I agree to the text. Unless there are any objections on the list I have
no problem including this text in the draft for the IESG process.
Microsoft Security Center of Excellence (SCOE)
From: Jim Schaad [mailto:ietf(_at_)augustcellars(_dot_)com]
Sent: den 16 februari 2005 09:46
To: ietf(_at_)augustcellars(_dot_)com; Stefan Santesson
Subject: RE: I-D ACTION:draft-ietf-smime-certcapa-02.txt
I am not really happy with how the following item was addressed.
2. I would like to see the addition of a paragraph
describing the types of capabilities that are expected to be
listed. It seems obious that bulk encryption algorithms are
listed as, potentially, are key encryption algorithms
(consider RSA-OAEP as an example). However it is not clear
about some of the other potential capabililties. What about
signature and hash algorithms? What about MAC algorithms?
What about S/MIME specifics such as id-cap-preferBinaryInside?
Since I did not care for the paragraph that you have, I am suggesting
following paragraph instead.
There are numerous different types of S/MIME capabilities that have
defined by different documents. While all of the different
be placed in this attribute, in many cases not all of them need to be
included. Generally only those items relating to encryption
- Signature/Hash Algorithms: As a general rule, the signature
capaiblities of a client are assumed rather than checked, this means
they are placed in this extension they may be ignored.
- Content Encryption Algorrithms: This is the general set of
will be placed in the extension.
- Key Encryption/Key Transport Algorithms: These capabilities are
the extension in thoses cases where additional constraints are placed
the public key algorithm. (An example would be using RSA-OAEP for a
- MAC Algorithms: These capabilties are genreally omitted from the
- Other capabitlies: This includes such items as binary content
These capabilties may or may not be generally included depending on
the item is related to encryption or signature operations.