Re: [secdir] re-review of draft-ietf-smime-cms-rsa-kem
Sean Turner <turners@ieca.com> Tue, 15 December 2009 19:54 UTC
Return-Path: <turners@ieca.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 90FCD3A6AC9 for <secdir@core3.amsl.com>; Tue, 15 Dec 2009 11:54:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.556
X-Spam-Level:
X-Spam-Status: No, score=-2.556 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDJkL5LGTxhO for <secdir@core3.amsl.com>; Tue, 15 Dec 2009 11:54:55 -0800 (PST)
Received: from smtp109.biz.mail.re2.yahoo.com (smtp109.biz.mail.re2.yahoo.com [206.190.53.8]) by core3.amsl.com (Postfix) with SMTP id C7E533A67E4 for <secdir@ietf.org>; Tue, 15 Dec 2009 11:54:51 -0800 (PST)
Received: (qmail 54755 invoked from network); 15 Dec 2009 19:54:35 -0000
Received: from pool-71-191-11-55.washdc.east.verizon.net (turners@71.191.11.55 with plain) by smtp109.biz.mail.re2.yahoo.com with SMTP; 15 Dec 2009 11:54:35 -0800 PST
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: YV60f7wVM1lnN8H7BKvD1DdAsx.I4_r2Z_siVjGxFOFlHnilixDUEuPWCwtZAYJvtUlVm4x5yv.euqs6LrCwqVWeGK49HjPuJYL5zSbv7ngSQvFqJKc5yQQqv0AMGyIZuJYgwg2XEKlXZA.3KCofzGezupi3NTpLDB9uUtPN3gbZSxprPHuLaWJjQCUZYU47V6g3Uni9GuiOLBj5Y8TkhUwsAwAjWfPt5fHf9vFdgxAK2Yca0TZcDBrnDFXWxMoRDrDZNckNTEsTHVs780HIcxzzVwmEHZmLzCK_iu8HZdaTD3LkaUOKGY9SW1EFEbqmCC3lfIHTkjnAjcKYi3ZkeoiX3x3bflRo_R96bRQKs8.qmGTHTg.MHRzVwWLH6yz_2WxpyNrqNU2rvFaakGa9qsfHMbFDwySFCIJsrQCmi1zAbXI-
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4B27E97B.2090904@ieca.com>
Date: Tue, 15 Dec 2009 14:54:35 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: secdir@ietf.org
References: <p06240813c74c66966a10@[10.84.130.238]>
In-Reply-To: <p06240813c74c66966a10@[10.84.130.238]>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [secdir] re-review of draft-ietf-smime-cms-rsa-kem
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2009 19:54:56 -0000
Stephen Kent wrote: > I reviewed version 05 of this I-D in July of 2008. The current version > is 10. > > My original reviewed cited only a two major concerns: > > - the previous version was ambiguous about support for Camella. This > version clarifies this issue, making support for Camellia a SHOULD. > > - the pervious version called for using an algorithm ID (with very > complex parameters) in a cert to signal when a message recipient > requires use of RSA-KEM. The authors addressed this concern in Section > 2.3 (and Appendix B), by stating that these parameters MUST be absent > when this OID is used in a cert in this context. > > I have corresponded with Sean and he suggested that he could provide > more explicit words re the fact that the parameters MUST be omitted when > the algorithm OID appears in the SubjectPublicKey field of a cert. I > encourage Sean to include this additional text. In the working -11 version I have not yet submitted, I've got the following: OLD: The parameters are absent. NEW: When the id-rsa-kem algorithm identifier appears in the SubjectPublicKeyInfo algorithm field, the encoding SHALL omit the parameters field from AlgorithmIdentifier. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component, the object identifier id-rsa-kem. spt
- [secdir] re-review of draft-ietf-smime-cms-rsa-kem Stephen Kent
- Re: [secdir] re-review of draft-ietf-smime-cms-rs… Sean Turner