ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RSA Signature OIDs

2001-08-31 16:36:01
from [Jim Schaad] [Permanent Link] 

Russ,

I think this is a good idea.  I also do not know how much this will
really cause errors to occur in existing software.  In the beginning of
testing this was one of the most common mistakes that people made and I
think that most software handles these values in that location.  (I know
that the Microsoft code does because I was constantly making this
mistake and my own code was not telling me that I was in error.)

Jim


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley, 
Russ
Sent: Friday, August 31, 2001 11:06 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: RSA Signature OIDs



John Pawling and I started two threads on the same topic at 
almost the same 
time.  Please discuss this issue on the other thread 
(Subject: cmsalg-02 
RSA OID Proposal).

Russ


At 12:43 PM 8/31/2001 -0400, Housley, Russ wrote:


In a recent message from John Pawling, he made the following 

observation:



3) Sec 3.2 specifies that the md5WithRSAEncryption or 

sha1WithRSAEncryption

OID should be used in the signerInfo signatureAlgorithm 

field instead of the

id-rsaEncryption OID.  I agree with this strategy, but 

please note that this

is a change from what is specified in RFC 2630.  RFC2630 

specifies the use

of id-rsaEncryption in the signerInfo signatureAlgorithm 

field.  Is this

change going to cause backwards compatibility problems with 

legacy CMS

implementations?


I believe that the text in RFC 2630 was some what 

incomplete.  Notice that 

the corresponding section in cmsalg-02 and cmsalg-03 is 

significantly longer.


The approach documented in cmsalg-03 is aligned with the way that 
certificates are handles in PKIX.  That is, public keys are 

identified 

with the rsaEncryption OID, and signature values are identified with 
either the sha1WithRSAEncryption OID or the md5WithRSAEncryption OID.

Is cmsalg-03 documenting the best approach?  WG Last Call on 

this document 

is scheduled to end today.  Since this issue has been raised 

on the last 

day, I will not close WG Last Call until this thread reaches 

consensus.


Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RSA Signature OIDs, Housley, Russ
Previous by Thread:  Re: RSA Signature OIDs, Housley, Russ
Next by Thread:  RE: cmsalg-02 Comments, Pawling, John
Indexes:  [Date] [Thread] [Top] [All Lists]