Ah, the sadness that is DSA in IKE. At 2:30 AM +0400 9/15/10, êÓÏýÌ ÑÓÌÂÌÍÓ wrote: >Greetings, > >This is what RFC 5996 has to say about DSA: > >>(3.8. Authentication Payload) >>... >> DSS Digital Signature 3 >> Computed as specified in Section 2.15 using a DSS private key >> (see [DSS]) over a SHA-1 hash. > >I have several questions about this. > >1) DSS is the standard, which approves three digital signature schemes. >Since the use of two of them (RSA and ECDSA) with IKEv2 is specified >elsewhere, I'm presuming that the first two occurances of "DSS" above >actually mean "DSA". Is this correct?
Correct. >2) DSS only specifies the conceptual form of the signature (two numbers r >and s), and doesn't define an octet-sequence representation. Neither does >RFC 5996. So what representation is to be used? This was simply copied from RFC 4306, which pretty much copied it from RFC 2409. >3) Why is SHA-1 used here, instead of the SHA corresponding to the key >length? Because that is what RFC 2409 said. None of this is a good justification for why we don't have a better definition for DSA certificate use in IKEv2, just a description of how we got here. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
