ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: I-D ACTION:draft-ietf-smime-multisig-00.txt

2006-12-27 11:16:46
from [Russ Housley] [Permanent Link] 

Denis:
We are talking about signatures on CMS object, not signatures on certificates. The recipient of the signed CMS object needs to be able to validate the signature on the certificate as well as the CMS signed object.
If the signer has a certified RSA public key, then the signer can sign a CMS object using both RSA with SHA-1 and RSA with SHA-256. Each one will be a SignerInfo, and the sid (using either the issuerAndSerialNumber or the subjectKeyIdentifier) in each of them will identify the same certified public key.
If the RSA public key is placed in two certificates, one signed by the CA using RSA with SHA-1 and the other signed by the CA using RSA with SHA-256, then you get a better situation from a cryptographic strength perspective. However, the subject key identifier will be the same in both certificates, which allows the recipient to easily detect that the signatures are from the same signer if that form of sid is used. Which is the one that S/MIME has been encouraging for quite some years, mostly due to size. 

Russ

At 11:18 AM 12/27/2006, Denis Pinkas wrote:


Russ,

I probably  missed something.

>Denis:

>You make some good points about the document, and I am sure that they
>will spur discussion. However, I want to talk about this part of your message: 

>>This document is necessary so that
>>draft-ietf-smime-cms-mult-sign-02.txt may be applicable.
>>The two documents should be merged.

>>Let me explain briefly :draft-ietf-smime-cms-mult-sign-02.txt does
>>not provide any means so that,
>>at the CMS level, an application can figure out that the same signer
>>has placed two SignerInfo structures.
>>This new draft fills in the gap.

>This is not accurate.  In fact, for the transition that we are facing
>right now, from RSA with SHA-1 to RSA with SHA-256, the document does
>provide the means to determine that two SignerInfo structures are
>associated with the same signer.  Yet, other transitions require more
>knowledge of the application, and the document warns about this situation.
Usually, if the CA chooses to issue a certificate with SHA-256, it will also change 
the value of the private key and sometimes augment the size of the key.
Would you explain, in a few words, the assumption under which the link is provided 
at the CMS level (i.e. not at the application level) ?

Denis

>S/MIME is not the only application that uses CMS.  I think the
>documents should remain separate.

>Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I-D ACTION:draft-ietf-smime-multisig-00.txt, Denis Pinkas
Previous by Thread:  Re: I-D ACTION:draft-ietf-smime-multisig-00.txt, Denis Pinkas
Next by Thread:  {Blocked Content} I-D ACTION:draft-ietf-smime-ibearch-02.txt, Internet-Drafts
Indexes:  [Date] [Thread] [Top] [All Lists]