ietf-smime
[Top] [All Lists]

RE: cmsalg-00 Comments

2001-07-10 13:48:42

The historical remark is to try and make sure that this problem is not
repeated again.  If you have similar text in the body it probably does not
matter.

jim

-----Original Message-----
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Tuesday, July 10, 2001 1:10 PM
To: jimsch(_at_)exmsft(_dot_)com
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: cmsalg-00 Comments


Jim:

I understand the purpose of the MUST and SHOULD statements,
but I do not
see any reason to include the remark about history.

Russ


At 12:40 PM 7/10/2001 -0700, Jim Schaad wrote:
Russ,
9) Table 1, Message Authentication note:  Please add this note to
immediately follow the table: "Note 3: Only those CMS
implementations that
support the AuthenticatedData content-type MUST implement
the HMAC with
SHA-1 algorithm."

Done.  Here is the updated table (view it in a fixed pitch font):

             Table 1.  CMS Implementation Algorithm Requirements

    Algorithm Type            MUST implement
SHOULD implement

-----------------------------------------------------------------
    Message Digest            SHA-1                  MD5
    Signature                 DSA and RSA (1)        --
    Key Management
       Key Agreement          --                     X9.42 E-S D-H
       Key Transport          RSA                    --
       Symmetric KEK Wrap     Triple-DES Key Wrap    RC2 Key Wrap
       Key Derivation         PBKDF2 (2)             --
    Content Encryption        Triple-DES CBC         RC2 CBC
    Message Authentication    HMAC with SHA-1 (3)    --

    Note 1:  CMS implementations MUST be able to verify signatures
             with both DSA and RSA (PKCS #1 v1.5), and
they MUST be
             able to generate signatures with at least
one of them.

    Note 2:  Only those CMS implementations that support password-
             based key management MUST implement the PBKDF2 key
             derivation algorithm as specified in RFC
2898 [PKCS#5].

    Note 3:  Only those CMS implementations that support
             authenticated-data MUST implement the HMAC with SHA-1
             algorithm as specified in RFC 2104 [HMAC].

Given the confusion and other items for RSA I would like to see the
following done:

Note 4: The use of RSA as a signature algorithm is for
historical purposes
only and does not imply that it needs to work with all message digest
algorithms.  RSA (PKCS #1 v1.5) signatures using SHA-1 MUST
be implemented.
RSA (PKCS #1 v1.5) signatures using MD5 SHOULD be implemented.



Russ


jim



<Prev in Thread] Current Thread [Next in Thread>