ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt

2008-09-08 12:07:38
from [Turner, Sean P.] [Permanent Link] 


-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Russ 
Housley
Sent: Monday, September 08, 2008 10:46 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt


My call for review seems to have caused at least one person to 
read the document.  They were not sent to the list, so I'm 
passing them along.

Russ

= = = = = = = = =

1) Section 1.5:  Blurb beginning with Sec 4.3:  RSA-PSS with 
SHA-256 is not listed with anything. To be consistent with 
section 4.3, it should read "RSA-PSS with SHA-256 is changed 
to SHOULD+" or "RSA-PSS with SHA-256 is added as SHOULD+"


Added the "RSA-PSS with SHA-256 is added as SHOULD+" in 1.5.


2) Section 4, 1st para., 1st sentence was a little confusing: 
it seemed that the receiving agent needed to provide some 
certificate retrieval mechanism so that the receiving agent 
could gain access to certificates for recipients of digital 
envelopes.  Is this meant instead to mean that the receiving 
agent needs to provide some certificate retrieval mechanism so 
that a sender can gain access to certificates for recipients 
of digital envelopes?


I changed it to "S/MIME agents need to provide ...."


3) Discrepancy in guidance for DSA with SHA-256: in Section 
1.5 it's listed as SHOULD; in Section 4.3, it's listed at a SHOULD+


Should be SHOULD+ in 1.5.


4) Section 4.4.1: Basic Constraints.  Perhaps, this has 
already been brought up.  The last sentence in that section 
states that certificates SHOULD contain a basicConstraints 
extension in CA certs.  In RFC5280, this is a MUST.  Is this 
contradictory or can this be allowed?  Or does this refer to 
certificates in general (though, in PKIX certs, doesn't this 
have to be a MUST for CA certs?)


Changed sentence to: "As per [KEYM], certificates MUST contain a
basicConstraints extension in CA certificates, and SHOULD NOT contain that
extension in end entity certificates."


5) Appendix A: The first sentence is missing some words:  The 
S/MIME v3, v3.1, and v3.2 certificate handling documents are 
backwords S/MIME v2 Message Specification...."


Added some words: "The S/MIME v3 [SMIMEv3], v3.1 [SMIMEv3.1], and v3.2 (this
document) are backwards compatible with the S/MIME v2 Certificate Handling
Specification [SMIMEv2], with the exception of the algorithms (dropped
RC2/40 requirement and added DSA and RSA-PSS requirements)."
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt, Russ Housley
Next by Date:  RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt, Turner, Sean P.
Previous by Thread:  RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt, Russ Housley
Next by Thread:  RE: WG Last Call: draft-ietf-smime-rfc3851bis-05.txt- from Sue, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]