This version addresses most of Jim's comments. The two comments not fully
addressed are:
- AuthenticatedData/AuthEnvelopedData issues
- parameter issues
With respect to the parameters, instead of repeating the text for parameters
from various IDs/RFCs we should just point to those other IDs/RFCs. RFC
3278:
- Didn't indicate the parameters for SHA-1. Section 7.1.1 now points to
draft-ietf-smime-sha2-08 for SHA-224, SHA-256, SHA-384, and SHA-512
parameters. I should have added a reference to RFC 3370 for SHA-1 in this
version but forgot will add it in draft-ietf-smime-3278bis-03.
- Indicated that the parameters for id-ecPublicKey were NULL for the
originator field. Section 7.1.2 now states that the parameters for
id-ecPublicKey are absent, NULL, or ECParameters (see editorial fix below).
Since id-ecPublicKey is only used in originatorKey is used for ECDSA and
the parameters for it are always ECParameters and always present (from
draft-ietf-pkix-sha2-dsa-ecdsa) and other NIST specified signature algorithm
parameter's are absent (e.g., DSA), NULL parameters seems wrong. Section
7.1.2 also states that parameters are preferred absent and if ECParameters
are included they are ignored (we get them from the certificate). I'll add
a note in -03 to indicate the old way has been changed.
- Indicated that the parameters for ECDSA with SHA-1 were NULL.
draft-ietf-pkix-ecc-subpubkeyinfo/draft-ietf-pkix-sha2-dsa-ecdsa indicates
the parameters are absent. Section 7.1.3 now just points to the other
drafts. I'll add a note in -03 to indicate the old way has been changed.
- Was a little vague about KeyWrapAlgorithm ::= AgorithmIdentifier as the
parameters. Section 7.1.4 of draft-ietf-smime-3278bis-02 clarifies this.
- Indicated that key wrap algorithm parameters were NULL. This is correct
for Triple-DES but not for AES. Section 7.1.5 draft-ietf-smime-3278bis-02
now points to the appropriate documents for the object identifiers and
parameters for the key wrap algorithms. I'll add a note in -03 to indicate
the old way has been changed.
- Didn't indicate the parameters for content encryption algorithms. Section
7.1.6. of draft-ietf-smime-3278bis-02 points to the appropriate documents
for object identifiers and parameters.
- Didn't indicate the parameters for message authentication algorithms.
Section 7.1.6 of draft-ietf-smime-3278bis-02 points to the appropriate
documents for object identifiers and parameters.
I've already caught some other edits:
- in 7.1.2 it ECPoint should be replaced by ECParameters.
- in 7.1.7 SHA-1 is repeated many times and should be replaced by SHA-256,
SHA-384, and SHA-512
- throughout I should have replaced SHA1 with SHA-1 where appropriate.
spt
-----Original Message-----
From: i-d-announce-bounces(_at_)ietf(_dot_)org
[mailto:i-d-announce-bounces(_at_)ietf(_dot_)org] On Behalf Of
Internet-Drafts(_at_)ietf(_dot_)org
Sent: Monday, September 29, 2008 1:00 PM
To: i-d-announce(_at_)ietf(_dot_)org
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: I-D ACTION:draft-ietf-smime-3278bis-02.txt
A New Internet-Draft is available from the on-line
Internet-Drafts directories.
This draft is a work item of the S/MIME Mail Security Working
Group of the IETF.
Title : Use of Elliptic Curve Cryptography
(ECC) Algorithms in Cryptographic Message Syntax (CMS)
Author(s) : S. Turner, D. Brown
Filename : draft-ietf-smime-3278bis-02.txt
Pages : 53
Date : 2008-9-29
This document describes how to use Elliptic Curve Cryptography (ECC)
public-key algorithms in the Cryptographic Message Syntax
(CMS). The
ECC algorithms support the creation of digital signatures and the
exchange of keys to encrypt or authenticate content. The
definition of the algorithm processing is based on the NIST
FIPS 186-3 for
digital signature, NIST SP800-56A for key agreement, RFC
3565 for key
wrap and content encryption, NIST FIPS 180-3 for message
digest, and
RFCs 2104 and 4231 for message authentication code standards.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-smime-3278bis-02.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail
reader implementation to automatically retrieve the ASCII
version of the Internet-Draft.