ietf-smime
[Top] [All Lists]

RE: I-D ACTION:draft-ietf-smime-certcapa-02.txt

2005-02-16 13:17:40

Thanks Jim,

I agree to the text. Unless there are any objections on the list I have
no problem including this text in the draft for the IESG process.

Stefan Santesson
Microsoft Security Center of Excellence (SCOE)
 

-----Original Message-----
From: Jim Schaad [mailto:ietf(_at_)augustcellars(_dot_)com]
Sent: den 16 februari 2005 09:46
To: ietf(_at_)augustcellars(_dot_)com; Stefan Santesson
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: I-D ACTION:draft-ietf-smime-certcapa-02.txt

Stefan,

I am not really happy with how the following item was addressed.

2.  I would like to see the addition of a paragraph
describing the types of capabilities that are expected to be
listed.  It seems obious that bulk encryption algorithms are
listed as, potentially, are key encryption algorithms
(consider RSA-OAEP as an example).  However it is not clear
about some of the other potential capabililties.  What about
signature and hash algorithms?  What about MAC algorithms?
What about S/MIME specifics such as id-cap-preferBinaryInside?


Since I did not care for the paragraph that you have, I am suggesting
the
following paragraph instead.



There are numerous different types of S/MIME capabilities that have
been
defined by different documents.  While all of the different
capabilties
can
be placed in this attribute, in many cases not all of them need to be
included.  Generally only those items relating to encryption
capabities
are
included.

- Signature/Hash Algorithms: As a general rule, the signature
processing
capaiblities of a client are assumed rather than checked, this means
that
if
they are placed in this extension they may be ignored.

- Content Encryption Algorrithms: This is the general set of
capabities
that
will be placed in the extension.

- Key Encryption/Key Transport Algorithms: These capabilities are
placed
in
the extension in thoses cases where additional constraints are placed
on
the
the public key algorithm.  (An example would be using RSA-OAEP for a
generic
RSA key.)

- MAC Algorithms: These capabilties are genreally omitted from the
extension.

- Other capabitlies: This includes such items as binary content
prefered.
These capabilties may or may not be generally included depending on
wither
the item is related to encryption or signature operations.