Thank you, Tero. I'll reject this errata. Best regards, Kathleen
Sent from my iPhone > On Mar 24, 2015, at 11:04 AM, Tero Kivinen <[email protected]> wrote: > > RFC Errata System writes: >> The following errata report has been submitted for RFC7427, >> "Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)". >> >> -------------------------------------- >> You may review the report below and at: >> http://www.rfc-editor.org/errata_search.php?rfc=7427&eid=4296 >> >> -------------------------------------- >> Type: Editorial >> Reported by: Annie Yousar <[email protected]> >> >> Section: A.4.3 >> >> Original Text >> ------------- >> Here the parameters are present and contain hashAlgorithm of SHA-256, >> | maskGenAlgorithm of SHA-256, saltLength of 32, and trailerField of 1. >> >> 0000 : SEQUENCE >> 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) >> 000d : SEQUENCE >> 000f : CONTEXT 0 >> 0011 : SEQUENCE >> 0013 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) >> 001e : NULL >> 0020 : CONTEXT 1 >> 0022 : SEQUENCE >> | 0024 : OBJECT IDENTIFIER 1.2.840.113549.1.1.8 >> 002f : SEQUENCE >> 0031 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) >> 003c : NULL >> 003e : CONTEXT 2 >> 0040 : INTEGER 0x20 (6 bits) >> | 0043 : CONTEXT 3 >> | 0045 : INTEGER 0x1 (1 bits) >> >> Name = RSASSA-PSS with sha-256, oid = 1.2.840.113549.1.1.10 >> | Length = 72 >> 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 >> 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 >> 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 >> 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 >> | 0040: 0201 20a3 0302 0101 >> >> >> Corrected Text >> -------------- >> Here the parameters are present and contain hashAlgorithm of SHA-256, >> | maskGenAlgorithm of MGF1 with SHA-256, saltLength of 32, and >> | trailerField of 1. >> | Note that since the trailerField has the default value it MUST NOT be >> | encoded according to the Distiguished Encoding Rules (DER) of ASN.1. >> >> 0000 : SEQUENCE >> 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) >> 000d : SEQUENCE >> 000f : CONTEXT 0 >> 0011 : SEQUENCE >> 0013 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) >> 001e : NULL >> 0020 : CONTEXT 1 >> 0022 : SEQUENCE >> | 0024 : OBJECT IDENTIFIER id-mgf1 (1.2.840.113549.1.1.8) >> 002f : SEQUENCE >> 0031 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) >> 003c : NULL >> 003e : CONTEXT 2 >> 0040 : INTEGER 0x20 (6 bits) >> >> Name = RSASSA-PSS with sha-256, oid = 1.2.840.113549.1.1.10 >> | Length = 67 >> 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 >> 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 >> 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 >> 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 >> | 0040: 0201 20 >> >> >> Notes >> ----- >> 1. The maskGenAlgorithm is in fact not SHA-256 >> (2.16.840.1.101.3.4.2.1), but MGF1 (1.2.840.113549.1.1.8) based on >> SHA-256 (2.16.840.1.101.3.4.2.1). > > The id-mgf1 oid is there in the example, the tool I used didn't know > the name for it thus it just printed out the oid. As this does not > affect the binary object at all there is no problem in here. > >> 2. Section 3 requires the use of DER: >> The ASN.1 used here is the same ASN.1 used in the >> AlgorithmIdentifier of PKIX (see Section 4.1.1.2 of [RFC5280]), >> encoded using distinguished encoding rules (DER) [CCITT.X690.2002]. > > Yes, but RFC4055 says that: > > trailerField > > The trailerField field is an integer. It provides > compatibility with IEEE Std 1363a-2004 [P1363A]. The value > MUST be 1, which represents the trailer field with hexadecimal > value 0xBC. Other trailer fields, including the trailer field > composed of HashID concatenated with 0xCC that is specified in > IEEE Std 1363a, are not supported. Implementations that > perform signature generation MUST omit the trailerField field, > indicating that the default trailer field value was used. > Implementations that perform signature validation MUST > recognize both a present trailerField field with value 1 and an > absent trailerField field. > > I.e. you should recognize both formats. Yes, we could have another > example also showing the object value to used when generating these > and when omitting the default values (like we do have for SHA-1). > >> Instructions: >> ------------- >> This erratum is currently posted as "Reported". If necessary, please >> use "Reply All" to discuss whether it should be verified or >> rejected. When a decision is reached, the verifying party (IESG) >> can log in to change the status and edit the report, if necessary. >> >> -------------------------------------- >> RFC7427 (draft-kivinen-ipsecme-signature-auth-07) >> -------------------------------------- >> Title : Signature Authentication in the Internet Key Exchange >> Version 2 (IKEv2) >> Publication Date : January 2015 >> Author(s) : T. Kivinen, J. Snyder >> Category : PROPOSED STANDARD >> Source : IP Security Maintenance and Extensions >> Area : Security >> Stream : IETF >> Verifying Party : IESG > -- > [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
