Russ,
Thank you for your responses to my comments. I agree with all of your
responses except that I have the following comments:
1) Section 4.1, 2nd para: Please change the following to be consistent with
Table 1:
OLD: "CMS implementations MUST include Triple-DES wrapping of Triple-DES
content-encryption keys and RC2 wrapping of RC2 content-encryption keys."
NEW: "CMS implementations MUST include Triple-DES wrapping of Triple-DES
content-encryption keys and SHOULD include RC2 wrapping of RC2
content-encryption keys."
2) Recommend the following change in your recommended text for section 4.4
as follows:
OLD: Key derivation algorithms identifiers are...
NEW: Key derivation algorithm identifiers are...
3) Recommend the following change in your recommended text for section 4.4
as follows:
OLD: The content-encryption keys encrypted with password-derived
key-encryption keys are located in the EnvelopedData RecipientInfos
PasswordRecipientInfo encryptedKey field. The message-authentication keys
encrypted with password-derived key-encryption keys are located in the
AuthenticatedData RecipientInfos PasswordRecipientInfo encryptedKey field.
NEW: The content-encryption key encrypted with the password-derived
key-encryption key is located in the EnvelopedData RecipientInfos
PasswordRecipientInfo encryptedKey field. The message-authentication key
encrypted with the password-derived key-encryption key is located in the
AuthenticatedData RecipientInfos PasswordRecipientInfo encryptedKey field.
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================