John:
I agree that I need to add a paragraph about OriginatorInfo. The words
that you provide suggest that the certs should not be OPTIONAL. I do not
think that this is correct. In some cases, the originator might know that
his certificate is already in the recipient's cache.
Russ
At 06:23 PM 11/4/97 -0500, John Pawling wrote:
All,
I need to enhance my previous comment #8 to be:
8) sec 6.1: Please add the following text to the description of the fields
of type EnvelopedData: "originatorInfo includes information regarding the
originator. It is present in EnvelopedData only if required by the key
management algorithm (e.g. Diffie-Hellman (DH), Key Exchange Algorithm
(KEA)). At a minimum, originatorInfo must include the certificate
containing the originator's key management public key material required by
the recipient to form the pairwise key required to decrypt the recipient's
copy of the content-encryption key. originatorInfo may include multiple key
management certificates for the same subject (i.e. originator). For
example, if the originator has included both DH-protected and KEA-protected
copies of the content-encryption key in recipientInfos, then separate
certificates including the originator's KEA and DH public key material would
be required in originatorInfo."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
To: ietf-smime(_at_)imc(_dot_)org
From: jsp(_at_)jgvandyke(_dot_)com (John Pawling)
Subject: Comments to CMS-00
Cc:
Bcc:
X-Attachments:
All,
IMHO Russ Housley has done a most excellent job of drafting the
"Cryptographic Message Syntax" spec. I have the following minor comments:
1) Abstract: Please change "deriveded" to "derived".
2) Sec 3: Please change "in 3 The methods below" to "The methods below".
3) Sec 5: Please change: "The signer's public key is either contained in a
certificate included in the signer information, or is referenced by an
issuer distinguished name and an issuer-specific serial number that uniquely
identify the certificate containing the public key." to "The signer's public
key is referenced by an issuer distinguished name and an issuer-specific
serial number that uniquely identify the certificate containing the public
key. The signer's certificate may be included in the SignedData
certificates field."
4) Sec 5, last sentence: Please change "signiture" to "signature".
5) sec 5.1, version description: Please change "version shall 1" to
"version shall be 1"
6) sec 5.1, certificates description: Please change "version shall 1" to
"version shall be 1"
7) sec 5.4: Please change two occurrences of "algorithm deployed" to
"algorithm employed".
8) sec 6.1: Please add the following text to the description of the fields
of type EnvelopedData: "originatorInfo includes information regarding the
originator. It is present in EnvelopedData only if required by the key
management algorithm (e.g. Diffie-Hellman)."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================
At 06:01 PM 11/1/97 -0800, Paul Hoffman / IMC wrote:
The Internet Draft for the message format to be used in S/MIME 3 is now
available; please see <http://www.imc.org/draft-housley-smime-cms>. This is
the replacement for PKCS #7 1.5, and is only slightly different. Strap on
your ASN.1 goggles and enjoy!
Two other parts of S/MIME 3 (the message spec and the optional security
enhancements) will be appearing shortly. The certs spec will appear in a
few weeks, once we finish with the v2 certs definition.
--Paul Hoffman, Director
--Internet Mail Consortium