|
We are currently implementing an RFC3161-compliant
timestamping server. Various timestamping clients that we have downloaded
always encode the MessageImprint->hashAlgorithm AlgorithmIdentifier with
the "parameters" field missing.
Whilst I accept that X.509 and RFC3280 define the
AlgorithmIdentifier "parameters" field as OPTIONAL, surely this definition is
"overridden" by PKCS#1 and RFC3279. RFC3279 (section 2.2.1) states,
for MD2/MD5/SHA-1 with RSA, that "the parameters component of that type
SHALL be the ASN.1 type NULL". RFC2119, of course, defines
"SHALL" as "an absolute requirement of the specification".
If we follow PKCS#1 and RFC3279, we appear to be
incompatible with other timestamping clients/servers.
1). Who is technically correct?
2). Regardless of who is technically correct,
should our timestamping server allow "parameters" to be OPTIONAL or not (for
MD2/MD5/SHA-1 with RSA) in
a). the requests it
receives?
b). the responses it
generates?
Thanks in advance.
Rob Stradling
Comodo Research Lab
|