[dnsext] Re: draft-ietf-dnsext-dnssec-rsasha256-05

[Francis Dupont]

In your previous mail you wrote:

signature = ( 00 | 01 | FF* | 00 | prefix | hash ) ** e (mod n)

=> this is the standard PKCS 1 v1.5 padding so why not get the
right text from it?

b) we should request the *minimum* number of 'FF's fulfilling
the condition.

=> with the "equals" we no more need minimum (or maximum).
(I've looked at the PKCS standard and the number of 0xFF is the padding
is given by an equation too).
BTW the use of a standard padding is a good idea, both because the
padding is critical for the security and because it is a very common
padding scheme.

Regards

Francis...@fdupont.fr

--
to unsubscribe send a message to namedroppe...@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>