[dtn-security] Mutable Canonicalization: including security-result length?

Dominik Schürmann <dominik@dominikschuermann.de> Sat, 12 October 2013 17:17 UTC

Return-Path: <dominik@dominikschuermann.de>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97F0421E81AC for <dtn-security@ietfa.amsl.com>; Sat, 12 Oct 2013 10:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbElKsmQFfpP for <dtn-security@ietfa.amsl.com>; Sat, 12 Oct 2013 10:17:24 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.29]) by ietfa.amsl.com (Postfix) with ESMTP id 0100421E81A9 for <dtn-security@irtf.org>; Sat, 12 Oct 2013 10:17:20 -0700 (PDT)
Received: from [134.169.34.1] (helo=[10.1.0.103]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <dominik@dominikschuermann.de>) id 1VV2oY-0007ew-W2 for dtn-security@irtf.org; Sat, 12 Oct 2013 19:17:19 +0200
Message-ID: <5259841B.5060109@dominikschuermann.de>
Date: Sat, 12 Oct 2013 19:17:15 +0200
From: Dominik Schürmann <dominik@dominikschuermann.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12
MIME-Version: 1.0
To: dtn-security <dtn-security@irtf.org>
X-Enigmail-Version: 1.4
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enigC4779D930333919080A41A12"
X-Df-Sender: ZG9taW5pa0Bkb21pbmlrc2NodWVybWFubi5kZQ==
Subject: [dtn-security] Mutable Canonicalization: including security-result length?
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2013 17:17:28 -0000

Hi,

I have a question regarding Mutable Canonicalization
(http://tools.ietf.org/html/rfc6257#section-3.4.2).

While Strict Canonicalization explicitly says that security-result is
not part of the canonical form, but its length, I am unsure how this
should be handled in Mutable Canonicalization.

RFC says:
"Security blocks are handled likewise, except that the ciphersuite
   will likely specify that the "current" security block security-result
   field not be considered part of the canonical form.  This differs
   from the strict canonicalization case since we might use the mutable
   canonicalization algorithm to handle sequential signatures such that
   signatures cover earlier ones."

Does this mean the length of security-result is not part of Mutable
Canonicalization or do I miss something?

Regards
Dominik Schürmann