Digital signatures have a big problem with meaning
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jun 8 11:42:46 EDT 2005
Ben Laurie <ben at algroup.co.uk> writes:
>Anne & Lynn Wheeler wrote:
>> Peter Gutmann wrote:
>>> That cuts both ways though. Since so many systems *do* screw with
>>> data (in
>>> insignificant ways, e.g. stripping trailing blanks), anyone who does
>>> massage
>>> data in such a way that any trivial change will be detected is going
>>> to be
>>> inundated with false positives. Just ask any OpenPGP implementor about
>>> handling text canonicalisation.
>>
>> this was one of the big issues in the asn.1 encoding vis-a-vis xml
>> encoding wars.
>>
>> asn.1 encoding provided deterministic encoding for signed material,
>
>You mean it _would_ have done if anyone could implement it correctly. Sadly,
>experience shows that no-one can.
Right, but that's lead to a de-facto encoding rule of "The originator encodes
it however they like, and everyone else re-encodes it (if required) using
memcpy()". The advantage of the format is that it's never tried to be
anything other than a pure binary-only format, so moving it over text-only
channels is handled at the next layer down (usually base64), rather than
trying to make the encoding itself text-only-capable and then finding yourself
in a world of pain when half the systems the stuff passes through mangle the
text.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list