ietf-smime
[Top] [All Lists]

Re: CMS Section 12, take 3

1998-07-23 05:24:00
Paul,

I browsed through your E-mail before shortly leaving my office for a
business trip and then holidays (In case of a subsequent E-mail, don't
be surprised if you get no quick response).

12  Supported Algorithms

This section lists the algorithms that must be implemented.
Additional algorithms that may be implemented are also included.
 
12.1  Digest Algorithms
 
(...)

CMS implementations must include SHA-1. CMS implementations may include MD5.

12.2  Signature Algorithms
 
CMS implementations must include DSA.  CMS implementations may include RSA.

(...)

12.2.1  DSA
 
The DSA signature algorithm is defined in FIPS Pub 186 [FIPS 186]. The
algorithm identifier for DSA is:
 
    id-dsa-with-sha1 OBJECT IDENTIFIER ::=  { iso(1) member-body(2)
        us(840) x9-57 (10040) x9cm(4) 3 }

Now here is my concern. We have the OID above to specify SHA-1 with DSA.
This is fine.

If I want to specify a signature algorithm such as SHA-1 with RSA but
also MD5 with RSA, it is unclear to me how this can be unambiguously
specified, since the section 12.2.2 quoted below only specifies "RSA".

12.2.2  RSA

The RSA signature algorithm is defined in RFC 2313 as modified below. The
algorithm identifier for RSA is:

    rsaEncryption OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
        rsadsi(113549) pkcs(1) pkcs-1(1) 1}

The AlgorithmIdentifier parameters field must be present and must contain
an ASN.1 NULL. Implementations should accept this AlgorithmIdentifier with
a parameters field that contains null, as well as an absent parameters
field.

This specification modifies RFC 2313 to include SHA-1 as an additional
digest algorithm. Section 10.1.2 of RFC 2313 is modified to list SHA-1
in the bullet item about digestAlgorithm. The following OID is added to
the list in section 10.1.2 of RFC 2313:

   sha-1 OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) oiw(14)
        secsig(3) algorithm(2) 26}

Would you be able to clarify the topic and then the text ?

Thanks,

Denis

-- 
      Denis Pinkas     Bull S.A.          
mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net
      Rue Jean Jaures  B.P. 68            Phone : 33 - 1 30 80 34 87
      78340 Les Clayes sous Bois. FRANCE   Fax  : 33 - 1 30 80 33 21

<Prev in Thread] Current Thread [Next in Thread>