Jim:
[JLS] 3. Section 3.2: The paragraph "CMS implentations that support ..."
should
be removed. This is a protocol statement on CMS not CMSALGs.
[Paul] Disagree. This paragraph shows a linkage between RSA and SHA-1, which
is perfectly reasonable.
[JLS] I would agree with a statement that says. "Implementations of RSA
(PKCS #1 v1.5) signature algorithm MUST implement the SHA-1 message
digest algorithm."
[Russ] I am confused here. The current text is:
CMS implementations that support the RSA (PKCS #1 v1.5) signature
algorithm MUST also support the SHA-1 message digest algorithm. Such
implementations SHOULD also support MD5 message digest algorithm.
Are you really only asking that we change "support" to "implement"?
[JLS] 8. Section 4.4, Para 2: This contains a MUST on CMS. It needs to be
removed.
[Paul] Disagree for same reason above.
[JLS] Again what is the test case (this is a MUST). Do you mean that I
cannot have a CMS implemention that supports password based key
management but does not support PBKDF2? There are no other manditory
algorithm implementations in this document. This one should not be
manditory.
[Russ] Here I agree with Jim. At the London meeting, we agreed that all of
the algorithms listed in CMSALG would be MAY implement, and that other
documents would make MUST statements. For example, the updated MSG
document will reference CMSALG and make MUST statements.
I think that the updated MSG document should say that implementations that
support password-based key management, then they MUST implement PBKDF2.
Russ