In the current draft, support for the protocol elements is required, but
no specific algorithm is required. This inconsistency is the basis
of my question.
At 02:06 PM 7/10/2001 -0400, Mike Just wrote:
Apologies Russ, but
I'm not clear on exactly what you're stating below. You're
introductory text indicates that implementations MUST support key
transport, key agreement and previously distributed key-encryption keys
(PDKEK), but the table from the minutes you include below only indicates
a MUST for key transport (using RSA PKCS#1 v1.5). I would have
assumed that only key transport MUST be implemented? If key
agreement and PDKEK MUST be implemented, I must admit that I didn't
notice any consensus for this on the list.
> -----Original Message-----
> From: Housley, Russ
> Sent: Tuesday, July 10, 2001 12:51 PM
> To: ietf-smime(_at_)imc(_dot_)org
> Subject: Key Wrap Algorithms
> After a fairly long debate, the consensus on key
management has been
> reached. We seem to agree that:
> Implementations MUST support
key transport, key
> agreement, and previously
> distributed symmetric
key-encryption keys, as represented
> by ktri,
> kari, and
> kekri, respectively.
Implementations MAY support the
> password-based key
> management as represented by
pwri. Implementations MAY
> support any other
> key management technique as
represented by ori.
> At the last IETF meeting, we agreed on the mandatory to
> algorithms. The Minutes say:
> Signature: DSA and RSA (PKCS #1
v1.5) as per Russ' proposal
> Message digest: SHA-1
> Key Management: RSA (PKCS #1 v1.5)
> Encryption: Triple-DES
> But, the Minutes are silent about key wrapping.
> It is my view that we should require implementations to
> support Triple-DES
> Key Wrap. This view is reflected in
> draft-ietf-smime-cmsalg-00. And, I
> think that this approach will facilitate the adoption of mail lists.
> I want to hear from others. What do you think is the best
> MUST and SHOULD
> statements regarding key wrap algorithms?