Hi Simon,
I had a quick look over this latest Internet Draft (ID) on how to use
Elliptic Curve Cryptography (ECC) public-key algorithms in the Cryptographic
Message Syntax (CMS) and came up with the following technical and editorial
comments:
a. Sections 1, 3.2, 4.1 and 8.2, it is not clear why only the ECMQV key
agreement algorithm is supported with AuthenticatedData and not also the
ECDH key agreement algorithm. Although ECMQV is comparable to KEA, which
can also be used with AuthenticatedData, ECDH is the analog to the X9.42
Diffie-Hellman key agreement algorithm specified in RFC 2630 and is the
default algorithm with AuthenticatedData.
b. Section 1.1, although this section lists the key words used in this ID
as per RFC 2119, they are in reality used quite sparsely throughout this ID.
c. Section 2.1.1, the reference to Section 7.2 for the ECDSA-Sig-Value is
incorrect.
d. Sections 2.1.2 and 2.1.3, there seems to be some confusion as to whether
the message digest is a bit string, an octet string or an integer.
According to ANSI X9.30 Part 2, FIPS 180-1 and a 1999 draft revision of ANSI
X9.62, which is only available on the ANSI X9F1 web site, the message digest
is a bit string. However, according to this ID and the SECG SEC1 standard,
the message digest is an octet string. Finally, according to the approved
ANSI X9.62:1988 standard, the message digest magically becomes the integer
"e". Which one is correct?
e. Sections 2.1.2 and 2.1.3, the ID should explain why it is making these
exceptions from the ANSI X9.62 standard with the integer "e".
f. Section 2.1.2, the last sentence should be referring to Section 8.2 when
mentioning the ECDSA-Sig-Value syntax.
g. Section 2.1.3, it is the integer "e'" and not "e" that is mentioned in
Section 5.4.1 of ANSI X9.62.
h. Section 3.1.1, the last sentence of the second paragraph should indicate
that the ECPoint represents the sending agent's ephemeral EC public key.
i. Section 3.1.1, the reference to Section 7.1 for the
dhSinglePass-stdDH-sha1kdf-scheme object identifier is incorrect.
j. Sections 3.1.3 and 3.2.3 should both indicate that the "SharedData" is
the DER encoding of ECC-CMS-SharedInfo from Section 8.2 similarly to
Sections 3.1.2 and 3.2.2.
k. Section 3.2.1, it is not clear why the version is mentioned in this case
and not under Section 3.1.1 since the value of 3 for the version is not
different than CMS when using the KeyAgreeRecipientInfo.
l. Section 3.2.1, you should be referring to Section 8.2 when mentioning
the ECPoint that represents the sending agent's ephemeral EC public key.
m. Section 5, why do you not refer to SEC2 instead of SEC3 when
recommending elliptic curve domain parameters?
n. Section 7, as per other RFCs (e.g. RFC 2876 (KEA), RFC 2984 (CAST), RFC
3058 (IDEA)), it would be very useful to include some specific DER encoding
of the SMIMECapability (e.g. ECDSA, ECDH with Triple DES wrapping).
o. Section 8.2, when referring to ANSI X9.63 key derivation function in the
last paragraph, the ID should also be referring to the appropriate section
of X9.63 that specifies this key derivation function (i.e. Section 5.6.3).
p. Section 9, although ANSI X9.62 was approved in January 1999, the
official date for referring to this standard is still 1998.
q. Section 9, according to the SECG web site, SEC3 is still a draft
standard and has not yet been approved.
Please feel free to contact me if you have any question on these comments.
Cheers,
Francois
___________________________________
Francois Rousseau
Director of Standards and Conformance
Chrysalis-ITS
One Chrysalis Way
Ottawa, Ontario, CANADA, K2G 6P9
frousseau(_at_)chrysalis-its(_dot_)com Tel. (613) 723-5076 ext. 3419
http://www.chrysalis-its.com Fax. (613) 723-5078
-----Original Message-----
From: Internet-Drafts(_at_)ietf(_dot_)org
[mailto:Internet-Drafts(_at_)ietf(_dot_)org]
Sent: Wednesday, March 07, 2001 07:47
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: I-D ACTION:draft-ietf-smime-ecc-03.txt
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the S/MIME Mail Security Working Group of the
IETF.
Title : Use of ECC Algorithms in CMS
Author(s) : D. Brown, S. Blake-Wilson, P. Lambert
Filename : draft-ietf-smime-ecc-03.txt
Pages : 15
Date : 06-Mar-01
This document describes how to use Elliptic Curve Cryptography
(ECC) public-key algorithms in the Cryptographic Message Syntax
(CMS). The ECC algorithms support the creation of digital
signatures and the exchange of keys to encrypt or authenticate
content. The definition of the algorithm processing is based on
the ANSI X9.62 standard and the ANSI X9.63 draft, developed by the
ANSI X9F1 working group.