[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-04.txt

2002-07-25 09:12:37

  Generally, good cryptographic practice employs a given RSA key pair
  in only one scheme.  This practice avoids the risk that vulnerability
  in one scheme may compromise the security of the other, and may be
  essential to maintain provable security.  While PKCS #1 Version 1.5
  [PKCS#1v1.5] has been employed for both key transport and digital
  signature without any known bad interactions, such a combined use of
  an RSA key pair is not recommended in the future.  Therefore, an RSA
  key pair used for RSAES-OAEP key transport should not also be used
  for other purposes.

Does "other purposes" here mean "signing" or "other types of key transport"?
The comparison with PKCS #1 v1 seems to imply "signing", but it could also be
interpreted to mean PKCS #1v1 vs. PKCS #1v2 key transport... I could see that
the latter might lead to problems when you're communicating with existing
implementations, or a mixture of old and new.


<Prev in Thread] Current Thread [Next in Thread>