ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Comments on MSG spec

1998-11-20 16:40:39
from [Blake Ramsdell] [Permanent Link] 
-----Original Message-----
From: Al Arsenault [mailto:aarsenault(_at_)spyrus(_dot_)com]
Sent: Friday, November 20, 1998 8:22 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Comments on MSG spec

        1.  Section 2.5.3, the first paragraph is pretty 
rough reading. 
Recommend that the last two sentences be changed to something like:
This attribute tells the receiver which of the sender's 
certificates should be
used for encrypting the session key when the receiver later 
wants to send an
encrypted message to the sender.  This attribute simplifies 
interoperability
among clients that use separate keys for signing and encryption.


Agree.


        2.  Section 2.5.3, last paragraph:  Second sentence 
(the one in
parentheses):  change "to" to "too".  Third sentence, change 
"senders" to
"sender's".


Agree.


        3.  Section 2.6, first sentence:  Is the reference to 
[DES] dangling? 
It would seem that one reference to tripleDES would be sufficient.


Not dangling -- [DES] tells you how to implement DES, [3DES] tells you how
to implement triple-DES, but not DES.

By the way, I think that the 3DES reference sucks (a 1979 IEEE Spectrum
article?).  Any suggestions?


        4. Section 2.6, second sentence:  This is rough 
wording.  What do you
mena by "RC2 ... or a compatible algorithm"?  Which 
algorithms are "compatible"
with RC2?


I believe that the theory here is that RC2 is or was a trademark of RSADSI,
and so use of that trademark (that little (r) in the title of RFC2268)
seemed to indicate that "if you had another algorithm with a different name
that behaved exactly the same way, you'd be free and clear from any
potential IP concerns using RC2 in box copy, etc."


        5.  Section 2.6.3 is essentially repeated in the Security
Considerations
section.  It's better there, anyway; I recommend deleting 2.6.3.


I agree with Paul's comments here.  Can't complain too much about this.



        6.  Section 3.1, last paragraph before 3.1.1:  this 
paragraph is out of
place.  It belongs in Section 4, if it's not already covered there.


I agree with Paul's comments here.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Comment on draft-ietf-cert-05.txt, Blake Ramsdell
Next by Date:  More X942-03 Comments, Jim Schaad (Exchange)
Previous by Thread:  Re: Comments on MSG spec, Paul Hoffman / IMC
Next by Thread:  RE: Comments on MSG spec, Al Arsenault
Indexes:  [Date] [Thread] [Top] [All Lists]