One more thing -- it may be important to do some kind of revision to the
working group charter if we would like to finish this up. Based on the
level of interest both on the mailing list and at the meeting in Pittsburgh,
it seems like a no-brainer and that people are interested in pursuing this
in the working group, and the charter should be amended.
Blake
-----Original Message-----
From: Blake Ramsdell
Sent: Saturday, September 02, 2000 2:02 PM
To: 'ietf-smime(_at_)imc(_dot_)org'
Subject: Mandatory to implement key wrap algorithm for S/MIME summary
It appears that we have reached at least preliminary consensus for the
mandatory to implement algorithms for S/MIME. Note that these mandatory
to implement algorithms are not for CMS in general, but for the S/MIME
profile of CMS.
1. The mandatory to implement algorithms should change in light of the
patent expiration for RSA.
2. The use of RSA as the mandatory to implement key wrapping algorithm is
acceptable, and the mode of operation will be PKCS #1 v1.5, not OAEP.
This seems to reflect the reasoned discussions of at least ten working
group participants. This will include adding a security consideration
note that explains the attack and points to a descriptive reference.
3. The use of Diffie-Hellman will only be included for backward
compatibility, and thus can be a SHOULD implement.
If we are going to use the PKCS #1 v1.5 implementation of RSA key
wrapping, then we should document the concerns about its use, and
potentially point to an RFC or other document that has a full explanation
(as Paul pointed out earlier).
Based on this list, I believe that enough information exists to move
draft-ramsdell-smime31-msg and draft-ramsdell-smime31-cert into the
working group, and start finishing this up.
Blake