ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RSA OAEP Public Key Identification

2002-08-02 06:36:43
from [Housley, Russ] [Permanent Link] 

Jim:
Yes, it could all be in one document. At some point, when RFC 3279 is updated, the certificate-relevant information should go there. 

Russ

At 12:30 AM 8/2/2002 -0700, Jim Schaad wrote:

Russ,

I do like the idea of specifying a different key identificater OID for
RSA OAEP.  I don't like the idea of spreading this information over
multiple documents. (How do to the Certificate in one draft, how to use
in CMS in a second draft, possiblibly a third thing in a third draft.)
Can we combine together some of the specification?

jim

> -----Original Message-----
> From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
> [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Housley, 
Russ
> Sent: Thursday, August 01, 2002 2:01 PM
> To: ietf-smime(_at_)imc(_dot_)org
> Subject: RSA OAEP Public Key Identification
>
>
>
> At the meeting in Yokohama, we discussed the RSA OAEP draft.
> One of the
> areas that was discussed was the security considerations
> section, where the
> document recommends that a key pair only be used for one
> purpose.  Presently, we do not have a mechanism for
> identifying how a key
> holder would like to have their public key used.
>
> The certificate currently tells the message originator that
> the public key
> is an RSA key, and the key usage extension tells that the
> public key can be
> used for key transport.  There is nothing to tell the message
> originator
> whether RSA PKCS #1 v1.5 or RSA OAEP ought to be used with a
> particular
> key.  So, there is no indication to the message originator
> that will allow
> the security consideration to be implemented.
>
> Here is my proposed solution: use a different algorithm
> identifier in the
> certificate.
>
> I suggest that the id-RSAES-OAEP be used in the certificate
> subject public
> key info field to indicate that the public key should ONLY be
> used with RSA
> OAEP.
>
> This proposal may make transition from RSA PKCS #1 v1.5 to
> RSA OAEP a bit
> more difficult, since it would not allow one key pair to be
> used with both
> algorithms.  However, this is exactly what the security
> considerations
> recommend.
>
> Does anyone have concerns with this approach?
>
> If this approach is adopted, then a companion document in the
> PKIX working
> group for the proper handling of RSA OAEP (and probably RSA
> PSS) public
> keys will likely be needed.
>
> Russ
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  I-D ACTION:draft-ietf-smime-cms-rsaes-oaep-05.txt, Internet-Drafts
Next by Date:  Re: RSA OAEP Public Key Identification, Housley, Russ
Previous by Thread:  RE: RSA OAEP Public Key Identification, Jim Schaad
Next by Thread:  Re: RSA OAEP Public Key Identification, Peter Gutmann
Indexes:  [Date] [Thread] [Top] [All Lists]