ECC Design Team Update of RFC4055

["Turner, Sean P." <turners@xxxxxxxx>]

The ECC design team agreed to produce two document: the first is the ID
specifies subjectPublicKeyInfo field for ECC public keys and the second
updates RFC4055. We're suggesting that parameters (like KDFs) be prohibited
in algorithm identifier parameters (i.e., make it a MUST NOT). We want to
make sure that we're not going to disturb an installed base so ....

Are there any implementors who implemented the RSAES-OAEP parameters?

Here's the suggested changes to RFC4055:

In Section 4 replace:

"CAs that issue certificates with the id-RSAES-OAEP algorithm identifier
SHOULD require the presence of parameters in the publicKeyAlgorithms field
for all certificates. Entities that use a certificate with a
publicKeyAlgorithm value of id-RSA-OAEP where the parameters are absent
SHOULD use the default set of parameters for RSAES-OAEP-params. Entities
that use a certificate with a publicKeyAlgorithm value of rsaEncryption
SHOULD use the default set of parameters for RSAES-OAEP-params."

with:

"CAs that issue certificates with the id-RSAES-OAEP algorithm identifier
MUST NOT include parameters in the subjectPublicKeyInfo algorithmIdentifier
field for all certificates."

In section 4.1 replace:

"The parameters may be either absent or present when used as subject public
key information"

with:

"The parameters MUST NOT be either present when used in
subjectPublicKeyInfo."

spt 

P.S. We'd also suggest other editorial changes like replacing
publicKeyAlgorithm because there's no such field.