On 07/08/10 17:59, Brock Pytlik wrote:
I've looked @ the openssl and the sendmail example you've provide and
I'd certainly take issue with your description of them as legible.
Setting that aside, the reason I'd use two attributes is because, at
package signing time, the package signer has (potentially) two
decisions, the hash algorithm to use, and the signing algorithm to
apply. Representing those two decisions as separate attributes seems
obvious to me.
In several protocols (including TLS and X.509) and cryptographic
interfaces (pkcs11) the combination of a signature algorithm and a hash
algorithm are identified by a single code point; not all combinations
are even possible (and not all combinations necessarily make sense
together).
As a more specific example, in the case of FIPS-186-2 elliptic curve
signatures, the choice of elliptic curve also dictates the hash function
to use -- you use sha-256 with the 256-bit curve, sha-384 with the
384-bit curve, etc.,
I'm told that folks evaluating cryptographic protocols generally prefer
to see suites of algorithms defined together rather than allowing the
user to arbitrarily mix and match; this generally reduces the number of
possibilities to evaluate and also eliminates silly combinations where
one algorithm is much weaker than the other.
- Bill
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
