These are the changes that I am going to make to the -MSG draft for this
last cut.
1. SMIMECapabilities MUST be an authenticated attribute and MUST NOT be
unauthenticated, and there must only be one instance (John Pawling)
2. Ditto for SMIMEEncryptionKeyPreference (John Pawling)
3. RSA keylength minimums / maximums need to move to CMS (John Pawling)
4. SMIMECapabilities acceptance criteria cleanup (Stephen Henson)
5. List of supported CMS types (data, signed-data, enveloped-data) moved
back into MSG (John Pawling)
6. Slight wording changes in section 3.1 ("removed" becomes "processed")
for security services (Paul Hoffman and offline comments)
7. Mention risks of data integrity with enveloped-data (ciphertext
modifications are undetected) (Paul Hoffman and offline comments)
8. Signed and encrypted vs. encrypted and signed warnings (related to 7
above) (Paul Hoffman and offline comments)
9. Our broken version of ASN.1 is further broken by the omission of an
equalsign in CBCParameter (Paul Hoffman)
This list is a bit longer than the -CERT draft.
Flames welcome. New draft submitted Wednesday AM if no complaints.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060