Re: [P2PSIP] Size of Signature.algorithm and SignerIdentityValue.hash_alg

Eric Rescorla Tue, 26 Apr 2011 11:10:14 -0700

On Mon, Apr 11, 2011 at 11:54 PM, Marc Petit-Huguenin <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Michael,
>
> On 04/07/2011 06:10 PM, Michael Chen wrote:
>> Hi,
>>
>> Section 5.3.4 of the base-13 draft needs some work:
>>
>> 1) The type name SignatureAndHashAlgorithm should be renamed 
>> SignatureAlgorithm
>> to match the same name in TLS. This name caused confusion in Wireshark
>> implementation, which treats it as two bytes, one for signature algorithm and
>> one for hash algorithm.
>
> My understanding is the opposite of yours:  It's the text that is incorrect, 
> i.e.
>
> "The algorithm definitions are found in the IANA TLS SignatureAlgorithm 
> Registry."
>
> should be replaced by
>
> "The algorithm definitions are found in the IANA TLS SignatureAlgorithm and
> HashSignature Registries."


Fixed.

>> 2) In TLS, both SignatureAlgorithm and HashAlgorithm are enum that are never
>> part of any PDU send over the wire. Therefore, their size is not relevant to 
>> the
>> TLS text. These two are in the RELOAD PDU, so this draft MUST define their 
>> size
>> explicitly to be both uint8. The value of the fields can still mention TLS.
>
> They are both defined in TLS 1.2 section 7.4.1.4.1 with a size of 8 bit [see
> RELOAD section 5.3.1.1 for the meaning of (255)]:
>
>    enum {
>          none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
>          sha512(6), (255)
>      } HashAlgorithm;
>
>      enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
>        SignatureAlgorithm;

Agreed.

>
>>
>> 3) There is no formal definition of the SignerIdentityValue.hash_alg field.
>>

I believe that there is at TLS 1.2. If you still disagree, please advise.

-Ekr

> - --
> Marc Petit-Huguenin
> Personal email: [email protected]
> Professional email: [email protected]
> Blog: http://blog.marc.petit-huguenin.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk2j9wYACgkQ9RoMZyVa61desACfc7F9yfiMCv93nBCYt63nRoIf
> evwAoJrH1N2JFcKdQw2oYw45EiEQzpUb
> =ocV0
> -----END PGP SIGNATURE-----
> _______________________________________________
> P2PSIP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/p2psip
>
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip

Re: [P2PSIP] Size of Signature.algorithm and SignerIdentityValue.hash_alg

Reply via email to