I've been perusing the DH draft: great work!
I have a few comments.
2.1.4. Keylengths for common algorithms
Some common key encryption algorithms have KEKs of the following
DES-ECB 64 bits
3DES-EDE-ECB 192 bits
RC2 (all) 256 bits
RC2-n in the content encryption cipher I take to mean a keylength of n/8
bytes and an effective keylength of n bits. I can't give a reference but
for me at least it's simply "what works" and established practice for
existing S/MIME implementations for RC2-128, RC2-64 and RC2-40.
This need not be followed for the key wrapping algorithms of course but
it might be preferable if e.g. "RC2-40" always refers to the same basic
IMHO the "standard" meaning should be kept for the content encryption
key whatever the wrapping meaning to allow mixed key transport and key
agreement messages to work.
Also the standard has SHA-1 hard coded. Perhaps this should be
selectable by the CMS with a default of SHA-1. This would allow for
healthy paranoia in that SHA-1 might be broken some day. Otherwise
changing it would be very painful if CMS had no provision for an
alternative digest function.
I suppose it could be commented that using an OCTET STRING for "counter"
to represent a number is a bit naughty and an INTEGER would be more
appropriate: but that doesn't really matter (to me at least).
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
PGP key: via homepage.