ietf-smime
[Top] [All Lists]

Re: Open issues in the message draft

1997-09-18 14:52:38
At 11:37 AM -0700 9/18/97, David Solo wrote:
I don't think we need to address this in the document. Instead, we should
discuss this more on the mailing list, and add the desired profiles (if
any) to the OIDs list that is separate from the document. That way, if we
think of other profiles later, we can add them at will.

I'm not sure it falls into this category, but part of the discussion dealt
with the issue of "suites".  In some cases (especially where hardware tokens
are involved) all possible combinations of digest, signature, encryption,
and keymgmt algs may not work - consequently, capabilities need to express
and handle combinations/suites.

Precisely. Such a "suite" (or "profile") could be defined to mean
"elliptical curve for key exchange, ElGamal for signature, and rot13 for
encryption". That would get a single OID that would define what it means.

The other facet of this is what to do when encrypting a message for multiple
recipients with different capabilities - in particular a case when some
recipients handle only weak encryption.  Should an implementation take the
"lowest common denominator", send multiple messages, exclude weak-only
recipients, engage the sender?

I'm a tad confused about what you're asking. For encrypting, you have to
create a different message for each recipient. The decision of what
algorithm/strength to use is already being decided on a
recipient-by-recipient basis. Am I missing something here?

--Paul E. Hoffman, Director
--Internet Mail Consortium



<Prev in Thread] Current Thread [Next in Thread>