From nobody Sat Dec 24 12:06:34 2022 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14712C14F749 for ; Sat, 24 Dec 2022 12:06:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id krtz-5MhoGBk for ; Sat, 24 Dec 2022 12:06:32 -0800 (PST) Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DE7FC14F72C for ; Sat, 24 Dec 2022 12:06:32 -0800 (PST) Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 02373111E85; Sat, 24 Dec 2022 15:06:31 -0500 (EST) Received: from a860b60074bd.fios-router.home (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id CDD0D111DA6; Sat, 24 Dec 2022 15:06:30 -0500 (EST) From: Russ Housley Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_75C89E68-91A8-4B36-82A8-294F7D1FCACD" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\)) Date: Sat, 24 Dec 2022 15:06:30 -0500 In-Reply-To: <0aedcb9cef4436867986ae78baf64b56cd87c505.camel@siemens.com> Cc: LAMPS , "Brockhaus, Hendrik" To: "von Oheimb, David" References: <0aedcb9cef4436867986ae78baf64b56cd87c505.camel@siemens.com> X-Mailer: Apple Mail (2.3445.104.21) X-Scanned-By: mailmunge 3.10 on 66.39.134.11 Archived-At: Subject: Re: [lamps] CMS: selection of key management technique to use for EnvelopedData X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.39 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Dec 2022 20:06:33 -0000 --Apple-Mail=_75C89E68-91A8-4B36-82A8-294F7D1FCACD Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii David: > I wonder why nobody brought this up before -=20 > maybe simply because cryptographically educated users of CMS know (and = others should learn by failure) that RSA does not support key agreement = and ECC does not support key transport. The CMS-related algorithm specifications make it pretty clear. For = example, RFC 5753 tells ho to use ECC Algorithms in CMS. I do not see = how an implementer would try to use KeyTransRecipientInfo after reading = that document. Maybe some pointers are needed in CMP in the central key generation = section. Russ --Apple-Mail=_75C89E68-91A8-4B36-82A8-294F7D1FCACD Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii David:

I wonder why = nobody brought this up before - 
maybe simply = because cryptographically educated users of CMS know (and others should = learn by failure) that RSA does not support key agreement and ECC does = not support key transport.

The CMS-related algorithm = specifications make it pretty clear.  For example, RFC = 5753 tells ho to use ECC Algorithms in CMS.  I do not see how = an implementer would try to use KeyTransRecipientInfo after reading that = document.

Maybe = some pointers are needed in CMP in the central key generation = section.

Russ

= --Apple-Mail=_75C89E68-91A8-4B36-82A8-294F7D1FCACD--