Perhaps someone could help me to undetand a3the meaning of RFC1423
section 4.3, specifically:
"This section identifies the alternative algoritms which shall be used"
and "Only one alternative is..."
my understanding of the word "alternative" means that there are at least
two.
This is a minor grammatical error in the RFC. It should read as "Only
one algorithm is presently defined in this category."
The same is true for all other occurences of the phrase "one alternative".
Does this mean that the algorithm from X.509 {joint-iso-ccitt
ds(5) modules(1) algorithmObjectIdentifiers(8) 3} is allowed?
No. Only one signature algorithm, md2WithRSAEncryption, as defined
in PKCS #1, is allowed. All signatures shall be constructed accordingly.
However, as described in Section 4.1.1, the signatures may be computed
using RSA public keys that are identified (in the SubjectPublicKeyInformation
component of a certificate) by the algorithm object identifier defined
in the X.509 module that you cite.
Peace ..Tom Jones
Luv and understanding,
-DB