[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AlgorithmIdentifier, SHA-1, etc.

To: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Subject: Re: AlgorithmIdentifier, SHA-1, etc.
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 07 Apr 2007 07:30:42 -0700
Cc: ekr@xxxxxxxxxxxxxxxxxxxx, ietf-smime@xxxxxxx, ietf-pkix@xxxxxxx
In-reply-to: <E1Ha4vO-0002Z4-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <20070406182928.6C6E65C02B@xxxxxxxxxxxxxxxxxxxxxxxxxx> <E1Ha4vO-0002Z4-00@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Sat, 07 Apr 2007 19:01:26 +1200,
Peter Gutmann wrote:
> 
> 
> Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx> writes:
> 
> >So, what's the right answer here?
> 
> Read the OID and hash value, toss the rest.  Doing anything else is just
> asking for trouble.
> 
> (There's really no question here: There are two ways to do this, knowing in
>  advance what you'll encounter in the field isn't possible, so the only
>  workable solution is to not compare the encoded value, or if you must,
>  compare two pre-encoded alternatives for each possible hash algorithm.  This
>  still breaks though if someone gets the encoding slightly wrong... comparing
>  a pre-built value is just asking for trouble).

Totally agree.

My question was more what we ought to recommend.

-Ekr

References:
- AlgorithmIdentifier, SHA-1, etc.
  - From: Eric Rescorla
- Re: AlgorithmIdentifier, SHA-1, etc.
  - From: Peter Gutmann

Prev by Date: Re: AlgorithmIdentifier, SHA-1, etc.
Previous by thread: Re: AlgorithmIdentifier, SHA-1, etc.
Index(es):
- Date
- Thread