A note on vendor reaction speed to the e=3 problem
David Shaw
dshaw at jabberwocky.com
Sat Sep 16 17:34:23 EDT 2006
On Sat, Sep 16, 2006 at 12:35:08PM +1000, James A. Donald wrote:
> --
> Peter Gutmann wrote:
> > > How does [GPG] handle the NULL vs.optional
> > > parameters ambiguity?
>
> David Shaw:
> > GPG generates a new structure for each comparison, so
> > just doesn't include any extra parameters on it. Any
> > optional parameters on a signature would cause that
> > signature to fail validation.
> >
> > RFC-2440 actually gives the exact bytes to use for the
> > ASN.1 stuff, which nicely cuts down on ambiguity.
>
> This amounts to *not* using ASN.1 - treating the ASN.1
> data as mere arbitrary padding bits, devoid of
> information content.
That is correct. OpenPGP passes the hash identification in the
OpenPGP data as well as encoded in ASN.1 for the PKCS-1 structure.
Since there is another source for the information, it is unnecessary
to generate or parse ASN.1. In the case of GPG specifically (other
implementations may do the same, but I can't say for sure), all ASN.1
data is hardcoded opaque strings.
David
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list