John,
Here are the comments I have:
1) General comment: Since there are multiple techniques for
using the RSA
algorithm, please replace all occurrences of "RSA" with "RSA
(PKCS #1 v1.5)"
as appropriate.
I thought about recommending this change as well. The reason that I did not
was that the only reference in the document was to the v1.5. I could go
either way on this issue.
3) Section 1, para 3: Please change "Algorithm are be identified" to
"Algorithms can be identified".
I disagree with this change. The correct text is "are" as this is the only
way we are identifing these algorithms. If you think it should be "can",
please show another way that they can be identified.
6) Table 1, Symmetric KEK Wrap note: Please add this note to
immediately
follow the table: "Note 2: Only those CMS implementations
that support the
previously-distributed symmetric KEK or key agreement key management
techniques MUST implement the Triple-DES Key Wrap algorithm."
An alternate
solution is to change the table such that "Triple-DES Key
Wrap" is a SHOULD
implement requirement.
I disagree with the addition of this node. I don't think that the table is
where this should be specified. This type of text belongs with the
algorithm description.
7) Table 1: I believe that a row should be added to represent
key derivation
algorithms since the password-based key management technique
is documented
in the rfc2630bis-01 I-D. The
draft-ietf-smime-password-03.txt I-D includes
the PBKDF2 [RFC2898] key derivation algorithm as a MUST implement
requirement, so I recommend that the following row should be
added to Table
1:
Algorithm Type MUST implement SHOULD implement
-----------------------------------------------------------------
Key Derivation PBKDF2 [RFC2898] --
I agree that this item needs to be added, however the full PBKDF2 is not
what is currently specified by the document. The password algorithm
information should be added to this document and the MUST should reference
this document.
8) Table 1. Key Derivation Note: Please add this note to
immediately follow
the table: "Note 3: Only those CMS implementations that support the
password-based key management technique MUST implement the
PBKDF2 [RFC2898]
key derivation algorithm." An alternate solution would be to
change the
table to include the PBKDF2 [RFC2898] key derivation
algorithm as a SHOULD
implement requirement, but then it would not be consistent with the
draft-ietf-smime-password-03.txt I-D.
See my comment on item #6
9) Table 1, Message Authentication note: Please add this note to
immediately follow the table: "Note 3: Only those CMS
implementations that
support the AuthenticatedData content-type MUST implement the
HMAC with
SHA-1 algorithm."
See my comment on item #6
13) Section 4.3, 1rst para, 1rst sent: Please change MUST to
SHOULD in the
following sentence: "CMS implementations MUST support symmetric
key-encryption key management." I don't believe that the
S/MIME working
group has ever agreed that the previously-distributed
symmetric KEK key
management technique is a MUST implement requirement.
I strongly support the original text. This is a case where CMS and S/MIME
have different requirements and that is reflected in this text. CMS needs
to support KEK while S/MIME does not.
14) Section 4.3, 1rst para, 2nd sent: Please change the following:
OLD: "CMS implementations MUST include Triple-DES key-encryption keys
wrapping Triple-DES content-encryption keys."
NEW: "CMS implementations that support the
previously-distributed symmetric
KEK or key agreement key management techniques MUST include Triple-DES
key-encryption keys wrapping Triple-DES content-encryption keys."
See response to #13. If that does not change then this does not need to
change.
15) Section 4.4, Please add:
"4.4 Key Derivation Algorithms
Key derivation algorithms are used to convert a password into
a KEK as part
of the password-based key management technique. CMS
implementations that
support the password-based key management technique MUST implement the
PBKDF2 [RFC2898] key derivation algorithm. The
KeyDerivationAlgorithmIdentifer identifies the key-derivation
algorithm, and
any associated parameters, used to derive the KEK from the
user-supplied
password. The object identifier for the PBKDF2 [RFC2898] key
derivation
algorithm is TBD."
I agree that this needs to be included, however the text is more complicated
that this and needs to reflect the current state of the password document.
17) Section 7, 1rst paragraph: Please change the following:
OLD: "CMS implementations MUST include encryption of a Triple-DES
content-encryption key with a Triple-DES key-encryption key using the
algorithm specified in Sections 7.2 and 7.3."
NEW: "CMS implementations that support the
previously-distributed symmetric
KEK or key agreement key management techniques MUST include
encryption of a
Triple-DES content-encryption key with a Triple-DES
key-encryption key using
the algorithm specified in Sections 7.2 and 7.3."
Ditto for response #14
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================
jim