The historical remark is to try and make sure that this problem is not
repeated again. If you have similar text in the body it probably does not
matter.
jim
-----Original Message-----
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Tuesday, July 10, 2001 1:10 PM
To: jimsch(_at_)exmsft(_dot_)com
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: cmsalg-00 Comments
Jim:
I understand the purpose of the MUST and SHOULD statements,
but I do not
see any reason to include the remark about history.
Russ
At 12:40 PM 7/10/2001 -0700, Jim Schaad wrote:
Russ,
9) Table 1, Message Authentication note: Please add this note to
immediately follow the table: "Note 3: Only those CMS
implementations that
support the AuthenticatedData content-type MUST implement
the HMAC with
SHA-1 algorithm."
Done. Here is the updated table (view it in a fixed pitch font):
Table 1. CMS Implementation Algorithm Requirements
Algorithm Type MUST implement
SHOULD implement
-----------------------------------------------------------------
Message Digest SHA-1 MD5
Signature DSA and RSA (1) --
Key Management
Key Agreement -- X9.42 E-S D-H
Key Transport RSA --
Symmetric KEK Wrap Triple-DES Key Wrap RC2 Key Wrap
Key Derivation PBKDF2 (2) --
Content Encryption Triple-DES CBC RC2 CBC
Message Authentication HMAC with SHA-1 (3) --
Note 1: CMS implementations MUST be able to verify signatures
with both DSA and RSA (PKCS #1 v1.5), and
they MUST be
able to generate signatures with at least
one of them.
Note 2: Only those CMS implementations that support password-
based key management MUST implement the PBKDF2 key
derivation algorithm as specified in RFC
2898 [PKCS#5].
Note 3: Only those CMS implementations that support
authenticated-data MUST implement the HMAC with SHA-1
algorithm as specified in RFC 2104 [HMAC].
Given the confusion and other items for RSA I would like to see the
following done:
Note 4: The use of RSA as a signature algorithm is for
historical purposes
only and does not imply that it needs to work with all message digest
algorithms. RSA (PKCS #1 v1.5) signatures using SHA-1 MUST
be implemented.
RSA (PKCS #1 v1.5) signatures using MD5 SHOULD be implemented.
Russ
jim