[43403] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Why the exponent 3 error happened:

daemon@ATHENA.MIT.EDU (James A. Donald)
Fri Sep 15 08:56:29 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 15 Sep 2006 21:13:35 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <20060914212128.GK28788@piias899.ms.com>

     --
Victor Duchovni wrote:
 > If so, I fear we are learning the wrong lesson, which
 > while valid in other contexts is not pertinent here.
 > TLS must be flexible enough to accommodate new
 > algorithms, this means that the data structures being
 > exchanged are malleable, and that implementations must
 > validate strict adherence to a specifically defined
 > form for the agreed algorithm, but the ability to
 > express other forms cannot be designed out.

There is no need, ever, for the RSA signature to encrypt
anything other than a hash, nor will their ever be such
a need.  In this case the use of ASN.1 serves absolutely
no purpose whatsoever, other than to create complexity,
bugs, and opportunities for attack.  It is sheer
pointless stupidity, complexity for the sake of
complexity, an indication that the standards process is
broken.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      mKNEZf/r5lZqyGpNhzkQ0zdt2uAdaxkSyyyxAW3W
      4BWO8prrBiE/VfMik8xpeS4TgD+5KsqGSGeRw2Dxr

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post