-----Original Message-----
From: Russ Housley [mailto:housley(_at_)spyrus(_dot_)com]
Sent: Friday, July 10, 1998 5:51 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: SignatureAlgorithmIdentifiers
I propose that sha-1WithRSAEncryption be used with RSA and
SHA-1. This
combination is not deployed in any product that I am aware
of, so there is
not an issue with backward compatability. PKIX Part 1 uses
sha-1WithRSAEncryption for certificate signatures with RSA and SHA-1.
Several products use sha-1 as a digest algorithm identifier and
rsaEncryption as a digest encryption / protection algorithm identifier
(Worldtalk WorldSecure Client, Microsoft Outlook Express, Netscape
Messenger are three -- I have messages for other vendors also, but these
are the important ones. Well, I think they're important).
So the bottom line seems to be:
If we use the same OIDs used in PKIX for certificate signatures, it
makes it easier for implementors, but it could affect backwards
compatibility.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060