ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

11/20/97 S/MIME V3 Msg Spec Comments

1997-12-03 12:35:45
from [John Pawling] [Permanent Link] 
Blake (and friends),

Thank you for incorporating some of my comments into the "20 Nov 97 S/MIME
Version 3 Message Specification".  I have the following comments regarding
the 11/20/97 spec:

1) Sec 1.1, sec 3.7: The spec "defines how to create certification requests
that conform to PKCS #10 [PKCS-10], and the application/pkcs10 MIME type for
transporting those requests."  IHMO, this is a significant issue that needs
to be debated further.  The issue is should the Spec discuss using PKCS #10,
PKIX CMP or some other variant?  Or should the topic of requesting
certificates be included in a separate document such as a PKIX document?
 
2) Sec 2.1, DigestAlgorithmIdentifier: Recommend changing to: "Receiving
agents MUST support SHA-1 [SHA1].  Receiving agents SHOULD support MD5 [MD5]
for the purpose of providing backward compatibility with MD5-digested S/MIME
v2 SignedData objects.  Sending agents SHOULD use SHA-1."

3) Sec H, Needed Changes: "Section 2.5.2 Add certs as an
authenticatedAttribute"  What does this mean?

4) Sec H: "What do we need to do for 4.1 in order to make it
Diffie-Hellman?" and "Section 4.1 needs to talk about DSS and DH minimum key
lengths for strong crypto."  I believe that there should be separate
documents describing the use of SHA-1, DSA and DH with the CMS and ESS
specs.  I don't believe that the details of DH key generation need to be
included in the base S/MIME v3 Message Spec.

5) Sec H:  IMHO, the S/MIME v2 Msg Spec Sec 2.6.1-2.6.3 text regarding the
process by which the applications chooses the encryption algorithm to use to
encrypt data was useful and should be reinstated into the S/MIME v3 Msg Spec
with the few text changes required to make RC2 optional and 3DES the default.

6) Sec H: IMHO, the X9.57 spec should be a reference for the id-sha1 and
id-dsa OIDs.  The following should be the reference for the DSA definition:
DIGITAL SIGNATURE STANDARD (DSS), FEDERAL INFORMATION PROCESSING STANDARDS
PUBLICATION (FIPS PUB) 186, 1994 May 19 published by the U.S. DEPARTMENT OF
COMMERCE/National Institute of Standards and Technology. (PDF and PostScript
versions are available from
http://www.armadillo.huntsville.al.us/Fortezza_docs/basic.html)

7) Sec H: "Is id-dsa the correct OID to use for
DigestEncryptionAlgorithmIdentifier?"  IMHO, yes (with parameters always
absent).

8) Sec H: "Is section 4.1 worded correctly?" IMHO, yes.


================================
John Pawling   
jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.           
================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • 11/20/97 S/MIME V3 Msg Spec Comments, John Pawling <=
Previous by Date:  Re: MSG-00 Signing-Time Attribute, Phillip H. Griffin
Next by Date:  Re: SigningTime, Russ Housley
Previous by Thread:  PGP Implementor's survey : First results snapshot available, Tony Mione
Next by Thread:  Re: SigningTime, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]