[9] RFR: 8042967: Add variant of DSA Signature algorithms that do not ASN.1 encode the signature bytes

Jason Uh jason.uh at oracle.com
Thu Jan 29 20:41:44 UTC 2015


Mike,

Thanks for your feedback.

I'll be changing this fix to introduce new algorithm Strings to specify 
the P1363 format. These strings will be of the form:

   <digest>with<encryption>in<format>Format

For example:

   SHA1withDSAinP1363Format
   SHA1withECDSAinP1363Format

The intent is to reduce potential confusion with the extended algorithm 
Strings specifying MGF functions (<digest>with<encryption>and<mgf>) by 
using the word "in" for conjunction and to append "Format" to the format 
name.

Would you be ok with this solution?

Thanks,
Jason

On 1/29/15 7:27 AM, Sean Mullan wrote:
> On 01/27/2015 05:40 PM, Michael StJohns wrote:
>> So what I'm concerned with is surprise.  I'm also concerned with
>> "default signature formats" from new providers.  Right now, I know if
>> I ask for ECDSA, the output of Signature will be in a very specific
>> format, and the math will match what's in FIPS 186-4, X9.62 and SECG.
>> I'm really uncomfortable about changing that.  I think the algorithm
>> name should map to one specific suite of math and input/output
>> formats.
>
> Yes, your argument makes sense, and we will change the fix to use new
> algorithm Strings that specify the P1363 format. Jason will be following
> up with more details on that.
>
> Thanks for weighing in on this issue and spending the time to explain
> your concerns.
>
> --Sean



More information about the security-dev mailing list