Re: Way Forward

Hi Russ,

Several other groups within the IETF ... PKIX and TLS for example ... are
separating their specifications
into two documents ... one for data structures and one for algorithms. I think
this should also be
considered by the S/MIME group ... both because it is an elegant distinction
which allows algorithms
to be updated without affecting abstract structures, and because it may allow
the structures document
to proceed to standard more quickly in light of the mandatory algorithms issue.

Best regards. Simon





Russ Housley <housley(_at_)spyrus(_dot_)com> on 07/31/2000 05:04:52 PM

To:   ietf-smime(_at_)imc(_dot_)org
cc:    (bcc: Simon Blake-Wilson/Certicom)
Subject:  Way Forward




At the face-to-face meeting today, we had a fair amount of discussion about
the best way to proceed.  This message states each of the issues and the
proposed way forward.  This message is intended to give everyone an
opportunity to provide their input, even if they were unable to attend the
meeting.

RFC 2630 Interoperability Testing

Issue:  Two implementations have been tested for EnvelopedData and
SignedData.  These two data structures are required to implement S/MIME, so
this is not surprising.  RFC 2630 includes other data structure that are
MUST implement(EncryptedData, DigestedData, and AuthenticatedData).  We do
not have two implementations for these data structures.

Proposed way forward:  Change the implementation requirements so that:
     - EnvelopedData and SignedData MUST be implemented; and
     - EncryptedData, DigestedData, and AuthenticatedData MAY be implemented.

Mandatory To Implement Algorithms

Issue:  Since the RSA patent is about to expire, Blake Ramsdell suggested
that the RSA algorithm become the mandatory to implement algorithm for key
management and signature.  It was pointed out that the current RSA key
management (PKCS#1 v1.5) has a known vulnerability, so the OAEP technique
should be employed instead.  While we were discussing algorithms, it was
suggested that AES should be the mandatory to implement symmetric cipher
instead of Triple-DES.  About half of the people thought that this was a
good idea.  The other half was concerned that the AES has not been
published yet.

Proposed way forward:  Change the mandatory to implement algorithm set to:
     One-way Hash:  SHA-1 (no change)
     Signature:     Both DSA and RSA (PKCS#1 v1.5)
     Key Mgmt: RSA (OAEP)
     Eencryption:   Triple-DES in CBC mode

All comments on either of these proposals is most welcome.

Russ

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Way Forward, (continued) Re: Way Forward, Dr Stephen Henson Re[2]: Way Forward, Maxim Masiutin Re[2]: Way Forward, Russ Housley Re: Way Forward, Sean Turner Re: Way Forward, Paul Hoffman / IMC Message not available RE: Way Forward, Russ Housley RE: Way Forward, Jim Davies Re: Way Forward, David P. Kemp Re: Way Forward, Russ Housley RE: Way Forward, Linn, John Re: Way Forward, Simon Blake-Wilson <= Re: Way Forward, Malte Borcherding Re: Way Forward, Simon Blake-Wilson Re: Way Forward, Bob Relyea Re: Way Forward, Peter Gutmann RE: Way Forward, Russ Housley RE: Way Forward, Pawling, John RE: Way Forward, Pawling, John Re: Way Forward, Dr Stephen Henson RE: Way Forward, Peter Gutmann Re: Way Forward, David P. Kemp