At 03:44 PM 11/20/98 -0800, Blake Ramsdell wrote:
<snip>
By the way, I think that the 3DES reference sucks (a 1979 IEEE Spectrum
article?). Any suggestions?
The IEEE Spectrum article is usually cited to give Tuchman credit for the
work; I think it's the first published description of 3DES. (Schneier uses
that reference, too.) However, if you're looking for something better, Ford
& Baum cite ANSI X9.52, "Triple Data Encryption Algorithm Modes of
Operation", 1997. I had thought that X9.17 covered it, too, but I can't
find my copy of X9.17 at this moment. The ANSI refs are probably better
than Tuchman, in that they give you a single place that describes both DES
and 3DES.
4. Section 2.6, second sentence: This is rough
wording. What do you
mena by "RC2 ... or a compatible algorithm"? Which
algorithms are "compatible"
with RC2?
I believe that the theory here is that RC2 is or was a trademark of RSADSI,
and so use of that trademark (that little (r) in the title of RFC2268)
seemed to indicate that "if you had another algorithm with a different name
that behaved exactly the same way, you'd be free and clear from any
potential IP concerns using RC2 in box copy, etc."
Now that I remember what this is all about, I'd like to agree with Paul's
suggestion: kill the "or a compatible algorithm" stuff.
<snip>
6. Section 3.1, last paragraph before 3.1.1: this
paragraph is out of
place. It belongs in Section 4, if it's not already covered there.
I agree with Paul's comments here.
The problem I had was that 3.1 talks about preparing a message. Three
steps are listed (preparing the MIME entity, canonicalization, applying
transfer encoding), none of which deals with applying security services.
Out of nowhere comes a paragraph that says a receiving agent first
processes the security services, then ... It just didn't seem to flow.
I'm not willing to argue about it any more, though; it's not that big a deal.
Al Arsenault
-- these are my opinions only. They do not necessarily reflect the
opinions of my employer, or of any other organization with which I have a
relationship.