John,
The Netscape Communicator S/MIME (CMS) implementation expects the
rsaEncryption OID in the digest encryption algorithm field. Since this
implementation was proven to interoperate (at one point) with the
Microsoft version, I suspect that both Netscape and Microsoft products
also generated messages with this OID value.
I suggest that we recommend that when CMS is used for email message
protection, and the CMS format is otherwise compatible with the v2
format (no new recipient formats, etc), the rsaEncryption OID should be
used. Implementations should continue to accept the rsaEncryption value
for incoming messages.
Terry Hayes
thayes(_at_)netscape(_dot_)com
Pawling, John wrote:
>All,
>
>I agree with Blake that the RSA signature OID change should not be made if
>it will cause backwards compatibility problems with legacy CMS
>implementations. So far, we have heard that this change will NOT cause
>problems for the following S/MIME implementations: cryptlib (according to
>Peter Gutmann), Microsoft (according to Jim Schaad) and S/MIME Freeware
>Library (according to John Pawling). So far, nobody has reported that the
>change will cause backwards compatibility problems with legacy CMS
>implementations. Can anybody speak for any other implementations?
>
>===========================================
>John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
>Getronics Government Solutions, LLC
>===========================================
>