Hi Everyone, Albert has raised a new issue. Please comment to the mailing list.
Thanks, Chris ================================================================ Issue 10: Calculating Hashes and Signatures Albert has raised some concerns about the clarity of the language used to describe the way hashes and signatures are calculated. >From the Archive: http://www.mail-archive.com/syslog-sec%40employees.org/msg01314.html Alberts' proposal: """ Calculating Hashes and Signatures Before a Signature or Certificate Block can be send, some cryptographic calculations needs to be done. Elsewhere in this document is specified which algorithms need to be used, and where to place the result. This section specifies the data used as input for those calculations For each device-message (not for relayed messages), a hash SHOULD be calculated. It is REQUIRED to use the complete message including PRI, HEADER and MSG parts as input for the hashing. Those hashes are transited, later, in a Signature Block. Both, the Signature Block and the Certificate Block contain a digital signature. Those signatures SHOULD be calculated over the HASH of the partially composed message. It is REQUIRED to calculate the HASH of all parts and all fields of the composing message, but the signature-field. Also, the separating space(s) direct before the signature-field NOT SHOULD be part of this calculation. After calculating the HASH and the SIGNATURE, a space and the SIGNATURE should appemded to the message. It is RECOMMENDED to send this message directly, as the timestamp will age. """
