RE: WG LAST CALL: draft-ietf-smime-rfc2632bis-03

"Blake Ramsdell" <> Mon, 27 October 2003 02:26 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id VAA08529 for <>; Sun, 26 Oct 2003 21:26:32 -0500 (EST)
Received: from (localhost []) by (8.12.10/8.12.8) with ESMTP id h9R1sgI7049369 for <>; Sun, 26 Oct 2003 17:54:42 -0800 (PST) (envelope-from
Received: (from majordom@localhost) by (8.12.10/8.12.9/Submit) id h9R1sgXc049368 for ietf-smime-bks; Sun, 26 Oct 2003 17:54:42 -0800 (PST)
X-Authentication-Warning: majordom set sender to using -f
Received: from ( [] (may be forged)) by (8.12.10/8.12.8) with ESMTP id h9R1sfI7049356 for <>; Sun, 26 Oct 2003 17:54:41 -0800 (PST) (envelope-from
Received: from DEXTER ([]) by with ESMTP ; Sun, 26 Oct 2003 17:54:39 -0800
From: Blake Ramsdell <>
Subject: RE: WG LAST CALL: draft-ietf-smime-rfc2632bis-03
Date: Sun, 26 Oct 2003 17:54:38 -0800
Message-ID: <!~!>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <001d01c35155$4c558950$8b40a051@augustcellars.local>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Precedence: bulk
List-Archive: <>
List-ID: <>
List-Unsubscribe: <>
Content-Transfer-Encoding: 7bit

> -----Original Message-----
> From: Jim Schaad [] 
> Sent: Wednesday, July 23, 2003 1:02 PM
> To: 'Blake Ramsdell';
> Subject: RE: WG LAST CALL: draft-ietf-smime-rfc2632bis-03
> 1. Section 1.2:  Does this need to be updated to refer to version 3.1
> agents as well?


S/MIME version 3.1 agents should attempt to have the greatest
interoperability possible with agents for prior versions of S/MIME.
S/MIME version 2 is described in RFC 2311 through RFC 2315, inclusive
and S/MIME version 3 is described in RFC 2630 through RFC 2634
inclusive. RFC 2311 also has historical information about the
development of S/MIME.

> 2. References need to be divided.

Still missing what this means.

> 3. Acknowlegements is [TBD]


Many thanks go out to the other authors of the S/MIME v2 RFC: Steve
Dusse, Paul Hoffman and Jeff Weinstein. Without v2, there wouldn't be
a v3.

A number of the members of the S/MIME Working Group have also worked
very hard and contributed to this document. Any list of people is
doomed to omission and for that I apologize. In alphabetical order,
the following people stand out in my mind due to the fact that they
made direct contributions to this document.

Bill Flanigan
Trevor Freeman
Elliott Ginsburg
Paul Hoffman
Russ Housley
David P. Kemp
Michael Myers
John Pawling
Denis Pinkas
Jim Schaad

> 4. Section at beginning of document on changes since RFC2632 is
> required.


1.4 Changes Since S/MIME v3.0

Version 1 and Version 2 CRLs MUST be supported.

Multiple CA certificates with the same subject and public key, but
with overlapping validity periods MUST be supported.

Version 2 attribute certificates SHOULD be supported, and version 1
attributes certificates MUST NOT be used.

MD2 use for certificate signatures discouraged, and security language

Clarified use of email address use in certificates.  Certificates that
do not contain an email address have no requirements for verifying the
email address associated with the certificate.

Receiving agents SHOULD display certificate information when
displaying the results of signature verification.

Receiving agents MUST NOT accept a signature made with a certificate
that does not have the digitalSignature or nonRepudiation bit set.

Clarifications for the interpretation of the key usage and extended
key usage extensions.

> 5. KEYMAC as a reference sent me to keyed macs, not to key management
> for ACs.

Are you saying that you were personally confused about the use of the
reference term KEYMAC?


Reference name changed from KEYMAC to ACAUTH.

> 6.  Section 4.4.2 - Key Usage is not a required extension.  
> What happens
> in para #4 if the extension is not present.  Does this imply that the
> bits are set?

I have no idea, since no one's really been able to explain the
difference between these two bits anyway.


If the key usage extension is not specified, receiving clients MUST
presume that the digitalSignature and nonRepudiation bits are set.