[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Comments on Requirements Draft
At 01:51 PM 3/27/2003 -0800, Trevor Perrin wrote: >At 02:47 PM 3/27/2003 -0500, Robert Zuccherato wrote: > >>In Section 3.3.2 the statement is made that "Client-side hashing requires >>the client to have knowledge of which hash algorithms the server is >>capable of signing". I may be missing something obvious, but why? The >>client has already calculated the hash, so the DSS does not need to >>compute the hash again. It can just take the resultant hash value and >>compute the signature. Now, we may eventually want to produce a security >>requirement that the DSS should only sign using hashes that it believes >>are secure, but that doesn't mean that the server is not capable of signing it. > >I think most public-key signature algorithms (PKCS v1.5, PSS) incorporate >an OID of the hash algorithm in the data they sign with the private key, >or do something similar. If they don't there's a rollback attack where, >even though you signed with SHA1, if I can find pre-images on MD4 or >something, then I can make a forgery and tell the recipient the message >was MD4-hashed (10.1.2 Note 1 in RFC 2313). > >So if a DSS service doesn't know the OID of your hash algorithm, it might >not be able to sign it. I'll add a sentence to explain the rationale. Sorry, I was wrong. With XML-DSIG or CMS/PKCS#7 the server is going to be re-hashing the hash the client sends (to include signed attributes and whatever), and signing that. So this requirement doesn't apply. I supposed it would apply if we wanted to have a PKCS #1 v1.5 DSS server, but that's a pretty special case, so I'll take that requirement out. Note that because of the re-hashing, blinding isn't really possible, which was something we had discussed, so I left it out of the document, unless there's something we should say about it? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]