All,
In my opinion, Russ has done an outstanding job of producing the
draft-ietf-smime-cmsalg-00.txt Internet-Draft. I agree with the vast
majority of the document. I have comments as follows:
1) General comment: Since there are multiple techniques for using the RSA
algorithm, please replace all occurrences of "RSA" with "RSA (PKCS #1 v1.5)"
as appropriate.
2) Section 1, para 2: Please change "implantations" to "implementations".
3) Section 1, para 3: Please change "Algorithm are be identified" to
"Algorithms can be identified".
4) Section 1, para 3: Please change:
OLD: "The algorithm identifiers for each algorithm are specified"
NEW: "The algorithm identifier for each algorithm is specified"
5) Table 1, title: Please change "Implantation" to "Implementation".
6) Table 1, Symmetric KEK Wrap note: Please add this note to immediately
follow the table: "Note 2: Only those CMS implementations that support the
previously-distributed symmetric KEK or key agreement key management
techniques MUST implement the Triple-DES Key Wrap algorithm." An alternate
solution is to change the table such that "Triple-DES Key Wrap" is a SHOULD
implement requirement.
7) Table 1: I believe that a row should be added to represent key derivation
algorithms since the password-based key management technique is documented
in the rfc2630bis-01 I-D. The draft-ietf-smime-password-03.txt I-D includes
the PBKDF2 [RFC2898] key derivation algorithm as a MUST implement
requirement, so I recommend that the following row should be added to Table
1:
Algorithm Type MUST implement SHOULD implement
-----------------------------------------------------------------
Key Derivation PBKDF2 [RFC2898] --
8) Table 1. Key Derivation Note: Please add this note to immediately follow
the table: "Note 3: Only those CMS implementations that support the
password-based key management technique MUST implement the PBKDF2 [RFC2898]
key derivation algorithm." An alternate solution would be to change the
table to include the PBKDF2 [RFC2898] key derivation algorithm as a SHOULD
implement requirement, but then it would not be consistent with the
draft-ietf-smime-password-03.txt I-D.
9) Table 1, Message Authentication note: Please add this note to
immediately follow the table: "Note 3: Only those CMS implementations that
support the AuthenticatedData content-type MUST implement the HMAC with
SHA-1 algorithm."
10) Section 2, intro, 3rd para: Please replace:
OLD: "Digest values are located in the DigestedData digest field, and digest
values are located in the Message Digest authenticated attribute."
NEW: "Digest values are located in the DigestedData digest field and Message
Digest attribute."
11) Section 4, intro: Please change as follows:
OLD: "CMS accommodates three general key management techniques: key
agreement, key transport, and previously distributed symmetric
key-encryption keys."
NEW: "CMS accommodates the following general key management techniques: key
agreement, key transport, previously distributed symmetric key-encryption
keys, and passwords."
12) Section 4.1, 2nd para: Please change the following:
OLD: "CMS implementations MUST include Triple-DES wrapping of Triple-DES
content-encryption keys and RC2 wrapping of RC2 content-encryption keys."
NEW: "CMS implementations that support the key agreement key management
technique MUST implement Triple-DES wrapping of Triple-DES
content-encryption keys and SHOULD implement RC2 wrapping of RC2
content-encryption keys."
13) Section 4.3, 1rst para, 1rst sent: Please change MUST to SHOULD in the
following sentence: "CMS implementations MUST support symmetric
key-encryption key management." I don't believe that the S/MIME working
group has ever agreed that the previously-distributed symmetric KEK key
management technique is a MUST implement requirement.
14) Section 4.3, 1rst para, 2nd sent: Please change the following:
OLD: "CMS implementations MUST include Triple-DES key-encryption keys
wrapping Triple-DES content-encryption keys."
NEW: "CMS implementations that support the previously-distributed symmetric
KEK or key agreement key management techniques MUST include Triple-DES
key-encryption keys wrapping Triple-DES content-encryption keys."
15) Section 4.4, Please add:
"4.4 Key Derivation Algorithms
Key derivation algorithms are used to convert a password into a KEK as part
of the password-based key management technique. CMS implementations that
support the password-based key management technique MUST implement the
PBKDF2 [RFC2898] key derivation algorithm. The
KeyDerivationAlgorithmIdentifer identifies the key-derivation algorithm, and
any associated parameters, used to derive the KEK from the user-supplied
password. The object identifier for the PBKDF2 [RFC2898] key derivation
algorithm is TBD."
16) Section 5, 1rst para: Please change "MS" to "CMS" in the following: "MS
implementations SHOULD support Two-Key Triple-DES in CBC mode."
17) Section 7, 1rst paragraph: Please change the following:
OLD: "CMS implementations MUST include encryption of a Triple-DES
content-encryption key with a Triple-DES key-encryption key using the
algorithm specified in Sections 7.2 and 7.3."
NEW: "CMS implementations that support the previously-distributed symmetric
KEK or key agreement key management techniques MUST include encryption of a
Triple-DES content-encryption key with a Triple-DES key-encryption key using
the algorithm specified in Sections 7.2 and 7.3."
18) Section 7.2, bullet 2: Please change "Section 12.6.1" to "Section 7.1".
19) Section 7.3, bullet 7: Please change "Section 12.6.1" to "Section 7.1".
20) Section 7.4, bullet 4: Please change "Section 12.6.1" to "Section 7.1".
21) Section 7.5, bullet 7: Please change "Section 12.6.1" to "Section 7.1".
22) Security Considerations: Please delete the countersignature section
because it is much more applicable to the rfc2630bis-01 I-D.
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================