[Top] [All Lists]

Re: I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-04.txt

2002-07-26 12:49:26


Thanks for reading the document.

This text recommends the most prudent approach. Use the key for only one algorithm and only one purpose.


At 04:12 AM 7/26/2002 +1200, Peter Gutmann wrote:

>   Generally, good cryptographic practice employs a given RSA key pair
>   in only one scheme.  This practice avoids the risk that vulnerability
>   in one scheme may compromise the security of the other, and may be
>   essential to maintain provable security.  While PKCS #1 Version 1.5
>   [PKCS#1v1.5] has been employed for both key transport and digital
>   signature without any known bad interactions, such a combined use of
>   an RSA key pair is not recommended in the future.  Therefore, an RSA
>   key pair used for RSAES-OAEP key transport should not also be used
>   for other purposes.

Does "other purposes" here mean "signing" or "other types of key transport"?
The comparison with PKCS #1 v1 seems to imply "signing", but it could also be
interpreted to mean PKCS #1v1 vs. PKCS #1v2 key transport... I could see that
the latter might lead to problems when you're communicating with existing
implementations, or a mixture of old and new.


<Prev in Thread] Current Thread [Next in Thread>