Re: New test TSA available

["todd glassey" <todd.glassey@worldnet.att.net>]

----- Original Message -----
From: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
To: <pgut001@cs.auckland.ac.nz>; <tho@andxor.com>
Cc: <ietf-pkix@imc.org>; <r.galli@com-and.com>
Sent: Tuesday, August 21, 2001 5:03 PM
Subject: Re: New test TSA available


>
> tho <tho@andxor.com> writes:
>
> >(A) draft-ietf-pkix-time-stamp-15 states that eContentType for a time
> >    stamping token should be id-ct-TSTInfo why is it instead set to
> >    id-data ?
>
> Probably because the implementation was done back when draft-06 or
> something was current :-).  This is also why various other things
> required by newer drafts aren't present, I'll fix this when I next
> update the code (because of the environment it's in, there's a bit of
> latency involved when making changes).
>

The TSA should by its response message also identify which standard or draft
level it complies to.

> >since the encapsulated content type is set to id-data, version
> >field in SignedData is (`correctly' since (A)) set to 1 and not to 3
>
> This one's deliberate, since CMS implementations are split 50/50 between
> ones which ignore the version entirely and ones which require it to be
> what PKCS #7 set it to, I always use the PKCS #7 version value because
> that means it'll work with everything.
>
> >signatureAlgorithm in SignerInfo is rsaEncryption, shouldn't it be more
> >likely sha1withRSAEncryption ?
>
> Since the CMS signature splits the hash and signing algorithm, the first
> OID is a pure hash (SHA-1) and the second is a pure signature algorithm
> (RSA).
>
> Peter.