Robert Zuccherato <robert(_dot_)zuccherato(_at_)entrust(_dot_)com> writes:
But, it there is little support for OAEP, why replace it with a newer
mechanism that has even less of an installed base? It seems to me that there
are fewer reasons for using KEM than there are for using OAEP.
Oh, you mean AES now *requires* KEM? (I wasn't at Minneapolis either). I
agree there, tying KEM to AES is just as bad as tying OAEP to it, for all the
reasons given during the debate some months ago. Certainly a MAY is OK, but
the best place for it would appear to be in the CMS sundry-algorithms draft.
Peter.