ietf-smime
[Top] [All Lists]

Re: WG Last Call:draft-ietf-smime-rcek-01.txt

2001-02-19 03:11:52

Hi Russ,

William suggests byte reversal instead, which seems ok from both 
perspectives.

Okay.  So, since bitwise-NOT and bit-reversal both have shortcomings, what
are you going to use as the mandatory to implement transform?

Byte reversal, i.e. MSG2.KEK=byte-reverse(MSG1.CEK). If MSG1.CEK has N
bytes, then treated as 'C' arrays, MSG2.KEK[i] = MSG1.CEK[N-i].

2.  The document defines three related attributes.  It does not tell the
implementor how to deal with the situation where some (but not all) of the
attributes are implemented.
[...]
All in all, I disagreee that the implementer is left in limbo, but can add
text like the above if that helps.

I would like to see the text.

How about a new section 5:

"5. Conformance.

This specification only applies to messages where the CEKReference
attribute is present. All attributes specified here SHOULD be ignored unless 
they are present in a message containing a valid, new or recognised, existing 
value of CEKReference. The CEKMaxDecrypts attribute is to be treated by the 
recipient as a hint, but MUST be honored by the originator. 

The optional to implement KEKDerivationAlgorithm attribute MUST only be present 
when MSG1.content-encryption-algorithm differs from 
MSG2.key-encryption-algorithm, 
in which case it MUST be present. Implementations which recognize this
attribute, but do not support the functionality SHOULD ignore the attribute.

Ignoring attributes as discussed above, will lead to decryption failures.
CMS implementations SHOULD be able to signal the particular reason for this
failure to the calling application."

I agree that this is a matter of taste.  I guess that I would like to hear
from implementors to resolve this one.

Agreed. I think its fair to assume that silence here is concensus not to
change the text? 

Cheers,
Stephen.

-- 
____________________________________________________________
Stephen Farrell                                            
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen(_dot_)farrell(_at_)baltimore(_dot_)ie
Ireland                             http://www.baltimore.com