ietf-smime
[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-cms-05.txt

1998-05-27 18:04:13
Section 6.2.2

      originatorCert is a CHOICE with two alternatives specifying the
      sender's certificate, and thereby the sender's public key.  The
      sender's certificate must contain a key agreement public key, and
      the sender uses the corresponding private key and the recipient's
      public key to generate a pairwise key.  

Is it really necessary that the sender posesses a certificate containing
a key agreement key?

IMHO it need not be and a sender not posessing a certificate with a key
agreement key should still be able to send a message to someone who has
by generating a random key: ukm could (does?) support this. A sender
might want to do this anyway to avoid an "implied signature".

Maybe orignatorCert should be OPTIONAL to permit this: if not then isn't
the explicit tag redundant?

Steve.
-- 
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.

<Prev in Thread] Current Thread [Next in Thread>