From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Sunday, February 29, 2004 8:46 PM
To: Blake Ramsdell; ietf-smime(_at_)imc(_dot_)org
Subject: Re: WG LAST CALL: draft-ietf-smime-rfc2632bis-05.txt
1. Section 1,1, 1st sentence: s/draft/document/
2. Should Section 1,2 reference RFC 3369?
We had this discussion in 2633 about "prior practice" vs. "current
practice". Not changed.
3. Section 1.4: s/MD2 use for certificate signatures
of the MD5 message digest for certificate signatures is discouraged/
Fixed (also s/MD5/MD2/ as you pointed out in a subsequent message).
4. Delete Section 1.5 before submitting the document to the IESG.
5. Section 4.4.2 include the following paragraph:
If the key usage extension is not specified, receiving
presume that the digitalSignature and nonRepudiation bits are set.
Should there be an 'only' in this sentence?
I don't think so -- the critical thing, I think, was to communicate was
that any certificate should be considered useful for signing. Outside of
that, it's up to the client to determine other usage defaults.
6. Section 4.4.4, 2nd paragraph, last sentence. Add a period.