[Top] [All Lists]

RE: I-D ACTION:draft-ietf-smime-certcapa-02.txt

2005-02-16 10:35:36


I am not really happy with how the following item was addressed.

2.  I would like to see the addition of a paragraph 
describing the types of capabilities that are expected to be 
listed.  It seems obious that bulk encryption algorithms are 
listed as, potentially, are key encryption algorithms 
(consider RSA-OAEP as an example).  However it is not clear 
about some of the other potential capabililties.  What about 
signature and hash algorithms?  What about MAC algorithms?  
What about S/MIME specifics such as id-cap-preferBinaryInside?

Since I did not care for the paragraph that you have, I am suggesting the
following paragraph instead.

There are numerous different types of S/MIME capabilities that have been
defined by different documents.  While all of the different capabilties can
be placed in this attribute, in many cases not all of them need to be
included.  Generally only those items relating to encryption capabities are

- Signature/Hash Algorithms: As a general rule, the signature processing
capaiblities of a client are assumed rather than checked, this means that if
they are placed in this extension they may be ignored.

- Content Encryption Algorrithms: This is the general set of capabities that
will be placed in the extension.

- Key Encryption/Key Transport Algorithms: These capabilities are placed in
the extension in thoses cases where additional constraints are placed on the
the public key algorithm.  (An example would be using RSA-OAEP for a generic
RSA key.)

- MAC Algorithms: These capabilties are genreally omitted from the

- Other capabitlies: This includes such items as binary content prefered.
These capabilties may or may not be generally included depending on wither
the item is related to encryption or signature operations.