Russ;
Thanks for the comments.
----------
From: Russ Housley[SMTP:housley(_at_)spyrus(_dot_)com]
Sent: Tuesday, November 16, 1999 8:35 PM
To: robert(_dot_)zuccherato(_at_)entrust(_dot_)com
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Working Group Last Call:
draft-ietf-smime-small-subgroup-02.txt
1. Section 1.2, 3rd paragraph: Please explain "r<<q". This is the only
use of the "<<" symbol.
I will change "r<<q" to "r is much less than q". This should be more
explanatory/helpful.
2. Section 2.2, 2nd paragraph: Please explain that any protocol event
that
allows the attacker to conclude that decryption was successful is also
relevant. Such events include replies and returning signed receipts.
How about if I add the following to the 3rd paragraph? "In particular,
protection is required if any protocol event allows any other party to
conclude that decryption was successful. Such events include replies and
returning signed receipts."
3. Section 2.2, 3rd paragraph: Please remove the extra space after
"party".
Okay.
4. Section 4, 4th paragraph: Any integrity protection for the public keys
(not just signatures), will thwart the attack. Please expand the text to
cover any integrity mechanism.
How about if I change the first sentence to read: "Protection from these
attacks is not required however if the other party's ephemeral public key
has been authenticated by the other party. The authentication may be in the
form of a signature, MAC, or any other integrity protection mechanism."
5. Section 7: Please update the [CMS], [MSG], and [x942] references to
point to the RFCs.
Of course.
Robert.