OK, Blake's awake and revising things:
On Friday, March 13, 1998 12:34 PM, jsp(_at_)jgvandyke(_dot_)com
11) Sec 4.4.2, last para: Please add: "If the keyUsage keyAgreement
set to 1 AND if the public key is to be used to form a pairwise key to
decrypt data, then the S/MIME agent MUST only use the public key if
keyUsage encipherOnly bit is set to 0. If the keyUsage keyAgreement
set to 1 AND if the key is to be used to form a pairwise key to
data, then the S/MIME agent MUST only use the public key if the
decipherOnly bit is set to 0."
I need some explanation for this. My understanding is that we have
three uses for certificates that would be affected by the keyUsage
1. Validating a signature on a certificate or CRL
2. Validating a signature on a message
3. Creating a RecipientInfo on a message (encrypting the content
Why are we calling out this specific case, but not the others?
14) Appendix D, Please delete this entire Appendix because it is out
and not needed.
I will agree that it is out of date, but is it truly not needed? Would
it be better to fix it or throw it out?
Blake C. Ramsdell
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060