ietf-smime
[Top] [All Lists]

ESS-06 Comments

1998-08-04 05:22:35
All,

I have the following comments to ESS-06:


1) Sec 1.3.4, 2nd para:  Please make the following editorial change:

OLD: "CMS defines signedAttrs as a SET OF SignedAttributes and defines
unsignedAttributes as a SET OF UnsignedAttributes. ESS defines the
contentHints, contentIdentifier, eSSecurityLabel, msgSigDigest,
mlExpansionHistory and receiptRequest attribute types."

NEW: "CMS defines signedAttrs as a SET OF Attributes and defines
unsignedAttributes as a SET OF Attributes. ESS defines the
contentHints, contentIdentifier, eSSecurityLabel, msgSigDigest,
mlExpansionHistory, receiptRequest, contentReference and
equivalentLabels attribute types."


2) Sec 1.3.4, 5th para:  Please make the following editorial change:

OLD: "Note that the inner and outer signatures are for different 
senders, so that the same attribute in the two signatures could lead 
to very different consequences."

NEW:  "Note that the inner and outer signatures are usually for 
different senders.  The same attribute in the two signatures could 
lead to very different consequences."


3) Sec 3.4, 2nd para:  Please make the following change:

OLD: "Receiving agents will not process an equivalent label in a 
message if the agent does not trust the signer of that attribute to 
specify an equivalent security policy. Some receiving agents will not 
process any equivalent labels at all, and will only process 
eSSSecurityLabels. All receiving agents SHOULD recognize equivalent 
labels even if they do not process them."

NEW: "Receiving agents MUST NOT process an equivalentLabels attribute 
in a message if the agent does not trust the signer of that attribute 
to translate the original eSSSecurityLabel values to the security 
policy included in the equivalentLabels attribute.  It is an optional 
requirement for receiving agents to process equivalentLabels 
attributes.  It is acceptable for a receiving agent to only process 
eSSSecurityLabels. All receiving agents SHOULD recognize 
equivalentLabels attributes even if they do not process them."


4) Sec 3.4.1, 5th para: Please make the following editorial change:

OLD: "CMS defines signedAttributes as a SET OF SignedAttribute."

NEW: "CMS defines signedAttributes as a SET OF Attribute."


3) Sec 3.4.2, 2nd para:  Please make the following change:

OLD:  "A receiving agent MUST NOT act on an EquivalentLabels attribute 
for which the signature could not be validated, and MUST NOT act on an 
EquivalentLabels attribute unless that attribute is signed by an
entity trusted to add or change access policies."

NEW: "A receiving agent MUST NOT act on an equivalentLabels attribute 
for which the signature could not be validated, and MUST NOT act on an 
equivalentLabels attribute unless that attribute is signed by an 
entity trusted to to translate the original eSSSecurityLabel values to 
to the security policy included in the equivalentLabels attribute."


4) Sec 3.4.2, 2nd para:  Recommend deleting: "If a message has more 
than one EquivalentLabels attribute, the receiving agent SHOULD 
process the first one that it reads and validates."


================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.   
www.jgvandyke.com         
================================









<Prev in Thread] Current Thread [Next in Thread>