On Monday, March 16, 2015, Jon Callas <jon(_at_)callas(_dot_)org> wrote:
On Mar 16, 2015, at 7:49 AM, Stephen Paul Weber <
singpolyma(_at_)singpolyma(_dot_)net <javascript:;>> wrote:
In fact, aren't the RSA-E and RSA-S algorithms basically just historical
/ mostly deprecated in favour of marking keys for a particular use?
My impression was that many new implementations use the RSA-S and RSA-E
algorithms for signing keys and encryption subkeys. But -- taking a look at
SKS numbers --algorithm 1 is used quite a lot.
I generally prefer domain separation, but I don't think there's a relevant
security difference *so long as* implementations do not generate a single
RSA key such that its key usage intersects only one of {certify, sign,
authenticate} or {encrypt communications, encrypt bulk}.
(And so, in the eventual I-D, I'll likely make that the requirement. I
would be inclined, in that case, to state that implementations SHOULD
accept any of algorithms 1, 2, 3 for any usage mask valid under the
above criterion.)
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp