[Top] [All Lists]

Late WG Last Call Comments: draft-ietf-smime-ibearch-03.txt

2007-06-25 08:28:05

I was not able to review this document before WG Last Call ended. However, I do have some comments. Please treat them as late WG lasy Call comment or early IETF Last Call comments.

1) Section 2.1 says:

        Identity-based encryption (IBE) is a public-key encryption technology
        that allows a public key to be calculated from an identity and the
        corresponding private key to be calculated from the public key.

I realize that you need to start some place to explain the system. However, the system is more complex than described in this sentence. Without clarification, the reader gets the impression that anyone could compute any private key, which would be disaster. So, the authors need to indicate what entity can do the described computation, and what prevents other entities from doing the same.

2) Section 2.3.2 says:

      PKGs MUST support TLS 1.1 [TLS] for transport of IBE private keys.

And, Section 3.1 says:

      The requesting client MUST support TLS 1.1 [TLS].

And, Section 4.2 says:

      The requesting client MUST support TLS 1.1 [TLS].

I have no problem with requiring TLS 1.1 today, but we want to support TLS 1.2 when it is finished, right? I think that there is a way to do this without having to change this document to keep up with TLS protocol evolution. Consider:

      <Entity> MUST support TLS 1.1 [TLS] or its successors, using the
      latest version supported by both parties.

3) Section 3.1 says:

      When requesting the URI the client MUST only accept the system
      parameter block if the server identity was verified successfully by
      TLS 1.1.

Please change the wording to accommodate future versions of TLS.

4) Section 3.1 include this example:

Why "pem" for the file extension? This file extension is used extensively for other uses.

5) Section 3.2 talks about the pkgURI extension. Why use UTF8? Isn't an IA5String sufficient?

6) There are errors in the ASN.1. It does not compile! The following are corrected:

        IBEIdentityInfo ::= SEQUENCE {
          district        UTF8String,
          serial          INTEGER,
          identitySchema  OBJECT IDENTIFIER,
          identityData    OCTET STRING

        IBESysParams ::= SEQUENCE {
          version              INTEGER { v2(2) },
          districtName         UTF8String,
          districtSerial       INTEGER,
          validity             Validity,
          ibePublicParameters  IBEPublicParameters,
          ibeIdentitySchema    OBJECT IDENTIFIER,
          ibeParamExtensions   IBEParamExtensions

      EncryptedKey ::= OCTET STRING

If you prefer, the EncryptedKey definition could be imported from CMS.

7) What MIME types are used with HTTP? Have these types been discussed on the ietf-types mail list?

8) A few editorial nits:
-- s/content encryption key/content-encryption key/
-- s/UTF8STRING/UTF8String/
-- s/joint-iso-itu/joint-iso-itu-t/


<Prev in Thread] Current Thread [Next in Thread>