[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Issue 10: Calculating Hashes and Signatures
- Subject: Issue 10: Calculating Hashes and Signatures
- From: Chris Lonvick <clonvick@cisco.com>
- Date: Thu, 09 Oct 2003 10:40:29 -0700
Hi Everyone,
Albert has raised a new issue. Please comment to the mailing list.
Thanks,
Chris
================================================================
Issue 10: Calculating Hashes and Signatures
Albert has raised some concerns about the clarity of the language used to
describe the way hashes and signatures are calculated.
>From the Archive:
http://www.mail-archive.com/syslog-sec%40employees.org/msg01314.html
Alberts' proposal:
"""
Calculating Hashes and Signatures
Before a Signature or Certificate Block can be send, some
cryptographic calculations needs to be done. Elsewhere in this
document is specified which algorithms need to be used, and
where to place the result. This section specifies the data used
as input for those calculations
For each device-message (not for relayed messages), a hash SHOULD
be calculated. It is REQUIRED to use the complete message
including PRI, HEADER and MSG parts as input for the hashing.
Those hashes are transited, later, in a Signature Block.
Both, the Signature Block and the Certificate Block contain a
digital signature. Those signatures SHOULD be calculated over the
HASH of the partially composed message. It is REQUIRED to
calculate the HASH of all parts and all fields of the composing
message, but the signature-field. Also, the separating space(s)
direct before the signature-field NOT SHOULD be part of this
calculation. After calculating the HASH and the SIGNATURE, a
space and the SIGNATURE should appemded to the message. It is
RECOMMENDED to send this message directly, as the timestamp will
age.
"""