[dtn-security] Mutable Canonicalization: including security-result length?
Dominik Schürmann <dominik@dominikschuermann.de> Sat, 12 October 2013 17:17 UTC
Return-Path: <dominik@dominikschuermann.de>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97F0421E81AC for <dtn-security@ietfa.amsl.com>; Sat, 12 Oct 2013 10:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbElKsmQFfpP for <dtn-security@ietfa.amsl.com>; Sat, 12 Oct 2013 10:17:24 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.29]) by ietfa.amsl.com (Postfix) with ESMTP id 0100421E81A9 for <dtn-security@irtf.org>; Sat, 12 Oct 2013 10:17:20 -0700 (PDT)
Received: from [134.169.34.1] (helo=[10.1.0.103]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <dominik@dominikschuermann.de>) id 1VV2oY-0007ew-W2 for dtn-security@irtf.org; Sat, 12 Oct 2013 19:17:19 +0200
Message-ID: <5259841B.5060109@dominikschuermann.de>
Date: Sat, 12 Oct 2013 19:17:15 +0200
From: Dominik Schürmann <dominik@dominikschuermann.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12
MIME-Version: 1.0
To: dtn-security <dtn-security@irtf.org>
X-Enigmail-Version: 1.4
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enigC4779D930333919080A41A12"
X-Df-Sender: ZG9taW5pa0Bkb21pbmlrc2NodWVybWFubi5kZQ==
Subject: [dtn-security] Mutable Canonicalization: including security-result length?
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2013 17:17:28 -0000
Hi, I have a question regarding Mutable Canonicalization (http://tools.ietf.org/html/rfc6257#section-3.4.2). While Strict Canonicalization explicitly says that security-result is not part of the canonical form, but its length, I am unsure how this should be handled in Mutable Canonicalization. RFC says: "Security blocks are handled likewise, except that the ciphersuite will likely specify that the "current" security block security-result field not be considered part of the canonical form. This differs from the strict canonicalization case since we might use the mutable canonicalization algorithm to handle sequential signatures such that signatures cover earlier ones." Does this mean the length of security-result is not part of Mutable Canonicalization or do I miss something? Regards Dominik Schürmann
- [dtn-security] Mutable Canonicalization: includin… Dominik Schürmann
- Re: [dtn-security] Mutable Canonicalization: incl… Peter Lovell
- Re: [dtn-security] Mutable Canonicalization: incl… Dominik Schürmann