[Top] [All Lists]

RE: Way Forward

2000-08-02 05:42:15
OAEP's incremental value is particularly applicable to interactive uses of
CMS, many of which may not have S/MIME's established base concerns and which
should take other protocol countermeasures (perhaps implying more
security-relevant complexity and processing to be performed outside the
bounds of the security encapsulation layer) if OAEP isn't applied. I'd like
to recommend OAEP as at least a general SHOULD, making it the presumed mode
unless an application has specific need to profile otherwise; if there's an
S/MIME interoperability requirement for PKCS#1 v. 1.5, I'd suggest that the
scope of that MUST's applicability be confined to the S/MIME application. 


-----Original Message-----
From: Paul Hoffman / IMC [mailto:phoffman(_at_)imc(_dot_)org]
Sent: Tuesday, August 01, 2000 7:01 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Way Forward

At 2:18 PM -0700 8/1/00, Eric Rescorla wrote:
 > OAEP have been available for years.  PKCS#1 v2.0 includes it.  I do not
 think that it is immature.
That's not the issue that I am concerned with. Rather, I'm concerned
with introducing gratuitous incompatibilities.

I'm with Eric on this one. We can add a note about how to avoid the 
problem *and* keep compatibility with the established S/MIME base. 
The proposal was prompted by S/MIME, not CMS.

--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread] Current Thread [Next in Thread>