All,
IMHO, Blake has done a great job of incorporating the comments into MSG-04
(4 May 98) upon which the group has reached concurrence. I have a few comments:
1) Sec 2.5.2: Please add the following text as the second paragraph:
"If present, the SMIMECapabilities attribute MUST be an authenticated
attribute; it MUST NOT be an unauthenticated attribute. CMS defines
authenticatedAttributes as a SET OF AuthAttribute. A signerInfo MUST NOT
include multiple instances of the SMIMECapabilities attribute. CMS defines
the ASN.1 syntax for the authenticated attributes to include attrValues SET
OF AttributeValue. A SMIMECapabilities attribute MUST only include a single
instance of AttributeValue. There MUST NOT be zero or multiple instances of
AttributeValue present in the attrValues SET OF AttributeValue."
2) Sec 2.5.3: Please add the following text as the second paragraph:
"If present, the SMIMEEncryptionKeyPreference attribute MUST be an
authenticated attribute; it MUST NOT be an unauthenticated attribute. CMS
defines authenticatedAttributes as a SET OF AuthAttribute. A signerInfo
MUST NOT include multiple instances of the SMIMEEncryptionKeyPreference
attribute. CMS defines the ASN.1 syntax for the authenticated attributes to
include attrValues SET OF AttributeValue. A SMIMEEncryptionKeyPreference
attribute MUST only include a single instance of AttributeValue. There MUST
NOT be zero or multiple instances of AttributeValue present in the
attrValues SET OF AttributeValue."
3) App E: See in-line comments:
4.1 keylengths for RSA need to move to CMS
[JSP: Agree.]
2.5.3.1 to determine the "same subject name" should this be a check
against the subject DN, or both the DN and the subjectAltName
extension?
[JSP: Both.]
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================