-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Russ
Housley
Sent: Monday, September 08, 2008 10:46 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt
My call for review seems to have caused at least one person to
read the document. They were not sent to the list, so I'm
passing them along.
Russ
= = = = = = = = =
1) Section 1.5: Blurb beginning with Sec 4.3: RSA-PSS with
SHA-256 is not listed with anything. To be consistent with
section 4.3, it should read "RSA-PSS with SHA-256 is changed
to SHOULD+" or "RSA-PSS with SHA-256 is added as SHOULD+"
Added the "RSA-PSS with SHA-256 is added as SHOULD+" in 1.5.
2) Section 4, 1st para., 1st sentence was a little confusing:
it seemed that the receiving agent needed to provide some
certificate retrieval mechanism so that the receiving agent
could gain access to certificates for recipients of digital
envelopes. Is this meant instead to mean that the receiving
agent needs to provide some certificate retrieval mechanism so
that a sender can gain access to certificates for recipients
of digital envelopes?
I changed it to "S/MIME agents need to provide ...."
3) Discrepancy in guidance for DSA with SHA-256: in Section
1.5 it's listed as SHOULD; in Section 4.3, it's listed at a SHOULD+
Should be SHOULD+ in 1.5.
4) Section 4.4.1: Basic Constraints. Perhaps, this has
already been brought up. The last sentence in that section
states that certificates SHOULD contain a basicConstraints
extension in CA certs. In RFC5280, this is a MUST. Is this
contradictory or can this be allowed? Or does this refer to
certificates in general (though, in PKIX certs, doesn't this
have to be a MUST for CA certs?)
Changed sentence to: "As per [KEYM], certificates MUST contain a
basicConstraints extension in CA certificates, and SHOULD NOT contain that
extension in end entity certificates."
5) Appendix A: The first sentence is missing some words: The
S/MIME v3, v3.1, and v3.2 certificate handling documents are
backwords S/MIME v2 Message Specification...."
Added some words: "The S/MIME v3 [SMIMEv3], v3.1 [SMIMEv3.1], and v3.2 (this
document) are backwards compatible with the S/MIME v2 Certificate Handling
Specification [SMIMEv2], with the exception of the algorithms (dropped
RC2/40 requirement and added DSA and RSA-PSS requirements)."