All,
I believe that the KEKRecpientInfo KEKIdentifier should not be optional.
The recipient always needs to have a means of identifying which KEK to use
to process the received message.
- John Pawling
At 05:17 PM 1/29/99 -0500, Russ Housley wrote:
What do others think?
I am unwilling to make it optional without a change to MSG that mandates it
for S/MIME.
Russ
At 08:58 AM 1/29/99 -0800, EKR wrote:
pgut001(_at_)cs(_dot_)aucKland(_dot_)ac(_dot_)nz (Peter Gutmann) writes:
almost never be used in the way you've described. PGP has worked just fine
for 8 years without a KEKIdentifier, so I don't see why CMS needs to
make it
mandatory. All you need to do is use "kekid [ 0 ] KEKIdentifier OPTIONAL"
and
you can let the users decide whether it really is essential or not - I'm
not
asking that it be removed, simply that it be made optional so you can
leave it
out where there's nothing to put in a KEKIdentifier.
I've got to go with Peter here. While I think that for messaging,
the index is more useful, I don't see any harm in making it optional.
We can always make MSG require it.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]