ietf-smime
[Top] [All Lists]

Re: Next Draft of Proposed Charter

2002-05-24 16:04:56

Housley, Russ <rhousley(_at_)rsasecurity(_dot_)com>:

Here is the next draft of the proposed working group charter.  The 
biggest change from the previous posting is that both OAEP and KEM become 
standards track documents.

Are the differences between the attacks and mitigations presented by OAEP 
and KEM really worth the high liklihood of lack of interoperability?

RSA using PKCS#1_v1.5, OAEP, and KEM all employ the same certificate, so 
this choice does not require any adjustments in the PKI.

This makes it is pretty pointless to use "provably secure"
cryptography, though -- all security guarantees that OAEP, say, may
promise are voided if you use the same key for decrypting messages
using some other style of RSA.

<Prev in Thread] Current Thread [Next in Thread>