I agree it could be optional in CMS. But it should be mandated either in
MSG, or it may be better mandated in ESS. For example, ESS could mandate
that the KEKIdentifier must be present when secure mailing lists are used.
Regards
John Ross
-----Original Message-----
From: Russ Housley <housley(_at_)spyrus(_dot_)com>
To: EKR <ekr(_at_)rtfm(_dot_)com>
Cc: pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz
<pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz>;
ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Friday, January 29, 1999 2:36 PM
Subject: Re: KEKRecpientInfo KEKIdentifier
What do others think?
I am unwilling to make it optional without a change to MSG that mandates it
for S/MIME.
Russ
At 08:58 AM 1/29/99 -0800, EKR wrote:
pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz (Peter Gutmann) writes:
almost never be used in the way you've described. PGP has worked just
fine
for 8 years without a KEKIdentifier, so I don't see why CMS needs to
make it
mandatory. All you need to do is use "kekid [ 0 ] KEKIdentifier
OPTIONAL"
and
you can let the users decide whether it really is essential or not - I'm
not
asking that it be removed, simply that it be made optional so you can
leave it
out where there's nothing to put in a KEKIdentifier.
I've got to go with Peter here. While I think that for messaging,
the index is more useful, I don't see any harm in making it optional.
We can always make MSG require it.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]