John:
25) Section 6.2.1, para "rid": Please change "support one at least of these
alternatives." to "support at least one of these alternatives."
Done.
29) Section 6.3, para 2: You want to preserve the following sentence: "The
input to the content-encryption process is the "value" of the content being
enveloped." In my opinion, this sentence is not needed and is confusing.
For example, when encrypting an ASN.1 encoded content, an implementer might
interpret this statement to mean that the tag and length octets of the ASN.1
encoded content should not be encrypted. I still believe that the first
paragraph is fine (as is included in draft-ietf-smime-rfc2630bis-01) and
that the second paragraph should be deleted.
Here is the text that I have in the yet-to-be-published -02 draft.
6.3 Content-encryption Process
The content-encryption key for the desired content-encryption
algorithm is randomly generated. The input to the content-encryption
process is the "value" of the content being enveloped. This input
data is padded as described below, then the padded data is encrypted
using the content-encryption key. The encryption operation maps an
arbitrary string of octets (the data) to another string of octets
(the ciphertext) under control of a content-encryption key. The
encrypted data is included in the envelopedData encryptedContentInfo
encryptedContent OCTET STRING.
Some content-encryption algorithms assume the input length is a
multiple of k octets, where k is greater than one. For such
algorithms, the input shall be padded at the trailing end with
k-(lth mod k) octets all having value k-(lth mod k), where lth is
the length of the input. In other words, the input is padded at
the trailing end with one of the following strings:
01 -- if lth mod k = k-1
02 02 -- if lth mod k = k-2
.
.
.
k k ... k k -- if lth mod k = 0
The padding can be removed unambiguously since all input is padded,
including input values that are already a multiple of the block size,
and no padding string is a suffix of another. This padding method is
well defined if and only if k is less than 256.
Are you happy with this text? If not, I suspect your concerns are in the
1st paragraph, not the 2nd one.
36) countersignatures: Also, please change Section 5.4, para 2, as follows:
OLD: "The content type attribute is not required when used as part of a
countersignature unsigned attribute as defined in section 11.4."
NEW: "The content-type attribute MUST NOT be used as part of a
countersignature unsigned attribute as defined in section 11.4."
Done.
Russ