Algorithms in PKIX and S/MIME - query

["Richard Lampard" <Richard.Lampard@xxxxxxxxxxxxxxx>]

We recently completed an interoperability trial looking at PKI and S/MIME v3 interoperability. If you're interested, the final report is available at:

www.cesg.gov.uk/cloudcover/PKIdemonstrator.htm 

We are about to embark on a second phase, this time looking at S/MIME v3 encryption. We are keen to mirror current thinking on S/MIME algorithms, which I
believe is:

Signature generation: DSA or RSA may be implemented
Signature processing: DSA and RSA must both be supported
Key transport: RSA

However, I also believe that PKIX thinking at the moment is that DSA is still the mandatory to implement algorithm for certificate and CRL signing.

This leads to the awkward situation where an implementation, for example, only signs S/MIME messages using RSA, but has to sign its RSA transport keys using
DSA. I can imagine other mismatches whereby the keys for one algorithm are signed by a different algorithm.

This seems to stem from the fact that thinking on algorithms between PKIX and  S/MIME is not yet aligned. I'd be very grateful for some advice on how we should
play our second phase, and what we should be asking vendors to bring to the trial. Is it realistic to expect vendors to support both DSA and RSA, especially in
their CAs?

Many thanks

Richard

Richard Lampard
CESG
PO Box 144
Cheltenham
Gloucestershire GL52 5UE
Tel: +441242 221491 x4086
Fax: +441242 709113
**********************************************************************
This email and any files transmitted with it is intended solely for 
the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify 
postmaster@xxxxxxxxxxxxxxxx
**********************************************************************