Sent from my iPhone
On Dec 6, 2010, at 6:21 PM, Marc Petit-Huguenin <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/06/2010 02:34 PM, jc wrote: >> >> >> On Dec 6, 2010, at 5:12 PM, Marc Petit-Huguenin <[email protected] >> <mailto:[email protected]>> wrote: >> >> More questions, comments and nits: >> > > [...] > >> >> A.15. Section 5.3.4 "HashAlgorithm hash_alg;" >> >> What are the algorithms that should be supported? >> Is the hash only used to identify the certificate in >> SecurityBlock.certificates? >> >>> No, it is used for AOR storage among other things. >> > > My question was about Signature in SecurityBlock, not in StoredData, so let me > rephrase it: > > What is the certificate_hash value in SecurityBlock used for? > > [...] > >> A.20. Section 5.7, "If the message is not fragmented, then both the >> first and >> last fragment are set to 1..." >> >> If the first fragment bit is set to 1 when the message is fragmented >> and is also >> set to one when the message is not fragmented, then it is always set >> to 1, so >> what is the point of having it in the first place? Because it IS the first and last fragment. >> >>> I think you misread. There are two fragment flags, begin and end. > > Here's the quotes: > > Section 5.3.2: "If the high bit (0x80000000) is set, it indicates that the > message is fragmented." > Section 5.7: "If the message is not fragmented, then both the first and last > fragment bits are set to 1..." > > [...] > >> A.28. Section 10.1.1 last paragraph "such an XML configuration file >> sent over >> email." >> >> Because the signatures on the XML document are done on exact byte >> string and >> because emails servers are known to mess with end of lines, we will see >> configuration documents that cannot be verified after been sent by >> email (what >> was wrong with using XML-sig anyway?). >> >> >>> Why would an email server alter an "attachment"? Don't send them in the >>> body. > > Some email servers do alter attachments, it's a fact (and the reason why pcap > files have to be gzipped before been sent by email), but in fact I just wanted > to express that basing a signature on an XML fragment without canonicalization > was perhaps not a good idea. > > [...] > > - -- > Marc Petit-Huguenin > Personal email: [email protected] > Professional email: [email protected] > Blog: http://blog.marc.petit-huguenin.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAkz9b+4ACgkQ9RoMZyVa61emFQCfaHnoKXXtbBmgVcEBDmUYFytD > CFwAoIKbTDa7BjW1twZRTVDt+m3OEGYJ > =Kz5R > -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
