Makoto,
I agree that the wording is confusing. The intent was to say "If the agent
supports rsaEncryption, then it MUST support encryption of symmetric keys
with RSA public keys at key sizes from 512 bits to 1024 bits."
At the 10 Dec 97 Washington D.C. IETF S/MIME WG, the following decisions
were made:
"CMS 02 Proposal 6: The WG agreed that the "MUST implement" algorithms are
SHA-1, DSA, Diffie-Hellman (D-H) and 3DES as specified in MSG3. The D-H
will be one of the X9.42 variants. The 3DES will use three independent keys
and CBC mode. Russ stated that CMS 02 will include placeholders for the
algorithm specifications that will include details regarding the use of the
"MUST implement" cryptographic algorithms with CMS. After a brief debate
regarding which I-D should include the "MUST implement" cryptographic
algorithms, it was agreed that the CMS I-D will specify the "MUST implement"
algorithms and that the MSG3 I-D will refer to the CMS I-D for the
specification of the "MUST implement" algorithms."
In summary, the text regarding crypto algorithms will be moved from the
S/MIME v3 Message Specification I-D to the CMS I-D. Hopefully, the text
will be clarified when it is moved into CMS. Furthermore, I believe that
the gory details regarding the RSA algorithms (such as key size info) should
be documented in an appendix documenting how the RSA algorithms are used
with CMS rather than in the CMS base document itself.
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
At 05:00 PM 1/20/98 +0900, Makoto Tomoeda wrote:
Hi All
I have a question regarding to MUST implement algorithms.
In <draft-ietf-smime-msg-00.txt> section 2.3 says....
2.3 KeyEncryptionAlgorithmIdentifier
Sending and receiving agents MUST support Diffie-Hellman defined in[DH].
Receiving agents SHOULD support rsaEncryption. Incoming encrypted
messages contain symmetric keys which are to be decrypted with a
user's private key. The size of the private key is determined during
key generation.Sending agents SHOULD support rsaEncryption.
Sending agents MUST support encryption of symmetric keys with RSA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
public keys at key sizes from 512 bits to 1024 bits.
~~~~~~~~~~~~~
Is that mean Sending agents MUST support RSA algorithm?
Sorry if I misunderstood the sentence.
Thanks in advance.
---------------------------------------------------------------
Makoto Tomoeda
NTT Multimedia Communication Promotion Dept.
Security Service Project Group
E-mail : tomoeda(_dot_)makoto(_at_)nsc(_dot_)cae(_dot_)ntt(_dot_)co(_dot_)jp
---------------------------------------------------------------