At 04:48 PM 2/2/98 -0500, John Pawling wrote:
1) Sec 1.1, 2nd para, and Sec 3.7:
As we have both agreed, I propose that we just take out all this kruft and say
"You're expected to have a cert. If you need to get one, S/MIME v2 did it this
way and PKIX will do it a different way and you have to agree with your CA
about how you will do it with them." Again, I don't think we need to specify
this in S/MIME since it's not part of end-to-end security.
3) Sec 2.6.2.4. Please change "MUST use RC2/40" to "SHOULD use RC2/40".
Actually, section 2.6.2.4 should simply be removed. You can't guarantee no
failed decryption with a SHOULD.
Related to this, the paragraph at the beginning of 2.6 should have "Sending
and
receiving..." at the beginning of each of the sentences. The "Receiving" only
is an artifact from our wigglywaggling in S/MIME v2.
8) Sec H: "Need OIDs for DH": PKIX X.509 Certificate and CRL Profile, sec
7.3.2 defines the use of the ANSI X9.42 dhpublicnumber OBJECT
IDENTIFIER ::= { iso(1) member-body(2) us(840) ansi-x942(10046)
number-type(2) 1 } for DH keys in X.509 certs. Can we use that OID for CMS?
We can either refer to PKIX, or Russ can add this to the CMS spec and I can
add
it to the OIDs page. I prefer the latter, due to the problems we're having
with
PKIX. What do others want?
--Paul Hoffman, Director
--Internet Mail Consortium