ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [smime] Fwd: Last Call:

2010-12-28 12:57:08
from [Martin Rex] [Permanent Link] 
Denis Pinkas wrote:


I have a few comments about draft-schaad-smime-algorithm-attribute-03.txt:

1) The key question is what should contain the field signatureAlgorithm ?

SignatureAlgorithmIdentifier is defined in section 10.1.2 from RFC 5652:

10.1.2.  SignatureAlgorithmIdentifier

   The SignatureAlgorithmIdentifier type identifies a signature
   algorithm, and it can also identify a message digest algorithm.
   Examples include RSA, DSA, DSA with SHA-1, ECDSA, and ECDSA with
   SHA-256.  A signature algorithm supports signature generation and
   verification operations.  The signature generation operation uses the
   message digest and the signer's private key to generate a signature
   value.  The signature verification operation uses the message digest
   and the signer's public key to determine whether or not a signature
   value is valid.  Context determines which operation is intended.

      SignatureAlgorithmIdentifier ::= AlgorithmIdentifier


Some examples are questionable: is RSA really a "signature algorithm" ?
sha-1withRSA is really a signature mechanism, since it cannot be used
for encryption.



Call it "evolutionary heritage" (from PKCS#7 1.5 -> SMIME/CMS)

From
       http://tools.ietf.org/html/rfc2315#section-9.2
to
       http://tools.ietf.org/html/rfc2630#section-5.3

there was a semantical change in the SignerInfo ASN.1 structure
for SignedData in that the element "digestEncryptionAlgorithm"
was respecified as "SignatureAlgorithmIdentifier".


So for historical reasons, RSA-based signatures use the
original DigestEncryptionAlgorithm sematics and the AlgId
RSA / rsaEncryption (1.2.840.113549.1.1.1)

while all other public key signature schemes use the newer CMS semantics
"SignatureAlgorithmIdentifier" and a signature AlgId that includes
a specific hash algorithm.  I notice that rfc2630 section 5.3 lists "DSS"
as an example value for SignatureAlgorithmIdentifier, but e.g. our
implementation of PKCS7 uses id_dsa_with_sha1 (1.2.840.10040.4.3)
--the only DSA-related OID defined in rfc2630.

http://tools.ietf.org/html/rfc2630#section-12.2.1

_not_ id_dsa (1.2.840.10040.4.1) which AFAIK is used for DSA _keys_
in X.509 certs and defined elsewhere.


-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [smime] [pkix] Fwd: Last Call: <draft-schaad-smime-algorithm-attribute-03.txt> (SignerInfo Algorithm Protection Attribute) to Proposed Standard, Jim Schaad
Previous by Thread:  Re: [smime] [pkix] Fwd: Last Call: <draft-schaad-smime-algorithm-attribute-03.txt> (SignerInfo Algorithm Protection Attribute) to Proposed Standard, Jim Schaad
Next by Thread:  [smime] Fwd: Last Call: <draft-schaad-smime-algorithm-attribute-03.txt> (Signer Info Algorithm Protection Attribute) to Proposed Standard, Paul Hoffman
Indexes:  [Date] [Thread] [Top] [All Lists]