All,
IMHO, CMS should be algorithm independent. If changes are required to
support HMAC (as stated by Jim), then those changes should be considered for
incorporation into CMS. We should also consider Jim's proposed changes
related to supporting key agreement algorithms such as the derived password
keys in PKCS#12.
However, I don't believe that we should change CMS to accommodate non-X.509
certificates. I believe that the S/MIME community has agreed that the X.509
Certificate syntax will be the standard format for binding an entity's
public key with its identity. Allowing other forms of certificates to be
used will adversely impact interoperability. I believe that Jim should
re-submit his proposal such that it does not include any changes solely
aimed at accommodating non-X.509 certificates.
One could make the argument that CMS is intended for use by application
environments other than S/MIME some of which may choose to use a format
other than the X.509 Certificate syntax. In that case, it may be
appropriate to make Jim's recommended changes to the CMS format, but to
include text in the S/MIME v3 Message and Cert specs stating that only X.509
Certificates can be used in S/MIME messages.
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================