[secdir] secdir review of draft-schaad-smime-algorithm-attribute-03
"Carl Wallace" <CWallace@cygnacom.com> Wed, 05 January 2011 18:42 UTC
Return-Path: <CWallace@cygnacom.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3AE683A6C17; Wed, 5 Jan 2011 10:42:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaVIR32NQ-6I; Wed, 5 Jan 2011 10:42:04 -0800 (PST)
Received: from mail75.messagelabs.com (mail75.messagelabs.com [216.82.250.3]) by core3.amsl.com (Postfix) with SMTP id 7516D3A6BE9; Wed, 5 Jan 2011 10:42:04 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: CWallace@cygnacom.com
X-Msg-Ref: server-7.tower-75.messagelabs.com!1294253050!109086494!1
X-StarScan-Version: 6.2.9; banners=-,-,-
X-Originating-IP: [65.242.48.8]
Received: (qmail 30030 invoked from network); 5 Jan 2011 18:44:10 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (65.242.48.8) by server-7.tower-75.messagelabs.com with SMTP; 5 Jan 2011 18:44:10 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 05 Jan 2011 13:44:09 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D4801225B09@scygexch1.cygnacom.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-schaad-smime-algorithm-attribute-03
Thread-Index: AcutBrP9jR0C4SyKQWunIRas1nrn0Q==
From: Carl Wallace <CWallace@cygnacom.com>
To: secdir@ietf.org, iesg@ietf.org, ietf@augustcellars.com
Subject: [secdir] secdir review of draft-schaad-smime-algorithm-attribute-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 18:42:05 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document looks good to me. I have a few minor comments and editorial suggestions. For consistency, I suggest the definitions of the signatureAlgorithm and macAlgorithm fields refer to the corresponding fields in SignerInfo and AuthenticatedData similar to the description of the digestAlgorithm field, i.e., refer to SignerInfo.signatureAlgorithm and AuthenticatedData.macAlgorithm. Though it doesn't really matter, given the requirement for one of signatureAlgorithm or macAlgorithm to be present, why not use a CHOICE and force the issue? In 3.2, change signature validation to MAC verification.
- [secdir] secdir review of draft-schaad-smime-algo… Carl Wallace