I can't follow the link to the Perrin draft, it says 'you lose' On the hashing:
1) Please eliminate SHA1 completely. At this point it is an ex-algorithm so far as new protocols go. 2) Algorithm identifiers need to be managed using either an IANA registry or some existing crypto-registry. At present adding support for a new algorithm would change the protocol syntax. The usual solution is either to use ASN.1 OIDs for algorithm IDs or re-use the identifiers originally defined for PEM. Since we are dealing with SSL and hence PKIX here implementations will already need code to manage algorithms by OID (and by SSL cipher suite ID but that is another ball of wax). 3) It is not at all clear how the digest is calculated and in particular whether that includes the algorithm identifier for the public key type. It is essential to prevent an algorithm substitution attack. Could we break off the section that defines the digest identifier from the rest of the document? I can send text for this as I am currently working on doing just that. The need to have a strong reference to some object comes up time and again. It really calls for having a URI. On Tue, Sep 20, 2011 at 2:08 PM, Chris Palmer <[email protected]> wrote: > Is attached, now in XML. The main change is that I got rid of widely > and rightly reviled pin revocation business, and replaced it with a > better idea from Trevor Perrin. Big thanks to everyone who reviewed > and commented on the previous draft. Precisely how to generate > fingerprints is answered with working code from Adam Langley. The > gross errors that surely remain are my fault alone. :) > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec > > -- Website: http://hallambaker.com/
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
