At 07:52 PM 3/27/98 -0800, Paul Hoffman / IMC wrote:
At 11:44 AM 3/26/98 -0800, Jim Schaad (Exchange) wrote:
1. Section 2.6.2.3 and 2.6.2.4. The wording no longer works for these two
sections now that 3DES is a must and RC2/40 is an optional.
I disagree. The wording works fine.
OK, I now see what Jim was saying. I still disagree with his solution, but
I see where the wording needs to be changed. Instead of his suggested
changes for steps 3 and 4, I propose collapsing them into one:
2.6.1.3 Rule 3: Unknown Capabilities, Unknown Version of S/MIME
If:
- the sending agent has no knowledge of the encryption capabilities
of the recipient,
- and the sending agent has no knowledge of the version of S/MIME
of the recipient,
then the sending agent SHOULD use tripleDES because it is
stronger encryption and is required by S/MIME v3. If the sending
agent choses not to use tripleDES in this step, it SHOULD use
RC2/40.
--Paul Hoffman, Director
--Internet Mail Consortium