Re: Suggested changes for DSA2, take 2

[Ben Laurie <ben@xxxxxxxxxxxxx>]

David Shaw wrote:
> Here is some revised suggested DSA2 language, taking Hal's comments
> into account and adding some extra polish.  While I agree with his
> suggestion to reorganize the signature sections, I'm reluctant to get
> into that in this mail as I think that getting general consensus on
> DSA2 language would be easier if the two weren't combined.  I'd be
> happy to take it up separately though.
> 
> ==================================
> 
> Section 5.2.2 (Version 3 Signature Packet Format) says:
> 
>     DSA signatures MUST use hashes with a size of 160 bits, to match q,
>     the size of the group generated by the DSA key's generator value.
>     The hash function result is treated as a 160 bit number and used
>     directly in the DSA signature algorithm.
> 
> change to:
> 
>     DSA signatures MUST use hashes that are equal to or larger than

language nit: "equal in size to"

>     the size of q, the group generated by the DSA key's generator
>     value.  If the chosen hash is larger than the size of q, the hash
>     result is truncated to fit by taking a number of leftmost bits
>     equal to the number of bits in q.  This (possibly truncated) hash
>     function result is treated as a number and used directly in the
>     DSA signature algorithm.


-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff