[Top] [All Lists]

Comments on cmskea

1999-04-29 21:36:02

I am having a big problem with the amount of overload going on for the the
OID id-keyExchangeAlgorithm.  It appears to be used in three unique
locations in encoding an encrypted message and has different meanings and
two different set of parameters.

1.  id-keyExchangeAlgorithm is used in a certificate to identify the
asymmetric algorithm.  The parameters in this case are an OCTET STRING
identifing the group parameters for the key.

2.  id-keyExchangeAlgorithm is used in the KeyAgreementRecipientInfo
keyEncryptionAlgorithm field.  In this case the parameters is
KeyWrapAlgorithm (using id-fortezzaWrap80 as the algorithm).

3.  id-keyExchangeAlgorithm is used in KEKRecipientInfo
keyEncryptionAlgorithm field.  In this case a completely different algorithm
is being referenced and again the parameters are KeyWrapAlgorithm.

I strong suggest that we change this as follows:

1.  id-keyExchangeAlgorithm is used in certificate w/parameters and in
KeyAgreementRecipeintInfo w/o parameters.

2.  id-fortezzaWrap80 is used in KEKRecipientInfo for the KEK algorithm
again w/o parameters are they are not needed.

This should work unless we belive that there would ever be a different
content encryption algorithm for KEA.


<Prev in Thread] Current Thread [Next in Thread>
  • Comments on cmskea, Jim Schaad (Exchange) <=