Sorry about the delay, Bill -- I'm in editing mode now.
On Thursday, March 26, 1998 2:35 PM, Flanigan, Bill
[SMTP:flanigab(_at_)ncr(_dot_)disa(_dot_)mil] wrote:
c. Section titles starting with Section 2.1.
Eliminate the run-on use of words.
These are the ASN.1 identifiers that correspond to the fields in the CMS
specification. Changing these to be more "human" would lose the
connection to those fields, wouldn't it?
f. Recommend that document be given a "PKI
scrub"
starting with Section 2.1.
Should I use soap?
How do you mean a PKI scrub? Remove all references to PKI?
g. Section 4.1, line 6-8. Keep this sentence,
and
delete the rest of the Section.
PKIX does not document the frequency of retrieval of CRLs nor does it
recommend local storage practices. I think this is necessary to
communicate, so we should probably see if there are any more comments.
h. Section 5.0, lines 2-3. It's unclear what
the
relationship is between the "S/MIME agent" and "protecting the
user's
private key." Shouldn't the user protect his/her/its private key
period?
They should, but I think it's important to call it out as a security
problem if you don't do something like password encrypt the private key.
Other comments?
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060