ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: DH keypair generation (was RE: S/MIME V3 Msg Spec Comments)

1997-11-10 06:29:43
from [John Pawling] [Permanent Link] 
Blake,

IMHO, the S/MIME v3 Message Spec doesn't need to say anything about combo
certs.  The S/MIME v3 Certificate Handling spec probably should same
something about combo certs (i.e. allowed or prohibited).

The PKIX I document lists X9.42 and X9.57 as reference documents for D-H and
DSS, respectively.  Also, there is a NIST document entitled "Stable
Implementation Agreements for Open Systems Interconnection Protocols: Part
12 - OS Security, Output from the June 1995 Open Systems Environment
Implementors' Workshop (OIW)".  I will send you all three documents.

I believe that there should be separate appendices to the CMS spec that
provide the gory details (e.g. padding, key length, mode, etc) regarding the
use of DSS, SHA-1, KEA, Skipjack, D-H, and RSA algorithms.  If the WG is in
favor of this strategy, I would be happy to draft some of these appendices
(e.g. KEA and Skipjack). 

================================
John Pawling   
jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.           
================================


At 01:59 PM 11/7/97 -0800, Blake Ramsdell wrote:

On Friday, November 07, 1997 1:44 PM, jsp(_at_)jgvandyke(_dot_)com
[SMTP:jsp(_at_)jgvandyke(_dot_)com] wrote:

DH and DSS keys are separately generated.  The public DH and DSS keys are
stored in separate X.509 Certificates.


This was something that was being discussed at one point -- the
possibility of a "combo" certificate that had both signature
verification and key management properties (the public part of the DH
encrypting pair and the public part of the DSS pair).


How about changing the text to the following: "An S/MIME agent or some
related administrative utility or function MUST be capable of generating
separate DH and DSS public/private key pairs on behalf of the user."


Yup.  Sounds good.  Comments?  Objections?

I will also change the current references to [DH-DSS] to just be [DSS].

What would be the best source to use for the [DH] (Diffie-Hellman
encryption) and [DSS] (DSS) references?  Are we making a draft for this?

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Even newer versions of the drafts, Paul Hoffman / IMC
Next by Date:  Re: ESS-00 Comments, John Pawling
Previous by Thread:  RE: DH keypair generation (was RE: S/MIME V3 Msg Spec Comments), Darren Harter
Next by Thread:  RE: DH keypair generation (was RE: S/MIME V3 Msg Spec Comments), David P. Kemp
Indexes:  [Date] [Thread] [Top] [All Lists]