[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Way Forward
As Russ points out, there are applications of S/MIME where the known chosen
on PKCS 1 encryption is applicable.
However I believe the more significant threat is that academic cryptographers
stopped looking at PKCS 1 encryption because they view it as broken from a
I think this means that the risk that someone will come up with an improved
attack (or already knows
a better attack but is not publicizing it) is significant.
I'd like to raise the opinions above as an objection to increasing the
endorsement by the S/MIME
WG of PKCS 1 encryption and would prefer to see the use of OAEP encouraged.
Best regards. Simon
Eric Rescorla <ekr@xxxxxxxxxxxxxxx> on 08/01/2000 05:18:45 PM
Please respond to EKR <rescorla@xxxxxxxxxxxxxx>
To: Russ Housley <housley@xxxxxxxxxx>
cc: ietf-smime@xxxxxxx (bcc: Simon Blake-Wilson/Certicom)
Subject: Re: Way Forward
Russ Housley <housley@xxxxxxxxxx> writes:
> The attack is probably impossible to mount using S/MIME against a
> human-operated mail agent; however, I am not convinced that a mail list
> agent (or other automated mail agent) would be immune. Further, CMS is
> being used in many environments, not just S/MIME, and some of those
> environments may have issues.
Understood, but it's trivial to patch these S/MIME agents to
be completely immune to this attack without compromising compatibility.
> OAEP have been available for years. PKCS#1 v2.0 includes it. I do not
> think that it is immature.
That's not the issue that I am concerned with. Rather, I'm concerned
with introducing gratuitous incompatibilities.