Re: I-D ACTION:draft-ietf-smime-multisig-00.txt2007-01-02 12:25:01
Denis:
I do not know how to constructively continue this discussion. We do not seem to be communicating with each other. Trying one more time... See below.
In most certificates used for S/MIME today, the subject public key identifier contains the algorithm identifier listed in 2.3.1 of RFC 3279: The OID rsaEncryption identifies RSA public keys. pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1} Then, the CMS SignerInfo indicates RSA as well as the one-way hash function that is used for the encapsulated content. These are the OID that I found in the RFCs: md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 } sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } The certificate does not require the subject public key to be used with any particular one-way hash function, but the signature itself tells which one-way hash function way employed by the signer. None of this is new! What text needs to be added to the document? I am willing to consider additional text, but so far, I do not see a need.
You did not quote the part of Section 4.2.1.2 of RFC 3280 that describe the most commonly used technique for computing a key identifier: (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits). If the two certificates contain the same RSA public key, then this value will most certainly be the same!
Again, if the two certificates contain the same RSA public key, then this value will most certainly be the same! You seem to be making some unstated assumptions about certification policies.
I am not trying to distinguish the certificates. The issuer and serial number would allow me to do that. At this point, I do not know what else to say. I am going to leave it to the S/MIME WG Chairs to determine what changes, if any, are needed to resolve your Last Call comment. Russ
|
|