[Top] [All Lists]

Re: RSA Signature OIDs

2001-08-31 11:14:01

John Pawling and I started two threads on the same topic at almost the same time. Please discuss this issue on the other thread (Subject: cmsalg-02 RSA OID Proposal).


At 12:43 PM 8/31/2001 -0400, Housley, Russ wrote:

In a recent message from John Pawling, he made the following observation:

3) Sec 3.2 specifies that the md5WithRSAEncryption or sha1WithRSAEncryption
OID should be used in the signerInfo signatureAlgorithm field instead of the
id-rsaEncryption OID.  I agree with this strategy, but please note that this
is a change from what is specified in RFC 2630.  RFC2630 specifies the use
of id-rsaEncryption in the signerInfo signatureAlgorithm field.  Is this
change going to cause backwards compatibility problems with legacy CMS

I believe that the text in RFC 2630 was some what incomplete. Notice that the corresponding section in cmsalg-02 and cmsalg-03 is significantly longer.

The approach documented in cmsalg-03 is aligned with the way that certificates are handles in PKIX. That is, public keys are identified with the rsaEncryption OID, and signature values are identified with either the sha1WithRSAEncryption OID or the md5WithRSAEncryption OID.

Is cmsalg-03 documenting the best approach? WG Last Call on this document is scheduled to end today. Since this issue has been raised on the last day, I will not close WG Last Call until this thread reaches consensus.


<Prev in Thread] Current Thread [Next in Thread>