Updates for RSAES-OAEP and RSASSA-PSS Algorithm Parameters
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, pkix mailing list <firstname.lastname@example.org>, pkix chair <email@example.com> Subject: Protocol Action: 'Update for RSAES-OAEP Algorithm Parameters' to Proposed Standard The IESG has approved the following document: - 'Update for RSAES-OAEP Algorithm Parameters ' <draft-ietf-pkix-rfc4055-update-02.txt> as a Proposed Standard This document is the product of the Public-Key Infrastructure (X.509) Working Group. The IESG contact persons are Pasi Eronen and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc4055-update-02.txt
Technical Summary The subjectPublicKeyInfo field of an X.509 certificate carries three data items: an algorithm identifier, optional parameters, and a bit string that represents the public key. The parameters are specific to the algorithm and this field usually contains simple values needed to characterize the public key algorithm, e.g., the generator and modulus for Diffie-Hellman. However, X.509 does not constrain the scope of this parameters field. The ANSI X9.62 standards committee elected to use this field to express potentially complex limitations on how the public key in the certificate can be used, e.g., which key derivation functions can be applied to the bit string that results from a Diffie-Hellman key exchange. After considerable debate, the PKIX WG has decided to not express key usage constraints via this field. Instead, the WG decided that this sort of information should be expressed via use of distinct algorithm identifiers. (This decision is consistent with the observation that current products are not deigned to handle such key usage restrictions expressed in the subjectPublicKeyInfo field.) RFC 4055 such allowed restrictions to be placed in this field when used with RSA-OAEP. This document changes RFC 4055 to say that restrictions MUST NOT be present in the certificate's subjectPublicKeyInfo field when used with RSA-OAEP. It also replaces incorrect references to the publicKeyAlgorithm field with references to the subjectPublicKeyInfo field. As a result, this revised version of RFC 4055 will be consistent with the PKIX WG conventions adopted for this field. Working Group Summary This ID was discussed on the mailing list. A poll was taken on the PKIX list to determine whether the proposed change was the way forward and another poll was taken to determine whether the change would adversely affect implementations. The WG was in favor of the change and no implementer said it would adversely affect their products. Further, vendors that implement RFC 4055 support the change. Document Quality This document is a short update of an existing draft and is comparable in quality to its predecessor. Personnel Steve Kent is the document Shepherd. Pasi Eronen is the responsible security area director.