[9] RFR: 8042967: Add variant of DSA Signature algorithms that do not ASN.1 encode the signature bytes
Jason Uh
jason.uh at oracle.com
Thu Jan 29 20:41:44 UTC 2015
Mike,
Thanks for your feedback.
I'll be changing this fix to introduce new algorithm Strings to specify
the P1363 format. These strings will be of the form:
<digest>with<encryption>in<format>Format
For example:
SHA1withDSAinP1363Format
SHA1withECDSAinP1363Format
The intent is to reduce potential confusion with the extended algorithm
Strings specifying MGF functions (<digest>with<encryption>and<mgf>) by
using the word "in" for conjunction and to append "Format" to the format
name.
Would you be ok with this solution?
Thanks,
Jason
On 1/29/15 7:27 AM, Sean Mullan wrote:
> On 01/27/2015 05:40 PM, Michael StJohns wrote:
>> So what I'm concerned with is surprise. I'm also concerned with
>> "default signature formats" from new providers. Right now, I know if
>> I ask for ECDSA, the output of Signature will be in a very specific
>> format, and the math will match what's in FIPS 186-4, X9.62 and SECG.
>> I'm really uncomfortable about changing that. I think the algorithm
>> name should map to one specific suite of math and input/output
>> formats.
>
> Yes, your argument makes sense, and we will change the fix to use new
> algorithm Strings that specify the P1363 format. Jason will be following
> up with more details on that.
>
> Thanks for weighing in on this issue and spending the time to explain
> your concerns.
>
> --Sean
More information about the security-dev
mailing list