Re: [smime] Fwd: Last Call:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Denis Pinkas wrote:
> 
> I have a few comments about draft-schaad-smime-algorithm-attribute-03.txt:
> 
> 1) The key question is what should contain the field signatureAlgorithm ?
> 
> SignatureAlgorithmIdentifier is defined in section 10.1.2 from RFC 5652:
> 
> 10.1.2.  SignatureAlgorithmIdentifier
> 
>    The SignatureAlgorithmIdentifier type identifies a signature
>    algorithm, and it can also identify a message digest algorithm.
>    Examples include RSA, DSA, DSA with SHA-1, ECDSA, and ECDSA with
>    SHA-256.  A signature algorithm supports signature generation and
>    verification operations.  The signature generation operation uses the
>    message digest and the signer's private key to generate a signature
>    value.  The signature verification operation uses the message digest
>    and the signer's public key to determine whether or not a signature
>    value is valid.  Context determines which operation is intended.
> 
>       SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
> 
> 
> Some examples are questionable: is RSA really a "signature algorithm" ?
> sha-1withRSA is really a signature mechanism, since it cannot be used
> for encryption.


Call it "evolutionary heritage" (from PKCS#7 1.5 -> SMIME/CMS)

From
       http://tools.ietf.org/html/rfc2315#section-9.2
to
       http://tools.ietf.org/html/rfc2630#section-5.3

there was a semantical change in the SignerInfo ASN.1 structure
for SignedData in that the element "digestEncryptionAlgorithm"
was respecified as "SignatureAlgorithmIdentifier".


So for historical reasons, RSA-based signatures use the
original DigestEncryptionAlgorithm sematics and the AlgId
RSA / rsaEncryption (1.2.840.113549.1.1.1)

while all other public key signature schemes use the newer CMS semantics
"SignatureAlgorithmIdentifier" and a signature AlgId that includes
a specific hash algorithm.  I notice that rfc2630 section 5.3 lists "DSS"
as an example value for SignatureAlgorithmIdentifier, but e.g. our
implementation of PKCS7 uses id_dsa_with_sha1 (1.2.840.10040.4.3)
--the only DSA-related OID defined in rfc2630.

http://tools.ietf.org/html/rfc2630#section-12.2.1

_not_ id_dsa (1.2.840.10040.4.1) which AFAIK is used for DSA _keys_
in X.509 certs and defined elsewhere.


-Martin
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]