[Top] [All Lists]

RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt

2008-07-28 13:48:03

Other things Jim requested offline:
 - Point to PKIXALG as opposed to CMSALG, which makes sense since this is
the CERT ID.
 - Add back in changes from v3 to v3.1, which also makes sense because the
section should not have been removed.

-----Original Message-----
From: Jim Schaad [mailto:ietf(_at_)augustcellars(_dot_)com] 
Sent: Monday, July 28, 2008 2:43 PM
To: Sean P. Turner; 'Blake Ramsdell'
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt 

Comments on the draft.

In section 4.4.3, I find the following text confusing:

End-entity certificates contain an extension that 
  constrains the certificate from being an issuing authority 
  certificate (see Section 4.4.2). 

I believe that this text might be better as it clarifies what 
is being stated.  I.e. it is not the fact that basic 
constraints is being used which actually does the mentioned constraint.

End-entity certificates contain the Key Usage extension which 
restraints the end-entity from using the key to perform 
issuing authority operations (see

Also the previous comment (on 3851bis) on key sizes > 4096 
should be applied to this document


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org [mailto:owner-ietf- 
smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of 
Sent: Tuesday, July 01, 2008 1:30 AM
To: i-d-announce(_at_)ietf(_dot_)org
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: I-D ACTION:draft-ietf-smime-3850bis-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
This draft is a work item of the S/MIME Mail Security 
Working Group of 
the IETF.

     Title           : Secure/Multipurpose Internet Mail Extensions
(S/MIME) Version 3.2 Certificate Handling
     Author(s)       : S. Turner, B. Ramsdell
     Filename        : draft-ietf-smime-3850bis-04.txt
     Pages           : 20
     Date            : 2008-6-30

This document specifies conventions for X.509 certificate usage by
   Secure/Multipurpose Internet Mail Extensions (S/MIME) agents.
   provides a method to send and receive secure MIME messages, and
   certificates are an integral part of S/MIME agent processing.
S/MIME agents validate certificates as described in RFC 3280bis, the
   Internet X.509 Public Key Infrastructure Certificate and CRL 
   S/MIME agents must meet the certificate processing requirements in
   this document as well as those in RFC 3280bis. This document
   obsoletes RFC 3850.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader 
implementation to automatically retrieve the ASCII version of the 

<Prev in Thread] Current Thread [Next in Thread>