Steve:
I understand your point. Without a certified originator public key, the
recipient would not be able to determine the source of the message. This
is always true in the key transport case.
Do we want to permit this case? At this point, I see no reason to have the
syntax preclude it, but I want to hear from other WG members.
Russ
At 02:08 AM 5/28/98 +0100, Dr Stephen Henson wrote:
Section 6.2.2
originatorCert is a CHOICE with two alternatives specifying the
sender's certificate, and thereby the sender's public key. The
sender's certificate must contain a key agreement public key, and
the sender uses the corresponding private key and the recipient's
public key to generate a pairwise key.
Is it really necessary that the sender posesses a certificate containing
a key agreement key?
IMHO it need not be and a sender not posessing a certificate with a key
agreement key should still be able to send a message to someone who has
by generating a random key: ukm could (does?) support this. A sender
might want to do this anyway to avoid an "implied signature".
Maybe orignatorCert should be OPTIONAL to permit this: if not then isn't
the explicit tag redundant?
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: via homepage.