Jim:
>2. Section 2.1: There is a conflict between MUST in the next to last
>and SHOULD in the last paragraph for handling the presence of NULL
>algorithm parameters.
I have read it three times, and I do not see the problem. The working
group decided that the transmission of omitted parameters and NULL
parameters are both legal. Therefore, implementations SHOULD be able to
process both. However, if parameters are present, they must contain
NULL.
Please post a proposed working change if you still think that there is a
problem.
[JLS]
1. MUST handle with a parameters of NULL
2. SHOULD accept absent parameters (as well as NULL)
3. SHOULD generate with absent parameters.
The MUST accept and the SHOULD generate are of opposite choices.
How about:
The AlgorithmIdentifier parameters field is OPTIONAL. If present,
the parameters field MUST contain a NULL. Implementations MUST
accept SHA-1 AlgorithmIdentifiers with absent parameters.
Implementations SHOULD accept SHA-1 AlgorithmIdentifiers with absent
parameters. Implementations SHOULD generate SHA-1
AlgorithmIdentifiers with absent parameters.
>3. Section 3.2: The paragraph "CMS implentations that support ..."
>should be removed. This is a protocol statement on CMS not CMSALGs.
I do not agree. If an implementation chooses to implement RSA (PKCS#1
v1.5) signatures, they MUST also implement SHA-1. Such implementations
SHOULD also support MD5. There is nothing in this document that forces an
implementation to support RSA (PKCS#1 v1.5) signatures.
[JLS] I don't have a problem with the statement above, it is when you
say CMS implementations... That I have a problem as that appears to be a
CMS requirement not an algorithm requirement. Please see response
message to Paul on this issue.
In the message to Paul, you said:
[JLS] I would agree with a statement that says. "Implementations of RSA
(PKCS #1 v1.5) signature algorithm MUST implement the SHA-1 message
digest algorithm."
The whole point of CMSALG is to describe the use of algorithms in the CMS,
so of course we are talking about CMS implementations. How about:
CMS implementations that include the RSA (PKCS #1 v1.5) signature
algorithm MUST also implement the SHA-1 message digest algorithm.
Such implementations SHOULD also support MD5 message digest
algorithm.
>11. ASN Module:
>cmsalg.asn(124) : error 1019: Type symbol AlgorithmIdentifier never
>resolved.
I added:
IMPORTS
-- Directory Authentication Framework (X.509-2000)
AlgorithmIdentifier
FROM AuthenticationFramework { joint-iso-itu-t ds(5)
module(1) authenticationFramework(7) 4 }
[JLS] Don't forget the semi-colon following the OID since there are no
other IMPORTS in the document.
[JLS] I would request that the PKIX module be used rather than the
X.509 since that is more widely available.
I caught the semicolon.
RFC 2630 imports from the ISO/ITU-T modules. Why change now?
Russ