All,
I have the following comments to ESS-06:
1) Sec 1.3.4, 2nd para: Please make the following editorial change:
OLD: "CMS defines signedAttrs as a SET OF SignedAttributes and defines
unsignedAttributes as a SET OF UnsignedAttributes. ESS defines the
contentHints, contentIdentifier, eSSecurityLabel, msgSigDigest,
mlExpansionHistory and receiptRequest attribute types."
NEW: "CMS defines signedAttrs as a SET OF Attributes and defines
unsignedAttributes as a SET OF Attributes. ESS defines the
contentHints, contentIdentifier, eSSecurityLabel, msgSigDigest,
mlExpansionHistory, receiptRequest, contentReference and
equivalentLabels attribute types."
2) Sec 1.3.4, 5th para: Please make the following editorial change:
OLD: "Note that the inner and outer signatures are for different
senders, so that the same attribute in the two signatures could lead
to very different consequences."
NEW: "Note that the inner and outer signatures are usually for
different senders. The same attribute in the two signatures could
lead to very different consequences."
3) Sec 3.4, 2nd para: Please make the following change:
OLD: "Receiving agents will not process an equivalent label in a
message if the agent does not trust the signer of that attribute to
specify an equivalent security policy. Some receiving agents will not
process any equivalent labels at all, and will only process
eSSSecurityLabels. All receiving agents SHOULD recognize equivalent
labels even if they do not process them."
NEW: "Receiving agents MUST NOT process an equivalentLabels attribute
in a message if the agent does not trust the signer of that attribute
to translate the original eSSSecurityLabel values to the security
policy included in the equivalentLabels attribute. It is an optional
requirement for receiving agents to process equivalentLabels
attributes. It is acceptable for a receiving agent to only process
eSSSecurityLabels. All receiving agents SHOULD recognize
equivalentLabels attributes even if they do not process them."
4) Sec 3.4.1, 5th para: Please make the following editorial change:
OLD: "CMS defines signedAttributes as a SET OF SignedAttribute."
NEW: "CMS defines signedAttributes as a SET OF Attribute."
3) Sec 3.4.2, 2nd para: Please make the following change:
OLD: "A receiving agent MUST NOT act on an EquivalentLabels attribute
for which the signature could not be validated, and MUST NOT act on an
EquivalentLabels attribute unless that attribute is signed by an
entity trusted to add or change access policies."
NEW: "A receiving agent MUST NOT act on an equivalentLabels attribute
for which the signature could not be validated, and MUST NOT act on an
equivalentLabels attribute unless that attribute is signed by an
entity trusted to to translate the original eSSSecurityLabel values to
to the security policy included in the equivalentLabels attribute."
4) Sec 3.4.2, 2nd para: Recommend deleting: "If a message has more
than one EquivalentLabels attribute, the receiving agent SHOULD
process the first one that it reads and validates."
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================