Re: public versus secret ... Re: Single Key in Originator Information from Paul Lambert on 1999-04-23 (w3c-xml-sig-ws@w3.org from April 1999)

From: Paul Lambert <plambert@certicom.com>
Date: Fri, 23 Apr 1999 13:17:09 -0700
To: dee3@us.ibm.com
cc: w3c-xml-sig-ws@w3.org
Message-ID: <8825675C.006C3BF9.00@domino2.certicom.com>

>>...
>>Public key techniques do not need to provide
>>recipient unique information.
>
>### Maybe I misunderstand but if the public key technique being used is
>Diffie-Hellman and a recipient has many DH keys, is not "recipient unique
>information", in particular an indication of which key to use, needed?

You're right.  A Diffie-Hellman key exchange/agreement does need a public
key indicator and perhaps other information (random stuff).

I believe I intended to say - public key digital signatures do not need to
provide recipient unique information.

So, recipient unique information is used in different ways for each of the
major classes of mechanisms that we may support:


Recp. Info            Security Type
____________________________________

None                  PK Signature
------------------------------------
Session Key ID        Keyed Hash
  nonce/IV opt.
------------------------------------
Public Key ID         Key Agreement
  random stuff opt.
------------------------------------
Session Key ID        Encryption, Session Key Oriented
  nonce, IV opt,
------------------------------------
Public Key ID         Encryption, PK Based
  encrypted key, opt.
  IV, opt
------------------------------------


Does our object model and markup representation need to distinguish between
the different usage's of Recipient Information?  Maybe, maybe not.

At this point I need to go off-line and doodle on a few object models.
Recipient Unique Information may be just fine as an abstract interface with
the particular usage determined by refinement based on security type.

Paul






dee3@us.ibm.com on 04/23/99 12:13:49 PM

To:   w3c-xml-sig-ws@w3.org
cc:    (bcc: Paul Lambert/Certicom)
Subject:  public versus secret ... Re: Single Key in Originator Information




See comments indicated by ###...

Donald E. Eastlake, 3rd
17 Skyline Drive, Hawthorne, NY 10532 USA
dee3@us.ibm.com   tel: 1-914-784-7913, fax: 1-914-784-3833

home: 65 Shindegan Hill Road, RR#1, Carmel, NY 10512 USA
dee3@torque.pothole.com   tel: 1-914-276-2668



"Paul Lambert" <plambert@certicom.com> on 04/22/99 02:56:51 PM

To:   "Joseph M. Reagle Jr. (W3C)" <reagle@w3.org>
cc:   w3c-xml-sig-ws@w3.org (bcc: Donald Eastlake/Hawthorne/IBM)
Subject:  Re: Single Key in Originator Information


Joseph,

[...]

This restriction on syntax is one of the reasons I'm pushing on
differentiating the characteristics of a keyed hash versus public key
mechanisms.  Keyed hash mechanisms require a Recipient Info field.  Public
key techniques do not need to provide recipient unique information.

### Maybe I misunderstand but if the public key technique being used is
Diffie-Hellman and a recipient has many DH keys, is not "recipient unique
information", in particular an indication of which key to use, needed?

Paul

### Donald

Received on Friday, 23 April 1999 16:30:56 UTC