ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RSA OAEP Public Key Identification

2002-08-02 00:31:38
from [Jim Schaad] [Permanent Link] 

Russ,

I do like the idea of specifying a different key identificater OID for
RSA OAEP.  I don't like the idea of spreading this information over
multiple documents. (How do to the Certificate in one draft, how to use
in CMS in a second draft, possiblibly a third thing in a third draft.)
Can we combine together some of the specification?

jim


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley, 
Russ
Sent: Thursday, August 01, 2002 2:01 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RSA OAEP Public Key Identification



At the meeting in Yokohama, we discussed the RSA OAEP draft.  
One of the 
areas that was discussed was the security considerations 
section, where the 
document recommends that a key pair only be used for one 
purpose.  Presently, we do not have a mechanism for 
identifying how a key 
holder would like to have their public key used.

The certificate currently tells the message originator that 
the public key 
is an RSA key, and the key usage extension tells that the 
public key can be 
used for key transport.  There is nothing to tell the message 
originator 
whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a 
particular 
key.  So, there is no indication to the message originator 
that will allow 
the security consideration to be implemented.

Here is my proposed solution: use a different algorithm 
identifier in the 
certificate.

I suggest that the id-RSAES-OAEP be used in the certificate 
subject public 
key info field to indicate that the public key should ONLY be 
used with RSA 
OAEP.

This proposal may make transition from RSA PKCS #1 v1.5 to 
RSA OAEP a bit 
more difficult, since it would not allow one key pair to be 
used with both 
algorithms.  However, this is exactly what the security 
considerations 
recommend.

Does anyone have concerns with this approach?

If this approach is adopted, then a companion document in the 
PKIX working 
group for the proper handling of RSA OAEP (and probably RSA 
PSS) public 
keys will likely be needed.

Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: AES and PKCS #1 v1.5 Issue, Jim Schaad
Next by Date:  Re: RSA OAEP Public Key Identification, Peter Gutmann
Previous by Thread:  RSA OAEP Public Key Identification, Housley, Russ
Next by Thread:  RE: RSA OAEP Public Key Identification, Housley, Russ
Indexes:  [Date] [Thread] [Top] [All Lists]