ietf-smime
[Top] [All Lists]

RE: WG Last Call:draft-ietf-smime-rcek-01.txt

2001-02-25 16:14:29


First - I assume that the last call is not going to be closed on the 26th
because a new version of the document needs to be issued with some fixes in
it.

Changes that I think need to be addressed before advancement.

1.  I would like to see a section added to section 2 to describe why this
"trick" is being used rather than just establishing a short-term kek value
which is used for a time period and then tossed.  I.e. When do you use this
trick and when do you establish a multi-use kek value.

2.  Please add a paragraph to the security section area about the fact that
byte reversal may not be a good idea if the algorithm does a parity type
check over a larger than byte block. I.e. describe why the bit-wise
flip-flop was a "bad" idea.

3.  Section 3, Note 2.  Please change the text from "can occur in any of
the" to "can occur with any of the".  The attribute cannot occur inside of
any ReceipientInfo object as it is an unathenticated attribute.

4.  Section 3.  id-reck-attrs has a TBD.

5.  Section 3.  What is the default value of CEKMaxDecrypts if it is not
present.

6.  Section 4.  First, the CE algorithm and the KE algorithm are never "the
same" in some sense.  id-alg-CMS3DESwrap and des-ede3-cbc are different in a
number of significant ways.  Please change the text.  I would suggest
something along "If the CE algorithm and KE algorithm use the same key
material...".  I have problems with even this because of the question of a
CEK of 128-bit RC2 and a KEK of 40-bit RC2 in which case it is not clear
that this is the algorithm one should be using.

The best overall approach might be to say that if the KEK is A and the CEK
is B then you use the byte-reveral method and just the list ones that
"match" in impedance.

7.  Remove appendix B.

8.  Appendix A. Missing module number

9.  Appendix A.  --<<IMPLICIT??>>-- should be removed or fixed

10.  id-reck-attrs is TDB

12.  Please add comments to the effect of what goes into each of the fields
and that there is an association between the pairs as OID attribute value.

jim