ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt

2008-09-15 18:30:01
from [Turner, Sean P.] [Permanent Link] 

________________________________

        From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Denis 
Pinkas
        Sent: Thursday, September 11, 2008 4:56 AM
        To: ietf-smime
        Subject: RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt
        
        
DP:  Let me try again. The text states:
 
The following are the RSA key size requirements for S/MIME  receiving 
agents during certificate and CRL signature verification: 
        
(snip)
         
 512 <= key size <= 4096 : MUST (see Section 6 [SMIME-MSG]) 
        
(snip) 
        
 512 <= key size <= 1024 : MAY (see Section 6 [SMIME-MSG]) 
        
If the key size is between 512 and 1024 two lines of requirements apply.
It is unclear which line should be taken into consideration and thus whether
a MUST or a MAY applies.
         
(snip)

In draft-ietf-smime-3850bis, I mistakenly had two sets of requirements for
RSA.   The first set of requirements is for RSA and the second is for DSA
(typo).  draft-ietf-smime-3850bis 4.3 changed to:

   The following are the RSA key size requirements for S/MIME receiving 
   agents during certificate and CRL signature verification: 

      0 <  key size <   512 : MAY  (see Section 6 [SMIME-MSG]) 
    512 <= key size <= 4096 : MUST (see Section 6 [SMIME-MSG]) 
   4096 <  key size         : MAY  (see Section 6 [SMIME-MSG]) 

   The following are the **DSA** key size requirements for S/MIME receiving 
   agents during certificate and CRL signature verification: 

    512 <= key size <= 1024 : MAY  (see Section 6 [SMIME-MSG]) 

(snip)


Additional text proposal: 

When verifying a signature, if a signingCertificate or a 
signingCertificateV2 attribute is found in an S/MIME message, 
it SHALL be used to identify the signer's certificate. 
Otherwise, the certificate is identified in an S/MIME message, 
either using the issuerAndSerialNumber which identifies the 
signer's certificate by the issuer's distinguished name and 
the certificate serial number, or the subjectKeyIdentifier 
which identifies the signer's certificate by a key identifier. 


Okay.
 
DP: This is fine. However, my comment also said: "Additional efforts 
should be done on decrypting a content-encryption key or 
forming a pairwise symmetric key. Would you be able to provide 
some text to cover these aspects ?
        
I'd prefer that you propose the text.

spt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt, Denis Pinkas
Next by Date:  RE: WG Last Call: draft-ietf-smime-rfc3851bis-05.txt, Turner, Sean P.
Previous by Thread:  RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt, Denis Pinkas
Next by Thread:  RE: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]