ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Comments on MSG spec

1998-11-23 06:03:53
from [Al Arsenault] [Permanent Link] 
At 03:44 PM 11/20/98 -0800, Blake Ramsdell wrote:

<snip>
By the way, I think that the 3DES reference sucks (a 1979 IEEE Spectrum
article?).  Any suggestions?



The IEEE Spectrum article is usually cited to give Tuchman credit for the
work; I think it's the first published description of 3DES.  (Schneier uses
that reference, too.) However, if you're looking for something better, Ford
& Baum cite ANSI X9.52, "Triple Data Encryption Algorithm Modes of
Operation", 1997.  I had thought that X9.17 covered it, too, but I can't
find my copy of X9.17 at this moment.  The ANSI refs are probably better
than Tuchman, in that they give you a single place that describes both DES
and 3DES.




        4. Section 2.6, second sentence:  This is rough 
wording.  What do you
mena by "RC2 ... or a compatible algorithm"?  Which 
algorithms are "compatible"
with RC2?


I believe that the theory here is that RC2 is or was a trademark of RSADSI,
and so use of that trademark (that little (r) in the title of RFC2268)
seemed to indicate that "if you had another algorithm with a different name
that behaved exactly the same way, you'd be free and clear from any
potential IP concerns using RC2 in box copy, etc."



Now that I remember what this is all about, I'd like to agree with Paul's
suggestion:  kill the "or a compatible algorithm" stuff.

<snip>





        6.  Section 3.1, last paragraph before 3.1.1:  this 
paragraph is out of
place.  It belongs in Section 4, if it's not already covered there.


I agree with Paul's comments here.



The problem I had was that 3.1 talks about preparing a message.  Three
steps are listed (preparing the MIME entity, canonicalization, applying
transfer encoding), none of which deals with applying security services.
Out of nowhere comes a paragraph that says a receiving agent first
processes the security services, then ...  It just didn't seem to flow.
I'm not willing to argue about it any more, though; it's not that big a deal.


                                        Al Arsenault

-- these are my opinions only. They do not necessarily reflect the 
opinions of my employer, or of any other organization with which I have a 
relationship.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ssl-users] Client Certificates in Communicator 4.5, Dr Stephen Henson
Next by Date:  Re: RecipientInfo vs SignerInfo key identification, Russ Housley
Previous by Thread:  RE: Comments on MSG spec, Blake Ramsdell
Next by Thread:  RE: Comments on MSG spec, Blake Ramsdell
Indexes:  [Date] [Thread] [Top] [All Lists]