ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SignatureAlgorithmIdentifiers

1998-07-12 17:44:56
from [EKR] [Permanent Link] 
"Blake Ramsdell" <blake(_dot_)ramsdell(_at_)worldtalk(_dot_)com> writes:


-----Original Message-----
From: Russ Housley [mailto:housley(_at_)spyrus(_dot_)com]
Sent: Friday, July 10, 1998 5:51 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: SignatureAlgorithmIdentifiers

I propose that sha-1WithRSAEncryption be used with RSA and 
SHA-1.  This
combination is not deployed in any product that I am aware 
of, so there is
not an issue with backward compatability.  PKIX Part 1 uses
sha-1WithRSAEncryption for certificate signatures with RSA and SHA-1. 


Several products use sha-1 as a digest algorithm identifier and
rsaEncryption as a digest encryption / protection algorithm identifier
(Worldtalk WorldSecure Client, Microsoft Outlook Express, Netscape
Messenger are three -- I have messages for other vendors also, but these
are the important ones.  Well, I think they're important).

So the bottom line seems to be:

If we use the same OIDs used in PKIX for certificate signatures, it
makes it easier for implementors, but it could affect backwards
compatibility.

It doesn't make it easier for this implementor. Since I already have
to support the old format, at least for MD5, this makes life more
complicated rather than less.

-Ekr

-- 
[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Your Home Town Provides Everything You Need, Your Home Town
Next by Date:  Re: SignatureAlgorithmIdentifiers, EKR
Previous by Thread:  RE: SignatureAlgorithmIdentifiers, Paul Hoffman / IMC
Next by Thread:  Your Home Town Provides Everything You Need, Your Home Town
Indexes:  [Date] [Thread] [Top] [All Lists]