My impression was that many new implementations use the RSA-S and RSA-E
The opposite is true. RSA-S and RSA-E are from old implementations. These
days there are more robust ways to specify what a key is for.
I generally prefer domain separation, but I don't think there's a relevant
security difference *so long as* implementations do not generate a single
RSA key such that its key usage intersects only one of {certify, sign,
authenticate} or {encrypt communications, encrypt bulk}.
For sure, but this seperation is done in metadata, not in the algorithm
identifier.
--
Stephen Paul Weber, @singpolyma
See <http://singpolyma.net> for how I prefer to be contacted
edition right joseph
signature.asc
Description: Digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp