ietf-smime
[Top] [All Lists]

RE: Last Call: Use of the CAST-128 Encryption Algorithm in CMS to Proposed Standard

2000-06-20 07:20:02
Hi Blake,

Good to hear from you again!

----------
From:         Blake 
Ramsdell[SMTP:blake(_dot_)ramsdell(_at_)tumbleweed(_dot_)com]
Sent:         Monday, June 19, 2000 4:14 PM
To:   'ietf-smime(_at_)imc(_dot_)org'
Subject:      RE: Last Call: Use of the CAST-128 Encryption Algorithm in
CMS to Proposed Standard

Two comments, don't know if they're major.

1. Section 3 does not list an SMIMECapability for key wrapping using IDEA,
only for symmetric encryption.  Don't know if that was intended.
 
I suspect that you mean "CAST-128" above, rather than "IDEA"...

In any case, I originally had both OIDs here (symm. encryption and key
wrapping), but in a note posted on Nov. 18, 1999, Jim Schaad included the
following comment:

"2.  Section 3 Para 1.  You state that you must include the above OIDs in
the symmetric algorithms section of capabilities, but only one of the oids
is a symmetric algorithm.  At the
current time we are "implying" the key wrap from the symmetric algorithm as
only same key wrap is supported in CMS.  Please change to the correct OID
reference."

So, I took out the key wrap OID and left only the one for symmetric
encryption.

2. I think that the example in section 3 should clarify that the
cast5CBCParameters are encoded with the iv omitted.
 
I guess it seemed clear to me that if you were only advertising your
capabilities (in this case, symmetric algorithm and key length), an IV would
be irrelevant and would therefore be omitted.  If you wish, however, I can
add a sentence to this effect when the document has been approved and I get
the 1-day window to send any tiny edits to the RFC editor.  Let me know if
you really think this is necessary.

Thanks for taking the time to look through this draft!

Carlisle.