Russ,
I do like the idea of specifying a different key identificater OID for
RSA OAEP. I don't like the idea of spreading this information over
multiple documents. (How do to the Certificate in one draft, how to use
in CMS in a second draft, possiblibly a third thing in a third draft.)
Can we combine together some of the specification?
jim
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley,
Russ
Sent: Thursday, August 01, 2002 2:01 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RSA OAEP Public Key Identification
At the meeting in Yokohama, we discussed the RSA OAEP draft.
One of the
areas that was discussed was the security considerations
section, where the
document recommends that a key pair only be used for one
purpose. Presently, we do not have a mechanism for
identifying how a key
holder would like to have their public key used.
The certificate currently tells the message originator that
the public key
is an RSA key, and the key usage extension tells that the
public key can be
used for key transport. There is nothing to tell the message
originator
whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
particular
key. So, there is no indication to the message originator
that will allow
the security consideration to be implemented.
Here is my proposed solution: use a different algorithm
identifier in the
certificate.
I suggest that the id-RSAES-OAEP be used in the certificate
subject public
key info field to indicate that the public key should ONLY be
used with RSA
OAEP.
This proposal may make transition from RSA PKCS #1 v1.5 to
RSA OAEP a bit
more difficult, since it would not allow one key pair to be
used with both
algorithms. However, this is exactly what the security
considerations
recommend.
Does anyone have concerns with this approach?
If this approach is adopted, then a companion document in the
PKIX working
group for the proper handling of RSA OAEP (and probably RSA
PSS) public
keys will likely be needed.
Russ