[Top] [All Lists]


2002-02-26 14:59:38


I have some comments on rfc2633bis-00. I hoped to get to this document sooner, but the RSA Conference last week was quite hectic.

Title Page. Please add a line to the heading that indicates that this document, when approved, will obsolete RFC 2633.

Overall. Please change "draft" to "specification." This will avoid a bunch of last minute changes when we want to progress from Internet-Draft to Standards-Track RFC.

Overall. Please change "content encryption key" to "content-encryption key" to harmonize the terminology with RFC 2630 (and RFC 2630bis).

Overall. Please change "privacy" to "confidentiality" throughout the document to align with the definitions in RFC 2828. In each case, sentences will require slight rewording.

Section 1.  Please add a subsection that describes the changes since RFC 2633.

Section 2.5, 2nd paragraph. The formatting got messed up. Please turn into a list of bullets.

Section 2.5.1, 1st paragraph. Please delete references to trusted timestamping services. If you wish, add a section that references the attributes associated with such a service.

Section 2.5.2, 6th paragraph.  Please fix the URL by removing the extra space.

Section 2.7.1. Please line up the bullets that begin the 3rd and 4th paragraphs.

Section 3.1. The current wording (rightly) prevents the encryption of RFC 822 header. However, there should be some discussion about the protection of this header information. There was a very long discussion of this topic on the list, and the conclusions need to be documented here.

Section 5. Please replace the "[TBD]" with a sentence of warning about the Million Message Attack and a reference to RFC 3218. Similarly, implementors of Diffie-Hellman should be warned about small subgroups and given a reference to RFC 2785.

ASN.1. Several of the types defined here are already in cmsalg. We should trim the module to the minimum set of types.

<Prev in Thread] Current Thread [Next in Thread>
  • draft-ietf-smime-rfc2633bis-00.txt, Housley, Russ <=