Robert:
There are important environments where the KEK and CEK algorithms are
different. Usually, these environment mandate a stronger algorithm for the
KEK. This seems like a very reasonable policy, and I think that we should
not prohibit it.
Russ
At 11:05 AM 09/14/2000 -0400, Robert Zuccherato wrote:
Why not just mandate that the CEK and KEK algorithms must be the
same? This wouldn't seem to be too much of an imposition. This removes
the need for a KDF. If you really want to allow different algorithms, the
KDF included seems kind of ad-hoc. I would be more comfortable if a more
standard KDF was used. Perhaps the KDF from IEEE P1363 would be appropriate.