PKAlgs: 02: DSA Signature Keys needs re-wording
Stefan.Heiss@brokat.com Fri, 23 March 2001 08:52 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA29572 for <pkix-archive@odin.ietf.org>; Fri, 23 Mar 2001 03:52:55 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id AAA10706; Fri, 23 Mar 2001 00:52:27 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Fri, 23 Mar 2001 00:52:20 -0800
Received: from mail.brokat-le.com (mail.metechnology.com [194.172.189.65]) by above.proper.com (8.9.3/8.9.3) with ESMTP id AAA10662 for <ietf-pkix@imc.org>; Fri, 23 Mar 2001 00:52:18 -0800 (PST)
From: Stefan.Heiss@brokat.com
Received: (qmail 16155 invoked by uid 304); 23 Mar 2001 08:53:20 -0000
Received: from Stefan.Heiss@brokat.com by mail with qmail-scanner-0.94 (uvscan: v4.0.70/v4130. . Clean. Processed in 0.123085 secs); 23/03/2001 09:53:20
Received: from stefanh.brokat-le.com (HELO stefanh) (10.1.3.119) by mail.brokat-le.com with SMTP; 23 Mar 2001 08:53:20 -0000
Reply-To: Stefan.Heiss@brokat.com
Sender: Stefan Heiss <Stefan.Heiss@brokat.com>
To: ietf-pkix@imc.org
Subject: PKAlgs: 02: DSA Signature Keys needs re-wording
Date: Fri, 23 Mar 2001 09:53:19 +0100
Message-ID: <410054F605B3D311BF640000C0C06A0E045180@xc1.brokat-le.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
In-Reply-To: <410054F605B3D311BF640000C0C06A0EF4082A@xc1.brokat-le.com>
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Importance: Normal
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 7bit
Some further comments: section 2.2.2 states: When the id-dsa-with-sha1 algorithm identifier appears as the algo- rithm field in an AlgorithmIdentifier, the encoding SHALL omit the parameters field. This seems to contradict the intended contents of section 2.3.2 ? Some more minor editorials: p.3: For each algorithm, the appropriate alternatives for the the keyUsage ... ^ p.11: g specifies the generator of the multiplicative subgroup of order g; ^----- (maybe better: "a generator" ?) ^----- should be "q" p.11: q specifies the prime factor of p-1; ^----- (maybe better: "a prime factor" ?) p.16: Maybe it would be nice to extend the following lines (similar to the following definitions of gnBasis, etc.): prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } Prime-p ::= INTEGER -- Field size p (p in bits) characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 } Characteristic-two ::= SEQUENCE { ... prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } -- type for parameters field for prime-field is Prime-p Prime-p ::= INTEGER -- Field size p (p in bits) characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 } -- type for parameters field for characteristic-two-field is Characteristic-two Characteristic-two ::= SEQUENCE { ... p.12,p.13,p.18 ... MAY assert either encipherOnly and decipherOnly. ^----- or > -----Original Message----- > From: Manger, James H [mailto:James.H.Manger@team.telstra.com] > Sent: Friday, March 23, 2001 7:52 AM > To: ietf-pkix@imc.org > Subject: PKAlgs: 02: DSA Signature Keys needs re-wording > > > Comments on draft-ietf-pkix-ipki-pkalgs-02.txt, section 2.3.2 > "DSA Signature > Keys": > > The paragraph beginning "If the DSA algorithm parameters are > absent" has 3 > sentences. The 2nd and 3rd contradict each other (at least the 2nd is > useless in light of the 3rd). The next paragraph repeats the > 1st and 3rd > sentences. > Delete something. Perhaps replace the two paragraphs with > "The DSA domain > parameters may be omitted if and only if the certificate is > signed using a > DSA key that has the same parameters.". > > The DSA signature values r & s should not be mentioned in > this section. > They are appropriately, clearly and completely defined in > section 2.2.2 "DSA > Signature Algorithm"; with an OID, parameters (omit), > Dss-Sig-Value syntax > and mapping to a bit string. > Delete the paragraph beginning "When signing, DSA algorithm > generates", the > definition of Dss-Sig-Value and the paragraph beginning "The encoded > signature is conveyed". > > > Minor editorials: > Ecdsa-Sig-Value is ECDSA-Sig-Value in the ASN.1 module. > RSAPublicKey, DSAPublicKey and DHPublicKey are not in the > ASN.1 module. > Comment with Dss-Parms in ASN.1 module should be "for DSA > parameters", not > "for DSA public key". >
- PKAlgs: 02: DSA Signature Keys needs re-wording Manger, James H
- PKAlgs: 02: DSA Signature Keys needs re-wording Stefan.Heiss
- Re: PKAlgs: 02: DSA Signature Keys needs re-wordi… Bodo Moeller