Jon Callas schrieb:
But that's what the existing consensus is. Do we have to, at this late
date, throw out the existing consensus and put in RSA and CAs?
I think we can agree not to have any notion of CAs in syslog-sign,
besides the simple fact that users of PKIX and OpenPGP keys might use
one witout affecting syslog-sign.
But what would be necessary to include RSA and ECDSA? As far as I see we
just had to assign two additional VERsion digits values for the
Signature Scheme.
So I suggest for 4.2.1:
Signature Scheme - 1 octet, where, in conjunction with Protocol
Version 01, a value of "1" denotes OpenPGP DSA [RFC4880,
FIPS 186-3], a value of "2" denotes RSA [RFC4880, FIPS 186-3],
and a value of "3" denotes ECDSA [FIPS 186-3].
The version, hash algorithm [...unchanged paragraph...] marks).
For interoperability all implementations MUST support Version "0111"
(DSA with SHA-1).
Updated references:
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., D. Shaw,
and R. Thayer, "OpenPGP Message Format", RFC 4880,
November 2007.
[FIPS 186-3] Federal Information Processing
Standards Publication (FIPS PUB) 186-3,
Digital Signature Standard (DSS), (draft)
March 2006.
--
Martin
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
