Robert Zuccherato <robert(_dot_)zuccherato(_at_)entrust(_dot_)com> writes:
Having not attended the Minneapolis meeting I must say that I was very
surprised by your recommendation to drop OAEP as the MUST implement key
transport mechanism with AES in favour of KEM.
This was done to death on the list a few months back. The consensus seemed to
be that there was little support for OAEP, and a fair bit of opposition to
tying it to AES (see the list archives for the exact details and rationale).
Partly as a result of that effort, implementations of OAEP have started to
appear (e.g. OpenSSL)
The OpenSSL OAEP had nothing to do with this, OAEP was added on an experimental
basis in late '98 or early '99 after the first PKCS #1v2 drafts appeared, and
it's stayed at that level ever since.