RE: Binding between keys and schemes?

To: 'Pedro Félix' <pfelix@xxxxxxx>, Tolga Acar <TACAR@xxxxxxxxxx>, ietf-pkix@xxxxxxx

Subject: RE: Binding between keys and schemes?

From: Jim Schaad <jimsch@xxxxxxxxxxxxxxxxxxxxxx>

Date: Mon, 24 Jan 2000 19:30:54 -0800

Cc: "Ietf-Smime (E-mail)" <ietf-smime@xxxxxxx>

My personal opinion on this issue is that in the absense of other knowledge PKCS1-v1_5 would be used. If the S/MIME capabilities contained the OID for OAEP, then it could be used instead. The certificate does not state which scheme is to be used (just as it does not state that 3DES or RC5 should be the bulk encryption algorithm used).

jim

-----Original Message-----
From: Pedro Félix [mailto:pfelix@isel.pt]
Sent: Friday, January 21, 2000 2:26 AM
To: Tolga Acar; ietf-pkix@imc.org
Subject: Re: Binding between keys and schemes?

First of all, thanks for your reply.

I apologise for not making my question clear.

When I asked about the binding between a key and a scheme, I was not refering to the scheme used to sign the certificate.

Let's supose that ALICE, running protocol P, want's to send a PKCS#7 Envelope to BOB, and has a X.509 certificate of BOB's public key (with rsaEncryption OID on the subjectPublicKeyInfo field). The certificate was signed with scheme X (eg. DSA) and was correctly verified by ALICE using that scheme.

Which ENCRYPTION scheme should ALICE use to build the Envelope? ( RSAES-PKCS1-v1_5, RSAES-OAEP , ...)

Probably ALICE would want to use the new RSAES-OAEP, but does BOB support it?

If I understood you correctly, this binding between the key and the scheme IS NOT made by a X.509 certificate (except when the retation is 1-1) and has to be built by other means (possibly defined by the protocol P). I'm I right?

I assume that the source of my initial confusion comes from the fact that, in PKCS#1, the same OID (rsaEncryption) is used to identify both a key and a encryption scheme.

Once again, I thank you for your reply

Best regards

- Pedro Felix