ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Comments on Certs Draft

1997-10-31 11:06:23
from [Jim Schaad (Exchange)] [Permanent Link] 
From: Anil R. Gangolli [SMTP:gangolli(_at_)StructuredArts(_dot_)com]

jimsch(_at_)EXCHANGE(_dot_)MICROSOFT(_dot_)com wrote:



1.  I don't like the use of MD2 and I know of no Cryptographer who
does.   I realize that some companies are still using it and that is
why I am not suggesting a complete elimiation of it from the document,
however I would like the have the following changes made:


Section 4.3 changed the second sentence to:
A receiving agent MUST be capable of verifying the signatures on
certificates andCRLs made with md5WithRSAEncryption and
sha-1WithRSAEncryption signature algorithms with key sizes from 512
bits to 2048 bits described in [SMIME-MSG].  A receiving agent SHOULD
be capable of verifying the signatures on certificates and CRLs made
with the md2WithRSAEncryption signature algorithm with key sizes from
512 bits to 2048 bits.


Section 5.2 Third paragraph, second sentence to:
Certification authorities MUST support sha-1WithRSAEncryption and
md5WithRSAEncryption and SHOULD support MD2WithRSAEncryption for
verification of signatures on certificate requests as described in
[SMIME-MSG].


Section 5.2 Fourth paragraph is replace with:
For the creation and submission of certification-requests, RSA keys
SHOULD be identified with the rsaEncryption OID and signed with the
sha-1WithRSAEncryption signature algorithm.  Certification-request
MUST NOT be signed with the md2WithRSAEncryption signature algorithm.




Part of the reason for still accepting MD2-based signatures at
all is because there are hardware devices still in use that only
support this.  The MUST NOT above is antithetical to the purpose
of supporting it at all.  Anyone that can avoid MD2 should.
I think SHOULD NOT fits better above.

[Jim Schaad] I disagree with this.  The argument that you are using is
why I am pushing MD2 to should for certificates and CRLs.  There is NO
GOOD reason that a PKCS#10 message should be generated using MD2.  I
know of no USER END software or hardware in wide distribution which uses
MD2 as the client signature algorithm.  I agree that MD2 is used by
several distributers of certificates and CRLs, but that is not an
argument for keeping MD2 in PKCS#10 requests.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Moving ahead with S/MIME 3, Paul Hoffman
Next by Date:  More comments on the certs draft, Jim Schaad (Exchange)
Previous by Thread:  RE: Comments on Certs Draft, Jim Schaad (Exchange)
Next by Thread:  Re: Comments on Certs Draft, Anil R. Gangolli
Indexes:  [Date] [Thread] [Top] [All Lists]