Defect report: (Email from Hoyt Kesterson, March 21, 2003) In the 1st edition of X.509 (1988), an OID was assigned to the RSA encryption algorithm (2.5.8.1.1). However, the PKCS #1 specification assigned a different OID to the RSA encryption algorithm (1.2.840.113549.1.1.1). The signature process defined by the use of the OID in the X.509 Annex does not describe how to properly format the data, compute the message digest or otherwise process the signature beyond the basic mathematics of the RSA algorithm whereas the PKCS specification does. The PKCS#1 OID is the one that industry has adopted and profiled (e.g. in RFC 3279, RFC 3370) and there is a risk of interoperability problems if the X.509 defined OID is used.
The defect report proposes that the algorithm specification be deprecated.
The specification in the annex was written to jump-start the creation of algorithm OIDs and to specify a signature mechanism using a hash algorithm we removed from the standard long ago. The other definitions in the annex have already been deprecated. We should really remove all these definitions and indicated that the OID values are reserved.
This seems to be an easy one to discuss on the list. Unless there are objections (by 4 April 2003), this DR will be resolved in a DTC to be circulated for approval.
joint-iso-itu-t(2)
![[webmaster]](/images/enveloppe.jpg){kind=small}
