[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dnsext] Is rfc3110 correct?

To: namedroppers@ops.ietf.org
Subject: [dnsext] Is rfc3110 correct?
From: Mark Andrews <marka@isc.org>
Date: Sat, 24 Oct 2009 19:11:08 +1100

	This looks like is should be PKCS1 type 1 padding but that
	starts with 00.

% grep signature rfc2537.txt rfc3110.txt | grep FF
rfc2537.txt:     signature = ( 00 | 01 | FF* | 00 | prefix | hash ) ** e (mod n)
rfc3110.txt:         signature = ( 01 | FF* | 00 | prefix | hash ) ** e (mod n)
% 

	draft-ietf-dnsext-dnssec-rsasha256-14 looks ok.

% grep signature draft-ietf-dnsext-dnssec-rsasha256-14.txt | grep FF
   signature = ( 00 | 01 | FF* | 00 | prefix | hash ) ** e (mod n)
% 

	I noticed this as rsasha256 and rsasha512 is not supported
	by OpenSSL 0.9.7 and to one had to use something more
	primative than RSA_sign().

	Matk
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: mark@isc.org

Prev by Date: [dnsext] A64-DNS Resource Record for IPv4-mapped IPv6 Address
Next by Date: [dnsext] Re: Is rfc3110 correct?
Previous by thread: [dnsext] A64-DNS Resource Record for IPv4-mapped IPv6 Address
Next by thread: [dnsext] Re: Is rfc3110 correct?
Index(es):
- Date
- Thread