Russ,
I think this is a good idea. I also do not know how much this will
really cause errors to occur in existing software. In the beginning of
testing this was one of the most common mistakes that people made and I
think that most software handles these values in that location. (I know
that the Microsoft code does because I was constantly making this
mistake and my own code was not telling me that I was in error.)
Jim
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley,
Russ
Sent: Friday, August 31, 2001 11:06 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: RSA Signature OIDs
John Pawling and I started two threads on the same topic at
almost the same
time. Please discuss this issue on the other thread
(Subject: cmsalg-02
RSA OID Proposal).
Russ
At 12:43 PM 8/31/2001 -0400, Housley, Russ wrote:
In a recent message from John Pawling, he made the following
observation:
3) Sec 3.2 specifies that the md5WithRSAEncryption or
sha1WithRSAEncryption
OID should be used in the signerInfo signatureAlgorithm
field instead of the
id-rsaEncryption OID. I agree with this strategy, but
please note that this
is a change from what is specified in RFC 2630. RFC2630
specifies the use
of id-rsaEncryption in the signerInfo signatureAlgorithm
field. Is this
change going to cause backwards compatibility problems with
legacy CMS
implementations?
I believe that the text in RFC 2630 was some what
incomplete. Notice that
the corresponding section in cmsalg-02 and cmsalg-03 is
significantly longer.
The approach documented in cmsalg-03 is aligned with the way that
certificates are handles in PKIX. That is, public keys are
identified
with the rsaEncryption OID, and signature values are identified with
either the sha1WithRSAEncryption OID or the md5WithRSAEncryption OID.
Is cmsalg-03 documenting the best approach? WG Last Call on
this document
is scheduled to end today. Since this issue has been raised
on the last
day, I will not close WG Last Call until this thread reaches
consensus.
Russ