RE: 3rd try at Algorithms Section

There are a couple of issues that I still have on this section.

1.  I would like to add a paragraph along the following lines:
"The working group decided to include the IV as part of the cipher text
stream in order to allow for the encryption method parameter to be omitted.
Good cryptographic practice requires that a different random IV  be used
with every block algorithm. If the IV were specified as part of the
encryption method, either the IV would have to be implicitly known by the
decryptor or the encryption method structure would be required to exist in
order to carry the IV."

2. I do not like the fact that a schema has been proposed for
EncryptionMethod that provides for an amalgamation of different parameters
from various different algorithms.  I can see somebody attempting to set the
KeySize parameter with 3DES and not getting expected behavior.  The values
of 112, 128, 168 and 192 are all reasonable values to place into that
structure for the uninitiated (and would be logical to include if doing key
derivation potentially).  I strongly prefer having each algorithm define the
parameters it needs in it's namespace.

3. You omitted using most of my comments on DH.  KeyInfo is suppose to
contain within it one or more methods of retrieving the same key value.  The
inclusion of the AgreementMethod item violates this principle.  The
information to do key agreement is part of the DH encryption method and
should be placed at that location.

jim

Received on Wednesday, 13 June 2001 17:50:01 UTC