Why the exponent 3 error happened:
James A. Donald
jamesd at echeque.com
Fri Sep 15 07:13:35 EDT 2006
--
Victor Duchovni wrote:
> If so, I fear we are learning the wrong lesson, which
> while valid in other contexts is not pertinent here.
> TLS must be flexible enough to accommodate new
> algorithms, this means that the data structures being
> exchanged are malleable, and that implementations must
> validate strict adherence to a specifically defined
> form for the agreed algorithm, but the ability to
> express other forms cannot be designed out.
There is no need, ever, for the RSA signature to encrypt
anything other than a hash, nor will their ever be such
a need. In this case the use of ASN.1 serves absolutely
no purpose whatsoever, other than to create complexity,
bugs, and opportunities for attack. It is sheer
pointless stupidity, complexity for the sake of
complexity, an indication that the standards process is
broken.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
mKNEZf/r5lZqyGpNhzkQ0zdt2uAdaxkSyyyxAW3W
4BWO8prrBiE/VfMik8xpeS4TgD+5KsqGSGeRw2Dxr
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list