Re: [pkix] Redundant signature algorithm info in certs.
Erwann Abalea <eabalea@gmail.com> Tue, 24 May 2016 23:51 UTC
Return-Path: <eabalea@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF68F12D7FB for <pkix@ietfa.amsl.com>; Tue, 24 May 2016 16:51:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4VeEFMo5jjt for <pkix@ietfa.amsl.com>; Tue, 24 May 2016 16:51:22 -0700 (PDT)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 214B012D5D3 for <pkix@ietf.org>; Tue, 24 May 2016 16:51:22 -0700 (PDT)
Received: by mail-lf0-x235.google.com with SMTP id e131so11956605lfb.0 for <pkix@ietf.org>; Tue, 24 May 2016 16:51:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=GlnGuzCO9F0DJbB6pcfnajjX25QGYEpBoNEGwIo6Xjo=; b=hnIAL90HT4MhQrXpDjdMHLnFgoLmFRqgM3bS2ZQYIFyXUT5hSO88DcFJXKQSHeBRad XUZvOEMC63Sym85vnbctXxZUPqqewiMxEcAYM7S6JwNcw/cxxkQXpPpbh7bQIIxqME3L c76SZ9bYrbdFZQIoho0KwVwBhAWvQIhnVh1YC68Z88l1gs1ZusdE9VeJvlG1LpZA2Jq9 B5rXbwuPDGhRjaFhGX+XFch1iNkpdHaso9k7S/z3kezj4WzntmyMTdmz/c04ZA+h/6xL 9W0hQ+4UjKjqd/2GTnjv23y+tC3k8mMUmdMBk5uNy1BzTZduZVtJmWnkg/FiMWT3AyK3 wg+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=GlnGuzCO9F0DJbB6pcfnajjX25QGYEpBoNEGwIo6Xjo=; b=ZJpuLPJwZyeIqmaMkyDAXsFdtUWTByzkYyCauJBLH4dF8aJzxckCx7xxo7fptkQvDx HhalhAh5NXeZbhnk/eam5YCEcgzonw6+PBrd34G7GXo/ZdQwuJkQXXKfdu1/70gZxHYW kWRMvTAMVhZnOnl3SbA1vAkbvWOH9BIwnDbWNMFsk5MDMGkzJdGWkOiJd6YmsW5KHgLd qyeT8URG7ZyLvf+hUXFWLHPl0p5CVEg86LZdelU+BnJWJ0B/NhyZgYNGOZwSUJuwtYBH ARAnOvLABSOpjvhXwwh9LL23BH6bbx0xV2wOdj+DyPs+grrAFQiM80cUXWJ6Y9rvV+oj 3jhA==
X-Gm-Message-State: ALyK8tJp5lzri9fwpppva8t+2PMWOzg5ufjQYsm1VkEbyNRVxNDuWiJDBOFhTekbS2WhIx6bev0iu+03dKzIIw==
MIME-Version: 1.0
X-Received: by 10.25.27.130 with SMTP id b124mr133999lfb.99.1464133880207; Tue, 24 May 2016 16:51:20 -0700 (PDT)
Received: by 10.114.4.138 with HTTP; Tue, 24 May 2016 16:51:20 -0700 (PDT)
In-Reply-To: <000701d1b5bd$267b0d60$73712820$@x500.eu>
References: <000701d1b5bd$267b0d60$73712820$@x500.eu>
Date: Wed, 25 May 2016 01:51:20 +0200
Message-ID: <CA+i=0E5M3XOKqtn+OVAJEMir4ThqMgYVXc6RX5VmQpMaUgzQkQ@mail.gmail.com>
From: Erwann Abalea <eabalea@gmail.com>
To: Erik Andersen <era@x500.eu>
Content-Type: multipart/alternative; boundary="001a11403a26d5642e05339f3b29"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/JhWgMRHyBd9oa8f72sn_4qrHFsk>
Cc: PKIX <pkix@ietf.org>, Directory list <x500standard@freelists.org>
Subject: Re: [pkix] Redundant signature algorithm info in certs.
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2016 23:51:24 -0000
Bonsoir, 2016-05-24 15:06 GMT+02:00 Erik Andersen <era@x500.eu>: > The question about apparently redundant signature algorithm information in > public-key certificates, attribute certificates and CRLs has been raised > before. It seems clear that by including the signature algorithm within the > body of the cert, it is protected by the signature. But why does the > algorithm then has to be part of the signature itself? > Probably because X.509 starts by defining what a signature is, defining a SIGNED ASN.1 macro able to take a private key, a signature algorithm, and some opaque "ToBeSigned" data, resulting in a complete structure that can be passed to an equivalent hypothetical VERIFY macro? This macro doesn't need to know that the signatureAlgorithm is or isn't included in this ToBeSigned. From an API point of view, that doesn't sound illogical. A Certificate is defined as a SIGNED{Something} since the 1993 edition, at least. The order between "defining what is a Certificate" and "what is a digital signature" has been reversed between 1993 and 1997 editions. I am not suggesting to change current specifications. The question could be > relevant for new signed structures developed by other specifications. > > PKCS#7/CMS hasn't followed this path. What is really protected in integrity is either the sole content or a DER encoded version of the signed attributes. The signature algorithm in itself isn't protected. -- Erwann.
- [pkix] Redundant signature algorithm info in cert… Erik Andersen
- Re: [pkix] Redundant signature algorithm info in … Erwann Abalea
- Re: [pkix] [x500standard] AW: Redundant signature… Santosh Chokhani
- Re: [pkix] Redundant signature algorithm info in … Stephen Kent