-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/06/2010 02:34 PM, jc wrote: > > > On Dec 6, 2010, at 5:12 PM, Marc Petit-Huguenin <[email protected] > <mailto:[email protected]>> wrote: > > More questions, comments and nits: >
[...] > > A.15. Section 5.3.4 "HashAlgorithm hash_alg;" > > What are the algorithms that should be supported? > Is the hash only used to identify the certificate in > SecurityBlock.certificates? > >> No, it is used for AOR storage among other things. > My question was about Signature in SecurityBlock, not in StoredData, so let me rephrase it: What is the certificate_hash value in SecurityBlock used for? [...] > A.20. Section 5.7, "If the message is not fragmented, then both the > first and > last fragment are set to 1..." > > If the first fragment bit is set to 1 when the message is fragmented > and is also > set to one when the message is not fragmented, then it is always set > to 1, so > what is the point of having it in the first place? > >> I think you misread. There are two fragment flags, begin and end. Here's the quotes: Section 5.3.2: "If the high bit (0x80000000) is set, it indicates that the message is fragmented." Section 5.7: "If the message is not fragmented, then both the first and last fragment bits are set to 1..." [...] > A.28. Section 10.1.1 last paragraph "such an XML configuration file > sent over > email." > > Because the signatures on the XML document are done on exact byte > string and > because emails servers are known to mess with end of lines, we will see > configuration documents that cannot be verified after been sent by > email (what > was wrong with using XML-sig anyway?). > > >> Why would an email server alter an "attachment"? Don't send them in the >> body. Some email servers do alter attachments, it's a fact (and the reason why pcap files have to be gzipped before been sent by email), but in fact I just wanted to express that basing a signature on an XML fragment without canonicalization was perhaps not a good idea. [...] - -- Marc Petit-Huguenin Personal email: [email protected] Professional email: [email protected] Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkz9b+4ACgkQ9RoMZyVa61emFQCfaHnoKXXtbBmgVcEBDmUYFytD CFwAoIKbTDa7BjW1twZRTVDt+m3OEGYJ =Kz5R -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
