RE: Section 12, take 2
1998-07-16 19:10:45
-----Original Message-----
From: Blake Ramsdell [mailto:blake(_dot_)ramsdell(_at_)worldtalk(_dot_)com]
Sent: Thursday, July 16, 1998 6:00 PM
To: Jim Schaad (Exchange); 'Paul Hoffman / IMC'; EKR
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Section 12, take 2
-----Original Message-----
From: Jim Schaad (Exchange)
[mailto:jimsch(_at_)EXCHANGE(_dot_)MICROSOFT(_dot_)com]
Sent: Thursday, July 16, 1998 4:47 PM
To: 'Paul Hoffman / IMC'; EKR
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: Section 12, take 2
[jls] There are two schools of thought at this point. There was a
discussion at the time of V2 interop where Blake and Co were
generating
196-bit for RC2 keys (doing a compression step on the key
material up front)
and we (Microsoft and Netscape) were generating n-bits of key
material for
RC2-n. I don't know if there ever was a decision as to the
reality of
having additional key material or not. In this case my vote
would be to use
the first n-bits of the D-H key agreement key to encrypt the
material for
all algorithms as it is easier to describe and expand later
if needed that
to say generate y-bits of key material, use as many bits as your key
encryption algorithm will let you.
As far as what to do for the DH RC2 usage, I don't have an opinion.
As far as the RC2 usage for a content encryption algorithm (section
12.5.3), I believe that it should not be assumed that the input key
length is the same as the effective key length, and that
appropriate key
expansion will need to be performed (RFC2268 section 2). There may or
may not be any sound cryptographic reason for using / not using
different length keying material than effective key length,
and I don't
claim to have any intelligence in this area. It's one of those things
that sounds like a good idea, but I don't know if there is a sound
cryptographic reason for doing it. We might put in a disclaimer that
the RC2Version parameter governs the effective keylength, not
the length
of the keying material itself.
I complete agree that no assumptions should be made for the Content
Encryption routines. This is needed for backwards compataiblity with
existing code.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Section 12, take 2, Paul Hoffman / IMC
- RE: Section 12, take 2, Jim Schaad (Exchange)
- RE: Section 12, take 2, Blake Ramsdell
- RE: Section 12, take 2,
Jim Schaad (Exchange) <=
- RE: Section 12, take 2, Blake Ramsdell
- RE: Section 12, take 2, Jim Schaad (Exchange)
- RE: Section 12, take 2, Blake Ramsdell
- RE: Section 12, take 2, Jim Schaad (Exchange)
|
|
|