Steve & Jim:
15. Section 12.6.2 - You have not modified the key wrap algorithm
to allow
for arbitrary length RC2 key sources.
Are you suggesting an explicit length field or something else?
We need to either put in an explicit length field or use a known padding
algorithm. I have no perference on which is used but something along this
lines is absolutely required.
Speaking personally I'd prefer known padding. Known padding at least
adds some consistency with the use of symmetric algorithms:
they all use the "padded" forms.
If an explicit length parameter is included the logical place to put it
is in the EncryptedContentInfo structure because its a property of the
content encryption key. You'd probably then have to make it OPTIONAL for
v2 compatability only include it when at least one recipient used key
agreement.
If I was to put it some place I would put it into the encrypted content to
make for minimual changes from now.
Why not replace random padding with the technique specified in 6.3? I do
not see any advantage to the random block prior to the 6.3 padding.
I am going to change the text for CMS-10 this way. Anyone object?
Russ