[Top] [All Lists]

RE: RSA Signature OIDs

2001-08-31 16:36:01


I think this is a good idea.  I also do not know how much this will
really cause errors to occur in existing software.  In the beginning of
testing this was one of the most common mistakes that people made and I
think that most software handles these values in that location.  (I know
that the Microsoft code does because I was constantly making this
mistake and my own code was not telling me that I was in error.)


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley, 
Sent: Friday, August 31, 2001 11:06 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Re: RSA Signature OIDs

John Pawling and I started two threads on the same topic at 
almost the same 
time.  Please discuss this issue on the other thread 
(Subject: cmsalg-02 
RSA OID Proposal).


At 12:43 PM 8/31/2001 -0400, Housley, Russ wrote:

In a recent message from John Pawling, he made the following 

3) Sec 3.2 specifies that the md5WithRSAEncryption or 
OID should be used in the signerInfo signatureAlgorithm 
field instead of the
id-rsaEncryption OID.  I agree with this strategy, but 
please note that this
is a change from what is specified in RFC 2630.  RFC2630 
specifies the use
of id-rsaEncryption in the signerInfo signatureAlgorithm 
field.  Is this
change going to cause backwards compatibility problems with 
legacy CMS

I believe that the text in RFC 2630 was some what 
incomplete.  Notice that 
the corresponding section in cmsalg-02 and cmsalg-03 is 
significantly longer.

The approach documented in cmsalg-03 is aligned with the way that 
certificates are handles in PKIX.  That is, public keys are 
with the rsaEncryption OID, and signature values are identified with 
either the sha1WithRSAEncryption OID or the md5WithRSAEncryption OID.

Is cmsalg-03 documenting the best approach?  WG Last Call on 
this document 
is scheduled to end today.  Since this issue has been raised 
on the last 
day, I will not close WG Last Call until this thread reaches 


<Prev in Thread] Current Thread [Next in Thread>