From what I can tell, the AES symmetric algorithm and the OAEP key wrapping
mechanism are being discussed in the same draft. This is unprecedented as
far as I can tell -- traditionally we have specified each algorithm in its
own draft, and it does not seem useful to combine these two algorithms for
technical reasons. From what I can tell, this happened between -01
(3/26/01) and -02 (7/19/01) of draft-ietf-smime-aes-alg. I have reviewed
the minutes from the relevant WG minutes, and did not see any significant
discussion about this pairing -- it just happened at one point.
I guess this is a rhetorical way of saying "It seems that the intent is to
drag OAEP into the mainstream, and by precluding the use of RSA-PKCS with
AES, we effectively block the future use of RSA-PKCS if anyone chooses to
use AES". Am I missing something? I know that it's disclaimed in the
overview that these are separate concepts, but I'm not sure of any editorial
or technical value of their combination in a single draft.
I personally recommend that OAEP be (re-) separated completely from the AES
draft. This seems to make things clearer in the event that an even newer,
shinier and better symmetric key wrapping mechanism should come along.
Well, speak of the devil... ;) But seriously -- I can't see any good
editorial or technical reason to tie these mechanisms together.
Also, I recommend that the prohibition of RSA-PKCS be removed for AES. That
also does not seem to follow the spirit of algorithm profiles for CMS. We
have already covered the concerns of RSA-PKCS extensively.
I may have missed an earlier discussion of this very issue, but I can't find
it in the archives. Clarifications welcome, but I don't think this is the
right way to proceed with these two separate mechanisms, and the current
document is confusing to me. Sorry I didn't bring this up earlier, but I
seem to be paying a little bit of attention now.
(closes bunker door, hiding inside)
Brute Squad Labs http://www.brutesquadlabs.com