[secdir] secdir review of draft-schaad-smime-algorithm-attribute-03

"Carl Wallace" <CWallace@cygnacom.com> Wed, 05 January 2011 18:42 UTC

Return-Path: <CWallace@cygnacom.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 3AE683A6C17; Wed, 5 Jan 2011 10:42:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id yaVIR32NQ-6I; Wed, 5 Jan 2011 10:42:04 -0800 (PST)
Received: from mail75.messagelabs.com (mail75.messagelabs.com []) by core3.amsl.com (Postfix) with SMTP id 7516D3A6BE9; Wed, 5 Jan 2011 10:42:04 -0800 (PST)
X-VirusChecked: Checked
X-Env-Sender: CWallace@cygnacom.com
X-Msg-Ref: server-7.tower-75.messagelabs.com!1294253050!109086494!1
X-StarScan-Version: 6.2.9; banners=-,-,-
X-Originating-IP: []
Received: (qmail 30030 invoked from network); 5 Jan 2011 18:44:10 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) ( by server-7.tower-75.messagelabs.com with SMTP; 5 Jan 2011 18:44:10 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 5 Jan 2011 13:44:09 -0500
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D4801225B09@scygexch1.cygnacom.com>
Thread-Topic: secdir review of draft-schaad-smime-algorithm-attribute-03
Thread-Index: AcutBrP9jR0C4SyKQWunIRas1nrn0Q==
From: "Carl Wallace" <CWallace@cygnacom.com>
To: <secdir@ietf.org>, <iesg@ietf.org>, <ietf@augustcellars.com>
Subject: [secdir] secdir review of draft-schaad-smime-algorithm-attribute-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2011 18:42:05 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document looks good to me.  I have a few minor comments and
editorial suggestions.

For consistency, I suggest the definitions of the signatureAlgorithm and
macAlgorithm fields refer to the corresponding fields in SignerInfo and
AuthenticatedData similar to the description of the digestAlgorithm
field, i.e., refer to SignerInfo.signatureAlgorithm and

Though it doesn't really matter, given the requirement for one of
signatureAlgorithm or macAlgorithm to be present, why not use a CHOICE
and force the issue?

In 3.2, change signature validation to MAC verification.