >
|  > Do you think this is correct?
|  >
|  > Regards,
|  > Alberto
|  >
|  > |
|  > |  Jari
|  > |
|  > |  _______________________________________________
|  > |  CGA-EXT mailing list
|  > |  CGA-EXT@ietf.org
|  > |  https://www.ietf.org/mailman/listinfo/cga-ext
|  >
|  >