"Jim Schaad (Exchange)" <jimsch(_at_)EXCHANGE(_dot_)MICROSOFT(_dot_)com> writes:
4. Section 12.3.1 - I don't like the inclusion of des in this OID. I need
to be able to operation in a completely exportable manner and I want the RFC
to support this in an OPTIONAL mode. Additionally this should refer(?) to
our D-H draft rathern than X9.42.
Right. The thing to realize here is that there are two adjustable
parameters:
(1) the key agreement algorithm
(2) the key encryption algorithm
So, they either have to be carried as a single OID or they
have to be carried as an AlgId with the OID specifying
the key agrement algorithm and the parameter specifying
the key encryption algorithm. I prefer the latter, but if
we're going to do the former, we'll need( (at least)
3 different OIDs:
dh-with-des (note, NOT CBC, since we're not wrapping with CBC)
dh-with-3des
dh-with-rc2
-Ekr
--
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."