ietf-smime
[Top] [All Lists]

Re: Charter Change Request

1998-05-06 06:46:31
Dr Stephen Henson wrote:

I respectfully disagree with the idea that S/MIME supported algorithms
should be handled by PKIX for the reasons below.

According to my understanding the PKIX solutions involve a certificate
extension that is signed by an issuing authority.

A certificate does not list the algorithms supported by the recipient, only the 
algorithm which that particular certificate can be used for.

There is an attribute (supportAlgorithms) defined in the ASN.1 module, but it's 
not referenced in the specification in anyway.  The attribute was include, I 
believe, so that it could be put in a directory not carried in a certificate 
(somebody tell me if I'm wrong), presumably in the subjectDirectoryAttributes 
extension.

Maybe I'm not on the same wavelength, but I thought the user would need to know 
in advance of sending a message what algorithms the recipient supports for 
signature verification and encryption purposes.  Do you want to define a 
message that could be used by the originator to query the recipient about the 
algorithms she supports?  Or is the query directed at the directory?  If the 
query is aimed at the directory, I think it's already supported, the only thing 
left to determine is what information should be in the directory to retrieve 
the right certificate.  This is being performed in the PKIX group see "Internet 
X.509 Public Key Infrastructure LDAPv2 Schema", 
draft-ietf-pkix-ldapv2-schema-00.txt.

..snip...

Cheers

-- 
Sean Turner - IECA, Inc.

<Prev in Thread] Current Thread [Next in Thread>