ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SV: I-D ACTION:draft-ietf-smime-x400wrap-00.txt

2000-11-14 04:12:13
from [Anders Eggen] [Permanent Link] 
Graeme,


Here are some comments on the following draft:
      Title           : Securing X.400 Content with S/MIME
They relate to section 3.2.

The use of the terms "signedData Element", "signedData object" and 
"signedData structure" seems a little confusing. As I read it:

"signedData element" is the encapContentInfo(EncapsulatedContentInfo) 
field within "SignedData"

"signedData structure" is the complete SignedData SEQUENCE

and

"signedData object" is the the ContentInfo SEQUENCE, with a
contentType of id-signedData, containing the SignedData SEQUENCE

If this is indeed correct, then the last sentence of para 2. should 
be made the first sentence of para 1. This would more closely follow
the line of processing, and indicate the use of only one optional 
MIME encoding, the transport.



Which raises .............


        A similar set of comments apply to section 3.3

        Graeme


I understand that this may seem a little confusing. To make this clearer
throughout the chapter, I propose that we do the following (underlined)
changes:


*       The first paragraph of section 3.2 should be:
        "The SignedData format as described in the ......"

*       The second paragraph of section 3.2 should be:
        "The protected X.400 content MUST then be placed in the SignedData
encapContentInfo eContent field. Note that this X.400 content SHOULD be
ASN.1 encoded, but SHOULD NOT be MIME wrapped. The object identifier for the
content type of the protected X.400 content MUST be placed in the SignedData
encapContentInfo eContentType field.  The resulting signedData object MAY
optionally be wrapped in a MIME encoding."

*       The third paragraph of section 3.2 should be:
        "The signedData object is encapsulated by a ........"

*       The step 2 in section 3.2.1. shoul be:
        "Step 2. The ASN.1 encoded X.400 content and other required data is
        processed into a CMS object of type SignedData."

*       The second paragraph of section 3.3 should be:
        "The EnvelopedData format as described in the............." 

*       The third paragraph of section 3.3 should be:
        "The protected X.400 content MUST be placed in the EnvelopedData
encryptedContentInfo encryptedContent field. Note that this X.400 content
should be ASN.1 encoded, but should not be MIME wrapped. The object
identifier for content type of the protected X.400 content MUST be placed in
the EnvelopedData encryptedContentInfo contentType field. The resulting
envelopedData object MAY optionally be wrapped in a MIME encoding.

*       The fouth paragraph of section 3.3 should be:
        "The envelopedData object is encapsulated by ......."

*       The first sentence of step 2 in section 3.3.1 shoul be:
        "The ASN.1 encoded X.400 content and other required data is
processed into a CMS object of type EnvelopedData.

*       The steps of the tripple wrapping in section 3.4.1 should be written
as; step 1, step 2 ..., and not just marked with numbers.

*       The first sentence of step 2 in section 3.4.1 shoul be:
        "Step 2. Place the protected ASN.1 encoded X.400 content in the
SignedData encapContentInfo eContent field.



Anders Eggen






-----Opprinnelig melding-----
Fra:  Graeme Lunt [SMTP:g(_dot_)lunt(_at_)nexor(_dot_)co(_dot_)uk]
Sendt:        Friday, November 10, 2000 9:31 AM
Til:  ietf-smime(_at_)imc(_dot_)org
Kopi: 'j(_dot_)onions(_at_)nexor(_dot_)co(_dot_)uk'
Emne: RE: I-D ACTION:draft-ietf-smime-x400wrap-00.txt

Hi,

Here are some comments on the following draft:

    Title           : Securing X.400 Content with S/MIME


They relate to section 3.2.

The use of the terms "signedData Element", "signedData object" and 
"signedData structure" seems a little confusing. As I read it:

"signedData element" is the encapContentInfo(EncapsulatedContentInfo) 
field within "SignedData"

"signedData structure" is the complete SignedData SEQUENCE

and

"signedData object" is the the ContentInfo SEQUENCE, with a
contentType of id-signedData, containing the SignedData SEQUENCE

If this is indeed correct, then the last sentence of para 2. should 
be made the first sentence of para 1. This would more closely follow
the line of processing, and indicate the use of only one optional 
MIME encoding, the transport.

Which raises another other point. In para 2, it states that:
"X.400 content SHOULD be ASN.1 encoded" (and consequently MUST NOT be
MIME wrapped). Surely this should be "MUST be ASN.1 encoded", 
especially given that the "content type of the protected X.400 content
MUST be placed in the eContentType field". (The use of "SHOULD" is 
also somewhat at variance with step 1 in 3.4.1 which mandates ASN.1
encoding for triple-wrapped messages).

For example, if I find an eContentType of "2.6.1.10.1" (P22), I would
expect the content to be ASN.1 encoded.
Is there a reason why you would want to allow a different encoding of
the X.400 content prior to protection, or is this just a typo?

(In para 2, 3rd sentence you should add a "the", so as to read:
"The object identifier for the content type ...")

A similar set of comments apply to section 3.3

Graeme
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: draft-ietf-smime-idea-08.txt, Teiwes, Stephan (iT_SEC)
Next by Date:  I-D ACTION:draft-ietf-smime-idea-08.txt, Internet-Drafts
Previous by Thread:  Re: I-D ACTION:draft-ietf-smime-x400wrap-00.txt, Bonatti, Chris
Next by Thread:  RE: I-D ACTION:draft-ietf-smime-x400wrap-00.txt, Graeme Lunt
Indexes:  [Date] [Thread] [Top] [All Lists]