Greetings,
This is what RFC 5996 has to say about DSA:
(3.8. Authentication Payload)
...
DSS Digital Signature 3
Computed as specified in Section 2.15 using a DSS private key
(see [DSS]) over a SHA-1 hash.
I have several questions about this.
1) DSS is the standard, which approves three digital signature schemes.
Since the use of two of them (RSA and ECDSA) with IKEv2 is specified
elsewhere, I'm presuming that the first two occurances of "DSS" above
actually mean "DSA". Is this correct?
2) DSS only specifies the conceptual form of the signature (two numbers r
and s), and doesn't define an octet-sequence representation. Neither does
RFC 5996. So what representation is to be used?
3) Why is SHA-1 used here, instead of the SHA corresponding to the key
length? Note that DSS advises against the former:
(4.2 Selection of Parameter Sizes and Hash Functions for DSA)
...
A hash function that provides a lower security strength than the (L, N)
pair ordinarily *should not* be used, since this would reduce the
security strength of the digital signature process to a level no greater
than that provided by the hash function.
Regards,
Roman.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
