ietf-smime
[Top] [All Lists]

Re: RSA OAEP Public Key Identification

2002-08-02 01:49:29

"Housley, Russ" <rhousley(_at_)rsasecurity(_dot_)com> writes:

Here is my proposed solution: use a different algorithm identifier in the
certificate.  I suggest that the id-RSAES-OAEP be used in the certificate
subject public key info field to indicate that the public key should ONLY be
used with RSA OAEP.

Hmm, I can see some problems with this.  From the technical point of view it's
probably the easiest way to do it, but I can see horrible deployment problems.
What you're doing is creating something which quacks like an RSA key but which
will fail to work with anything which normally uses RSA keys.  I think I'd
have quite some problems laying this out for developers, let alone end users -
all they'd see is an RSA key which doesn't work properly.

I'm also not sure that this is an algorithm issue.  An RSA key is an RSA key,
whether you use it for PKCS #1, 9796, X9.31, or OAEP.  We don't ship them with
OIDs saying they can't be used to wrap RC4/40 keys, or used on public internet
terminals, or fed to your parrot.

I'd prefer to delegate this to the application (via SMIMECapabilities) like
most other stuff of this nature.  Alternatively, create an extKeyUsage or
something, but creating a cert which (deliberately) doesn't work properly when
you try and use it really seems to be asking for trouble.

Peter.