[Top] [All Lists]

More 11/20/97 S/MIME V3 Msg Spec Comments

1997-12-03 14:13:46
Blake (and friends),

Here is another comment to the "20 Nov 97 S/MIME Version 3 Message

1) Sec H: "Need OIDs for DH"  PKIX X.509 Certificate and CRL Profile, sec
7.3.2 defines the use of the dhpublicnumber OID for DH keys in X.509 Certs
as follows:

"7.3.2 Diffie-Hellman Key Exchange Key

   This diffie-hellman object identifier supported by this standard is
   defined by ANSI X9.42.

        dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
                  us(840) ansi-x942(10046) number-type(2) 1 }

   The dhpublicnumber object identifier is intended to be used in the
   algorithm field of a value of type AlgorithmIdentifier. The
   parameters field of that type, which has the algorithm-specific
   syntax ANY DEFINED BY algorithm, would have ASN.1 type DHParameter
   for this algorithm.

        DHParameter ::= SEQUENCE {
          prime INTEGER, -- p
          base INTEGER, -- g }

   The fields of type DHParameter have the following meanings:

      prime is the prime p.

      base is the base g.

   The Diffie-Hellman public key (an INTEGER) is mapped to a
   subjectPublicKey (a BIT STRING) as follows: the most significant bit
   (MSB) of the INTEGER becomes the MSB of the BIT STRING; the least
   significant bit (LSB) of the INTEGER becomes the LSB of the BIT

   If the keyUsage extension is present in a certificate which conveys a
   DH public key, the following values may be present:

      encipherOnly; and

   At most one of encipherOnly and decipherOnly shall be asserted in
   keyUsage extension."

John Pawling   
J.G. Van Dyke & Associates, Inc.           

<Prev in Thread] Current Thread [Next in Thread>
  • More 11/20/97 S/MIME V3 Msg Spec Comments, John Pawling <=