OK, Blake's awake and revising things:
On Friday, March 13, 1998 12:34 PM, jsp(_at_)jgvandyke(_dot_)com
[SMTP:jsp(_at_)jgvandyke(_dot_)com] wrote:
11) Sec 4.4.2, last para: Please add: "If the keyUsage keyAgreement
bit
is
set to 1 AND if the public key is to be used to form a pairwise key to
decrypt data, then the S/MIME agent MUST only use the public key if
the
keyUsage encipherOnly bit is set to 0. If the keyUsage keyAgreement
bit
is
set to 1 AND if the key is to be used to form a pairwise key to
encrypt
data, then the S/MIME agent MUST only use the public key if the
keyUsage
decipherOnly bit is set to 0."
I need some explanation for this. My understanding is that we have
three uses for certificates that would be affected by the keyUsage
extension:
1. Validating a signature on a certificate or CRL
2. Validating a signature on a message
3. Creating a RecipientInfo on a message (encrypting the content
encryption key)
Why are we calling out this specific case, but not the others?
14) Appendix D, Please delete this entire Appendix because it is out
of
date
and not needed.
I will agree that it is out of date, but is it truly not needed? Would
it be better to fix it or throw it out?
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060