Martin Rex пишет:
I'm still quite confused.
All references to GOST signature algorithms of the kind [GOST3410] ought to be fixed to say [GOST3410-2001].
I think that can de done, despite the fact that there is no other
algorithm coded as GOST 3410, except GOST 34.10-2001.
It seems it mixed up the (deprecated) signature Algorithm GOST R34.10-1994
and the hash/digest algorith GOST R34.11-1994 that is still being used
for signatures with GOST R34.10-2001.
It seems that no mixture takes place. Signature standard has number
34.10, hash standard has number 34.11.
I cannot see how they can be mixed up.
RFC-4357 was published in January 2006, i.e. after GOST signature
algorithm R34.10-1994 algorithm was deprecated (12.09.2001) and
after which is must no longer be used (12.09.2004) according to
your description. The GOST TLS ciphersuite document still defines
and uses the deprecated signature algorithm...
IMHO, rfc4357 should have been completely stripped from GOST R34.10-1994
before publication if what you describes really applies to this algorithm.
I think that is a question to authors of RFC4357 and I think that
corrections should be issued.
Which is not really helpful. Any specification referencing rfc-4357
will now have to declare which kind of parameter sets (as defined in
rfc-4357) should be used/accepted for which purpose and which
parameter set is the default.
Yes. And this is done in the draft text. Read it.
Corresponding public key parameters are those identified by
id-GostR3410-2001-CryptoPro-A-ParamSet (1.2.643.2.2.35.1) [RFC4357 <http://tools.ietf.org/html/rfc4357>],
and the digest parameters are those identified by
id-GostR3411-94-CryptoProParamSet (1.2.643.2.2.30.1) [RFC4357 <http://tools.ietf.org/html/rfc4357>].
No confusions, no ambiguity.
The purpose, existance and semantics of the "test" algorithm parameter
sets are particularly confusing.
Document -
draft-ietf-dnsext-dnssec-gost-06
does not use any "test" parameters from RFC 4357 and does not reference
any of them.
HTH,
dol@
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf