I noticed that the language in section 5.3 on Symmetric-Key Encrypted
Session Key packets is not right:
5.3. Symmetric-Key Encrypted Session Key Packets (Tag 3)
The Symmetric-Key Encrypted Session Key packet holds the
symmetric-key encryption of a session key used to encrypt a message.
Zero or more Encrypted Session Key packets and/or Symmetric-Key
Encrypted Session Key packets may precede a Symmetrically Encrypted
Data Packet that holds an encrypted message.
The second sentence should begin "Zero or more Public-Key Encrypted
Session Key packets and/or Symmetric-Key Encrypted Session Key Packets..."
It left off "Public-Key" and just refers to "Encrypted Session Key
packets" which is not a packet type. In particular, referring to
"Encrypted Session Key packets and/or Symmetric-Key Encrypted Session
Key Packets" is incoherent.
The langage in 5.1, for comparsion:
5.1. Public-Key Encrypted Session Key Packets (Tag 1)
A Public-Key Encrypted Session Key packet holds the session key used
to encrypt a message. Zero or more Encrypted Session Key packets
(either Public-Key or Symmetric-Key) may precede a Symmetrically
Encrypted Data Packet, which holds an encrypted message.
This is not ideal in terms of the packet names; you have to mentally
move the prefixes listed in the parenthesis up and put them in front of
Encrypted Session Key. But given that slight lapse in clarity, it is
basically correct, and is not as bad as 5.3.
All this language is unchanged since RFC2440.
I do think we should fix at least 5.3, because the present wording is
meaningless and confusing. If we do that I'd suggest changing the 2nd
sentence of 5.1 to match that of 5.3.
Hal Finney