Apologies Russ, but I'm not clear on exactly what you're stating below.
You're introductory text indicates that implementations MUST support key
transport, key agreement and previously distributed key-encryption keys
(PDKEK), but the table from the minutes you include below only indicates a
MUST for key transport (using RSA PKCS#1 v1.5). I would have assumed that
only key transport MUST be implemented? If key agreement and PDKEK MUST be
implemented, I must admit that I didn't notice any consensus for this on the
list.
Mike
-----Original Message-----
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Tuesday, July 10, 2001 12:51 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Key Wrap Algorithms
All:
After a fairly long debate, the consensus on key management has been
reached. We seem to agree that:
Implementations MUST support key transport, key
agreement, and previously
distributed symmetric key-encryption keys, as represented
by ktri,
kari, and
kekri, respectively. Implementations MAY support the
password-based key
management as represented by pwri. Implementations MAY
support any other
key management technique as represented by ori.
At the last IETF meeting, we agreed on the mandatory to implement
algorithms. The Minutes say:
Signature: DSA and RSA (PKCS #1 v1.5) as per Russ' proposal
Message digest: SHA-1
Key Management: RSA (PKCS #1 v1.5)
Encryption: Triple-DES
But, the Minutes are silent about key wrapping.
It is my view that we should require implementations to
support Triple-DES
Key Wrap. This view is reflected in
draft-ietf-smime-cmsalg-00. And, I
think that this approach will facilitate the adoption of mail lists.
I want to hear from others. What do you think is the best
MUST and SHOULD
statements regarding key wrap algorithms?
Russ