ietf-smime
[Top] [All Lists]

Re: Change request for CMS

2005-01-27 09:31:49

Jim:

I can see how this helps enrollment.

Aren't you trying to name the password? Assuming the password is one to one and onto with the KEK, the identifier actually names both.

For a change of this size, I think that an update to the document (as opposed to the whole document) is appropriate.

Russ

At 03:23 PM 1/26/2005, Jim Schaad wrote:
Russ,

Sometimes I wonder if this will ever end - the endless updates to documents
as we find things that seem to be lacking.  Oh well.....


I find myself wanting to identify a key using the password recipient info
type in an enveloped data structure.  Specifcally I am sending a enveloped
data structure between a server and a client system.  They do not yet have
certificates setup so that there is no way to use a public/private key pair.
They however do have an identifier/passphase setup between them.  It would
be convient if one could place the identifier in the PasswordRecipientInfo
structure so that all of the data is together rather than looking in many
different places for the infomration needed.


I would like to change the structure to

PasswordRecipientInfo ::= SEQUENCE {
  version CMSVersion -- {v0, v1}
  kekid   [1] KEKIdentifier OPTIONAL, -- if present version = 1
  keyDerivationAlgorithm [0] KeyyDerivationAlgorithmIdentifier OPTIONAL,
  keyEncryptionAlgorithm  KeyEncryptionAlgorithmIdentifier,
  encryptedKey EncryptedKey
}


Jim


<Prev in Thread] Current Thread [Next in Thread>