[Nym3-devel] SIG size for control messages sent to the nymserver.
Nick Mathewson
nickm at freehaven.net
Mon Apr 11 04:14:11 CEST 2005
On Sun, Apr 10, 2005 at 01:52:28PM +0200, Laurent Fousse wrote:
> Hi,
>
> nym-specs say every control message sent to the nymserver carries a
> RSA-OAEP signature of SHA1(remainder_of_message), section 4.3
>
> It also says the SIG size is PK_LEN = 256, however in the NEWPK specs
> (section 4.3.4) the size of the identity key used for this signature
> may be 128 or 256 octets, leading to a signature size of 128 or 256
> octets.
>
> What do you suggest?
>
> (1) force the key size to 2048 bits,
> (2) zero-pad the 128 octets signature to get a 256 octets signature,
> (3) add one leading octet that gives the signature length.
>
> I'm not really in favour of (3), and the key generation time might
> bother users of slow machines for a forced 2048 bits keysize.
I'd favor (1) myself as the easiest option; 1024-bit keys just seem
too small these days. But another option is to put the SIG part of
the message header _after_ the NL and NYM fields, so the server knows
which key to use and how long it is. We don't need to worry about
those fields being unsigned---if they are altered, the signature won't
be correct unless the signature is altered too, which is impossible
without the correct private key.
How does that sound?
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
Url : http://lists.noreply.org/pipermail/nym3-devel/attachments/20050410/a0cdcf9f/attachment.pgp
More information about the Nym3-devel
mailing list