Opened 8 years ago

Closed 7 years ago

#20 closed defect (fixed)

Do we want to be tied to TLS signing algorithms?

Reported by: benl@… Owned by: draft-ietf-trans-rfc6962-bis@…
Priority: major Milestone:
Component: rfc6962-bis Version:
Severity: - Keywords:
Cc:

Description

Russ Housley observes:

In Section 2.1.4, this protocol supports two signature algorithms. I do not think this raises any algorithm identifier concerns because the digitally-signed structure from TLS is used. By reusing this structure, you are accepting the IANA Registry rules for algorithm identifier assignment. This leads to a question: will this protocol ever need a hash algorithm identifier or a signature algorithm identifier that is not already registered? I ask because the rules are strict (because the number of identifiers is not very big)...

-- Values in the range 0-63 (decimal) inclusive are assigned via Standards Action.
-- Values in the range 64-223 (decimal) inclusive are assigned via Specification Required.
-- Values from 224-255 (decimal) inclusive are reserved for Private Use.

-- Values in the range 0-63 (decimal) inclusive are assigned via Standards Action.
-- Values in the range 64-223 (decimal) inclusive are assigned via Specification Required.
-- Values from 224-255 (decimal) inclusive are reserved for Private Use.

Change History (2)

comment:1 Changed 8 years ago by eranm@…

It does simplify implementation by being able to pass the DigitallySigned? structure into OpenSSL/NSS for validation of the signature.

comment:2 Changed 7 years ago by eranm@…

  • Resolution set to fixed
  • Status changed from new to closed

If a hash/signature algorithm is not good enough to be used in TLS then it's probably not useful for CT. Marking as closed.

Note: See TracTickets for help on using tickets.