John O Goyo <[EMAIL PROTECTED]> writes:
>That would explain its presence in a certificate we parsed. We found the OID
>1.3.14.3.2.29 {iso(1) identified-organization(3) oiw(14) secsig(3)
>algorithms(2) sha-1WithRSAEncryption(29)} in a certificate where RFC 2459
>specified another OID.
>
>I shall investigate the Java connection.
There are others as well, e.g. an obsolete DSA one that ended up in CDSA (so
presumably OS X crypto will use it) and the German PKI work, and a variety of
other odd bits and pieces. In general you need a many-to-one mapping where on
write you emit the most appropriate OID and on read you allow any one of a
number of OIDs, including incorrect ones (the JDK one is actually dsaWithSHA0,
but it's used as if it was dsaWithSHA1). And while we're on the topic of
SHA-1 with RSA, don't forget rsaSignatureWithsha1 (1 3 36 3 3 1 1).
Peter.
