[Jsdsi-users] Re: SPKI-related questions
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-users] Re: SPKI-related questions
|
From: <ale...@f-...> - 2005-06-09 13:46:50
|
Hello, At 09:38 6.6.2005 -0400, Sameer Ajmani wrote: >Yes, JSDSI should be hashing the canonical representation of the >public key. This is implemented using new Hash(principal), where >principal might be a PublicKey or PublicKeyHash. I may be in error, but apparently JSDSI computes hashes and signatures not on object representations in certificates but on its own internal representations, at least in some cases. In our case, types of public keys were originally specified as "rsa-pkcs-sha1", and JSDSI converted that to simply "rsa" (which is all right when done internally) and then computed hashes and signatures with the short form of the type. Sure, the result didn't match hashes and signatures in the certificates. I believe this is not a correct behavior, because some things in SPKI are not specified rigorously. Since different implementations may represent certain types and objects in different, but valid, ways, all verification computations should be applied to data found in certificates, in their original form. I'd be happy to know that the above problem is due to my misunderstanding. Otherwise, it's gonna be real hard to achieve JSDSI compatibility with other implementations even in the simplest cases. I'd appreciate your comment. Thanks. Best regards, Alexey |
