Hosting Provided By

[Hipsec] Re: The exact method used to generate a HIT from a HI

From: Tom Henderson <tomh(at)ponymail.com>
Date: Tue Mar 18 2003 - 19:05:35 EST

> On Fri, Mar 14, 2003 at 02:27:26PM +0200, Pekka Nikander wrote:

Yes, you are right, I did not read 2536 carefully enough. T can be inferred from the length of the key, I guess, plus has better alignment to leave it out. I therefore would support removing it from both the HI and the hash of the HI.

> My personal opinion would be to use the RFC2536 DSA format
I am not strongly for RFC2535 format, since original motivation was to make it storable in DNS (for which we have learned we need another RR definition anyway). But I do think that either an octet or four is needed as an algorithm field, to identify the underlying key structure, so that a HI could stand on its own and be interpretable.

Tom

Hipsec mailing list
Hipsec@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/hipsec Received on Tue Mar 18 19:47:57 2003

This message: [ Message body ]
Next message: Derek Fawcus: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"
In reply to Pekka Nikander: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"
Next in thread: Derek Fawcus: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"
Reply: Derek Fawcus: "Re: [Hipsec] Re: The exact method used to generate a HIT from a HI"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:58 EDT