Add appendix with component algorithm references

lamps-wg / draft-composite-sigs

IETF Internet-Draft about X.509 certificates with composite keys and signatures.

Other

3 stars 1 forks source link

Add appendix with component algorithm references #16

Closed janklaussner closed 4 months ago

janklaussner commented 4 months ago

appendix with references of signature, curves and hashes
updated section 'Algorithm Identifiers' with reference to appendix and IDs of component algorithms
updated algorithm description for signature generation and verification to use Domain separator

ounsworth commented 4 months ago

I think this is a good start, but since these are fixed values, I think we should actually provide HEX DER encoded AlgorithmIDs for each row, then there is absolutely no ambiguity.

ounsworth commented 4 months ago

Also, once we have this sorted out here, we will need to do the same in composite-kems: https://github.com/lamps-wg/draft-composite-kem/issues/20

janklaussner commented 4 months ago

I think this is a good start, but since these are fixed values, I think we should actually provide HEX DER encoded AlgorithmIDs for each row, then there is absolutely no ambiguity.

You mean in the appendix? These values are not fed into the signature, they just help to identify the component algorithm used. Is your point that providing DER OID values instead of ASN.1 OIDs helps the implementer with this?

johngray-dev commented 4 months ago

@ounsworth I don't understand why we would need to put hex encodings of the OIDS for the component signatures. They are not used during the signature computation process. We already hex encode the composite OIDs themselves which is a representation of the entire composite algorithm. I think what Jan has here is fine.