-----Original Message-----
From: Dr Stephen Henson
[mailto:shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk]
Sent: Tuesday, September 01, 1998 2:12 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: RC2 keylength strawpoll
I think the only potential problem is using DH and RSA. It is quite
reasonable to assume that someone might want to send encrypted mail to
people some of whom have RSA certificates and some of whom have DH.
In this case the easiest way to deal with things is to have
RC2 use the
same standard with DH and RSA for its key.
Just so we're clear, my understanding is that the MEK works fine in both
DH and RSA right now as-is. The only question is regarding the KEK
which is not used in RSA, and is the only thing that is currently
ambiguous due to the mechanism by which those keys are generated.
The use of the current RC2 MEK mechanism should work fine in both DH and
RSA environments, as well as a mix of the two.
The only problem here (which may be due to my missing the latest key
wrapping spec) is that the key wrapping spec doesn't allow
the length of
the "packaged" wrapped key to be unambiguously determined (except
through trial and error): my suggestion (in another message)
about using
PKCS padding would fix that though.
Shouldn't it just be regular ol' block padding? You're using a
symmetric block cipher to protect the data. I think that for RC2 this
is an 8 byte block, so the "eight bytes of eight" or "one byte of one"
etc. is the padding, right?
Based on the underwhelming poll results (two responses),
I'd say pick an
answer and write it up for the DH using RC2 as a KEK, and
leave existing
RC2 MEKs alone. This is, of course, unless I'm missing something
significant about RC2's use as a MEK within the DH realm.
I counted three. Maybe there should be other alternatives,
"don't care"
and "Whut?" :-)
I kinda like "Whut?", myself.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060