Paul,
Here are my thoughts in return.
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Paul
Hoffman / IMC
Sent: Monday, August 20, 2001 9:16 AM
To: jimsch(_at_)exmsft(_dot_)com; 'Housley, Russ'; ietf-smime(_at_)imc(_dot_)org
Subject: RE: WG Last Call: cmsalg
A few notes on Jim's comments.
At 10:39 PM -0700 8/19/01, Jim Schaad wrote:
1. Introduction: CMSALG cannot have a protocol requirement on CMS.
Please
lowercase MAY statements in the first paragraph of the introduction.
Disagree. The "MAY" vs "may" here indicates references into this
document, not external documents. By using "MAY", this is made
clearer.
[JLS] Given what the statements actually say, I don't think that a
protocol based MAY is very appropriate. You MAY do this. You MAY do
other things also. I would not have the first idea of how to write a
test case for this as a protocol statement. While I understand that
MAYs do not have to be tested, if you were to test this statement how
would you go about doing so.
3. Section 3.2: The paragraph "CMS implentations that support ..."
should
be removed. This is a protocol statement on CMS not CMSALGs.
Disagree. This paragraph shows a linkage between RSA and SHA-1, which
is perfectly reasonable.
[JLS] I would agree with a statement that says. "Implementations of RSA
(PKCS #1 v1.5) signature algorithm MUST implement the SHA-1 message
digest algorithm."
8. Section 4.4, Para 2: This contains a MUST on CMS. It needs to be
removed.
Disagree for same reason above.
[JLS] Again what is the test case (this is a MUST). Do you mean that I
cannot have a CMS implemention that supports password based key
management but does not support PBKDF2? There are no other manditory
algorithm implementations in this document. This one should not be
manditory.
--Paul Hoffman, Director
--Internet Mail Consortium
--- regards - jim