ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RC2 Keylength Strawpoll

1998-10-06 12:13:58
from [Russ Housley] [Permanent Link] 
I agree with Blake.  It would be most helpful if the RC2 key coming out of
RSA and D-H were the same.  In this way, "glue" software can be avoided.

Russ


At 04:01 PM 10/4/98 -0700, Blake Ramsdell wrote:

-----Original Message-----
From: Dr Stephen Henson 
[mailto:shenson(_at_)drh-consultancy(_dot_)demon(_dot_)co(_dot_)uk]
Sent: Saturday, October 03, 1998 6:35 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: RC2 Keylength Strawpoll

There was never any mention of why the key wrapping standard or CMS
couldn't be changed to allow the MEK length to be determined 
explicitly
and thus enable current RSA implementations to be unchanged 
in mixed RSA
and DH environments. As I recall one parameter in CMS or the 
alteration
of key wrap to use standard block padding would allow this. 
Did you see
this discussion Russ?


Yes, I would like some clarification on this also -- I was ignorant and
did not understand that the protected MEK length could not be determined
after removing the DH protection.  As Dr. H points out, it would
certainly be nice to be able to recycle some code and to use whatever
padding method is necessary to be able to accurately know the
unprotected data length (provided that there are no cryptographic
weaknesses introduced by doing so).

This will also simplify the backwards compatibility, since there won't
be any "oh, if you're using RSA you have to be prepared for x and y, but
if you're using DH you have to be prepared for z after you unprotect the
MEK for RC2".  To the extent that we can make DH behave like RSA (once
again, as long as there are no cryptographic, patent, etc. problems), I
think we should do it.  I suspect that this was discussed at some point
in X9, but I don't have a card to get into that club...


From my understanding, the padding would be a sequential operation with

the DH protection / unprotection, so I don't think this should affect
other X9 implementations when they come to exist.  Then again, I might
be wrong.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: I-D ACTION:draft-ietf-smime-ess-08.txt, Russ Housley
Next by Date:  Re: Reference in CMS to other attributes from ESS, Russ Housley
Previous by Thread:  RE: RC2 Keylength Strawpoll, Blake Ramsdell
Next by Thread:  Signing time (was Re: 8/26/98 S/MIME WG Minutes), Dr Stephen Henson
Indexes:  [Date] [Thread] [Top] [All Lists]