Re: [IPsec] Last Call: <draft-kivinen-ipsecme-signature-auth-06.txt> (Signature Authentication in IKEv2) to Proposed Standard
Johannes Merkle <johannes.merkle@secunet.com> Tue, 07 October 2014 15:46 UTC
Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EB961ACE2B for <ipsec@ietfa.amsl.com>; Tue, 7 Oct 2014 08:46:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.386
X-Spam-Level:
X-Spam-Status: No, score=-3.386 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6nFE3au8wxfR for <ipsec@ietfa.amsl.com>; Tue, 7 Oct 2014 08:46:29 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE0F11ACE1D for <ipsec@ietf.org>; Tue, 7 Oct 2014 08:46:28 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id D2B3B1A007F; Tue, 7 Oct 2014 17:46:20 +0200 (CEST)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id jIlFfbODGHKQ; Tue, 7 Oct 2014 17:46:11 +0200 (CEST)
Received: from mail-essen-01.secunet.de (unknown [10.53.40.204]) by a.mx.secunet.com (Postfix) with ESMTP id CA2661A007C; Tue, 7 Oct 2014 17:46:11 +0200 (CEST)
Received: from [10.208.1.76] (10.208.1.76) by mail-essen-01.secunet.de (10.53.40.204) with Microsoft SMTP Server (TLS) id 14.3.195.1; Tue, 7 Oct 2014 17:46:17 +0200
Message-ID: <54340AC8.4070909@secunet.com>
Date: Tue, 07 Oct 2014 17:46:16 +0200
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Tero Kivinen <kivinen@iki.fi>
References: <20140701161112.18036.94027.idtracker@ietfa.amsl.com> <53B6BA3F.40509@secunet.com> <21452.4707.784185.458764@fireball.kivinen.iki.fi> <53D225B4.2030508@secunet.com> <21555.63363.628296.93775@fireball.kivinen.iki.fi>
In-Reply-To: <21555.63363.628296.93775@fireball.kivinen.iki.fi>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.208.1.76]
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/IuEzai7iLkP-82nN3IFb_UG1UK8
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-signature-auth-06.txt> (Signature Authentication in IKEv2) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Oct 2014 15:46:36 -0000
Tero Kivinen wrote on 07.10.2014 16:24: > I.e you can clearly see that in the public key object for PSS > signatures the RSASSA-PSS-params are optional, but for the signature > algorithm definition for PSS signatures the RSASSA-PSS-params are > required. The actual content of the sequence can be empty, but the > sequence MUST be there. I agree with that. > > So the current text saying that the params are not optional in this > case is correct. The A.4.1 has example of empty parameters, where > there is the id-RSASSA-PSS object identifier and empty sequence after > that. Note, that the hex for that matches the hex in RFC3447... I was mistaken in thinking that the SubjectPublicKey Identifier is used, but, of course, it is the signatureAlgoithm Identifier. So I was completely wrong here. Issue closed. -- Johannes
- [IPsec] Last Call: <draft-kivinen-ipsecme-signatu… The IESG
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle