Re: Algorithm Selections

At 00:31 11/15/2000 -0800, Jim Schaad wrote:
>As promised at the XML Encryption workshop, here is a description of the 
>different types of algorithms along with what I would recommend for the 
>different levels of support.

Thanks! I agree with all of your recommendations, but I have a question on 
Key Transport.

>Key Transport Algorithms:
>RSA-v1.5 - This is the standard RSA algorithm used in CMS today.  It has 
>the benifit of being widely used and the downside that there is a known 
>attack againist it.
>RSA-OEAP - This is the revised RSA algorithm for doing key transport.  The 
>same RSA public/private key pair can be used for both RSA-v1.5 and RSA-OEAP 
>so there is no need to choose just one of these variants.
>Recommendation:  RSA-OEAP should be used with AES.  RSA-v1.5 should be used 
>with TripleDES.

I note this is not mandatory, which I think I'm please with but I wanted to 
chase the references and ended up getting confused. I found [1] for 
"RSAES-OA(?EP?) in CMS" and it refers to [2], but RFC2347 is actually TFTP 
Option Extension (Russ should switch the 3&4 to RFC2437 [3]). So:
1. What standard exactly is meant by RSA-OEAP? PKCS#1v2.0, it's CMS syntax, 
or would we have to come up with our own XML based version?
2. Why do you recommend RSA-v1.5 with TripleDES?

[1] S/MIME Working Group R. Housley Internet Draft SPYRUS expires in six 
months June 2000 Use of the RSAES-OAEP Key Transport Algorithm in CMS
[2] PKCS#1v2.0 Kaliski, B. PKCS #1: RSA Encryption, Version 2.0. RFC 2347. 
October 1998.

Joseph Reagle Jr.
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair

Received on Wednesday, 15 November 2000 14:40:12 UTC