I've got some comments on draft-ietf-pkix-sha2-dsa-ecdsa.
The introduction states that the document specifies values for
signatureValue, signatureAlgorithm, and signature. Section 2 includes
hash algorithm OIDs. None of these hash OIDs ever appear in one of
these fields. We should either a) delete section 2 (not what I suspect
we want) b) change the abstract/intro to indicate that we're also
specifying hash algorithms. May I suggest the following changes to the
abstract/intro:
b1) No references in abstract: r/This document updates RFC 3279 [RFC
3279]/This document updates RFC 3279
b2) Add the following to the end of the abstract and in the intro: This
document also identifies the SHA2 family of one-way hash functions for
use in the Internet X.509 PKI.
b3) Add a new final intro paragraph to say explicitly what got updated
and to indicate other sections in 3279 have been updated by RFC 5480:
This document updates RFC 3279 [RFC3279] sections 2.1, 2.2.2, and 2.2.3.
Note that RFC 5480 [RFC 5480] updates sections 2.3.5 and 5, and the
ASN.1 module.
Section 3: r/This section identifies OIDs for DSA and ECDSA with
SHA-224, SHA-256, SHA-384, and SHA-512./This section identifies OIDs for
DSA with SHA-224 and SHA-256 as well as ECDSA with SHA-SHA-224, SHA-256,
SHA-384, and SHA-512.
Section 3.2: RFC 5480 updates the entire 3279 ASN.1 module so I
think we should point there for ECDSA signature values. r/Encoding
rules for ECDSA signature values are specified in [RFC 3279]/Encoding
rules for ECDSA signature values are specified in [RFC 5480].
Section 4: I think we should delete the pseudo ASN.1 module because it's
not a valid ASN.1 module, the SHA2 OIDs are already in RFC 4055 ASN.1
module, and DSA/ECDSA OIDs are already in the RFC 5480 ASN.1 module (the
RFC 5480 imports the SHA2 OIDS from RFC 4055). I suggest we replace the
entire section with the following: "The SHA2 family of OIDs are in the
RFC 4055 [RFC 4055] ASN.1 module and the OIDs for DSA with SHA-224 and
SHA-256 as well as ECDSA with SHA-SHA-224, SHA-256, SHA-384, and SHA-512
are defined in RFC 5480 [RFC 5480] ASN.1 module."
Add references to include RFC 4055 and RFC 5480.
spt
Internet-Drafts@xxxxxxxx wrote:
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Public-Key Infrastructure (X.509)
Working Group of the IETF.
Title : Internet X.509 Public Key Infrastructure:
Additional Algorithms and Identifiers for DSA and ECDSA
Author(s) : Q. Dang
Filename : draft-ietf-pkix-sha2-dsa-ecdsa-07.txt
Pages : 9
Date : 2009-08-04
This document updates RFC 3279 [RFC 3279] to specify algorithm
identifiers and ASN.1 encoding rules for the Digital Signature
Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm
(ECDSA) digital signatures when using SHA-224, SHA-256, SHA-384 or
SHA-512 as hashing algorithm. This specification applies to the
Internet X.509 Public Key infrastructure (PKI) when digital
signatures are used to sign certificates and certificate revocation
lists(CRLs).
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-sha2-dsa-ecdsa-07.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.