My personal opinion on this issue is that in the absense of other knowledge
PKCS1-v1_5 would be used. If the S/MIME capabilities contained the OID for
OAEP, then it could be used instead. The certificate does not state which
scheme is to be used (just as it does not state that 3DES or RC5 should be
the bulk encryption algorithm used).
jim
-----Original Message-----
From: Pedro Félix [mailto:pfelix(_at_)isel(_dot_)pt]
Sent: Friday, January 21, 2000 2:26 AM
To: Tolga Acar; ietf-pkix(_at_)imc(_dot_)org
Subject: Re: Binding between keys and schemes?
First of all, thanks for your reply.
I apologise for not making my question clear.
When I asked about the binding between a key and a scheme, I was not
refering to the scheme used to sign the certificate.
Let's supose that ALICE, running protocol P, want's to send a PKCS#7
Envelope to BOB, and has a X.509 certificate of BOB's public key (with
rsaEncryption OID on the subjectPublicKeyInfo field). The certificate was
signed with scheme X (eg. DSA) and was correctly verified by ALICE using
that scheme.
Which ENCRYPTION scheme should ALICE use to build the Envelope? (
RSAES-PKCS1-v1_5, RSAES-OAEP , ...)
Probably ALICE would want to use the new RSAES-OAEP, but does BOB support
it?
If I understood you correctly, this binding between the key and the scheme
IS NOT made by a X.509 certificate (except when the retation is 1-1) and has
to be built by other means (possibly defined by the protocol P). I'm I
right?
I assume that the source of my initial confusion comes from the fact that,
in PKCS#1, the same OID (rsaEncryption) is used to identify both a key and a
encryption scheme.
Once again, I thank you for your reply
Best regards
- Pedro Felix