Skip to main content

Cryptographic Message Syntax (CMS) Content Constraints Extension
draft-housley-cms-content-constraints-extn-06

Revision differences

Document history

Date Rev. By Action
2012-08-22
06 (System) post-migration administrative database adjustment to the No Objection position for Sean Turner
2010-05-26
06 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2010-05-26
06 (System) IANA Action state changed to No IC from In Progress
2010-05-26
06 (System) IANA Action state changed to In Progress
2010-05-26
06 Amy Vezza IESG state changed to Approved-announcement sent
2010-05-26
06 Amy Vezza IESG has approved the document
2010-05-26
06 Amy Vezza Closed "Approve" ballot
2010-05-26
06 Amy Vezza State Changes to Approved-announcement to be sent from IESG Evaluation - Defer::AD Followup by Amy Vezza
2010-05-25
06 Sean Turner [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss by Sean Turner
2010-05-24
06 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-05-24
06 (System) New version available: draft-housley-cms-content-constraints-extn-06.txt
2010-05-20
06 Cindy Morgan State Changes to IESG Evaluation - Defer::Revised ID Needed from IESG Evaluation - Defer by Cindy Morgan
2010-05-20
06 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2010-05-20
06 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2010-05-20
06 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant
2010-05-20
06 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2010-05-20
06 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel
2010-05-20
06 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo
2010-05-19
06 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms
2010-05-19
06 Sean Turner
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in …
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.

14) Sec 3.1: r/if the certification path is valid for a signed CMS object/if the certification path is valid for a given context.
2010-05-19
06 Sean Turner
[Ballot discuss]
[Updated to remove #1, but added a new #2]

2) Can you provide an alternate grouping in section 4 so the things that …
[Ballot discuss]
[Updated to remove #1, but added a new #2]

2) Can you provide an alternate grouping in section 4 so the things that are done multiple times are set apart from the thing that is done once per CMS path.  I believe this will make things clearer.
2010-05-19
06 Sean Turner
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in …
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.

14) Sec 3.1: r/if the certification path is valid for a signed CMS object/if the certification path is valid for a given context.
2010-05-19
06 Sean Turner
[Ballot discuss]
[Updated]

1) Can you provide an alternate grouping in section 4 so the things that are done multiple times are set apart from …
[Ballot discuss]
[Updated]

1) Can you provide an alternate grouping in section 4 so the things that are done multiple times are set apart from the thing that is done once per CMS path.  I believe this will make things clearer.
2010-05-19
06 Sean Turner
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in …
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.

14) Sec 3.1: r/if the certification path is valid for a signed CMS object/if the certification path is valid for a given context.
2010-05-19
06 Sean Turner
[Ballot discuss]
1) Can you provide an alternate grouping in section 4 so the things that are done multiple times are set apart from the …
[Ballot discuss]
1) Can you provide an alternate grouping in section 4 so the things that are done multiple times are set apart from the thing that is done once per CMS path.  I believe this will make things clearer.
2010-05-17
06 Sean Turner
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in …
[Ballot comment]
[Updated: Removed original 12.  Two new comments.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.

14) Sec 3.1: r/if the certification path is valid for a signed CMS object/if the certification path is valid for a given context.
2010-05-10
06 Sean Turner
[Ballot comment]
[Updated: Removed original 12.  One new comment.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in …
[Ballot comment]
[Updated: Removed original 12.  One new comment.]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.
2010-05-10
06 Sean Turner
[Ballot comment]
[Updated: Removed original 12.  One new comments]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in …
[Ballot comment]
[Updated: Removed original 12.  One new comments]

Here are my comments on this draft:

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.
2010-05-10
06 Sean Turner
[Ballot comment]
[Updated: Removed original 11.  Two new comments]

Here are my comments on this draft:

12) Sec 4: r/In such cases, each SignerInfo must …
[Ballot comment]
[Updated: Removed original 11.  Two new comments]

Here are my comments on this draft:

12) Sec 4: r/In such cases, each SignerInfo must be processed as if it were the only SignerInfo, and the CMS content constraints must be met in order for that signature to be considered valid./In such cases, each SignerInfo MUST be processed as if it were the only SignerInfo, and the CMS content constraints MUST be met in order for that signature to be considered valid.

13) In this I-D the reference for ASN.1 in '97, but in PKIX/SMIME New ASN.1 it's '02.
2010-05-10
06 Sean Turner [Ballot discuss]
2010-05-08
06 Alexey Melnikov
[Ballot comment]
1.  Introduction

  The CMS SignedData [RFC5652] construct is used to sign many things,
  including cryptographic module firmware packages [ …
[Ballot comment]
1.  Introduction

  The CMS SignedData [RFC5652] construct is used to sign many things,
  including cryptographic module firmware packages [RFC4108] and
  certificate management messages [RFC5272].  Similarly, the CMS
  AuthenticatedData and CMS AuthEnvelopedData constructs provide
  authentication, which can be affiliated with an originator's static
  public key.  CCC information is conveyed via an extension in a

This is the first use of the CCC acronym, so it should be expanded here
(not not 2 pagraphs below).

  certificate or trust anchor object that contains the originator's or
  signer's public key.



Is the extra complexity of having absenceEqualsUnconstrained worth it?
2010-05-08
06 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded by Alexey Melnikov
2010-05-07
06 (System) Removed from agenda for telechat - 2010-05-06
2010-05-04
05 (System) New version available: draft-housley-cms-content-constraints-extn-05.txt
2010-05-03
06 Russ Housley [Ballot Position Update] New position, Recuse, has been recorded by Russ Housley
2010-05-02
06 Alexey Melnikov State Changes to IESG Evaluation - Defer from Waiting for AD Go-Ahead by Alexey Melnikov
2010-04-30
06 Sean Turner
[Ballot comment]
[Updated: fixed #ing of comments and added a new last comment]

Here are my comments on this draft:

1) Sec 1: r/relying parties …
[Ballot comment]
[Updated: fixed #ing of comments and added a new last comment]

Here are my comments on this draft:

1) Sec 1: r/relying parties MUST ensure/relying parties must ensure

2) Sec 1.2: r/The CMS content constraints mechanism can be used to place limits on the use of the subject public key used key used for .../The CMS content constraints mechanism can be used to place limits on the use of the subject public key used for ...

3) Sec 2 AttrType: r/value must be/value MUST be

4) Sec 3.1: r/If unconstrained, the trust anchor must either include/If unconstrained, the trust anchor MUST either include

5) Sec 3.1: r/trust anchor must have/trust anchor MUST have

6) Sec 3.1: r/processing must still be performed/processing MUST still be performed

7) Sec 3.5: r/then constraints must be checked./then constraints MUST be checked.

8) Sec 4.2: may/MAY X2

9) Sec 4.3: r/checking must be performed/checking MUST be performed

10) A.1 (to make it align with the PKIXASN1 import:

OLD:

FROM CryptographicMessageSyntax-2009

NEW:

FROM -- [SMIMEASN1]
    CryptographicMessageSyntax-2009

11) Add a reference (same kind as PKIX) for SMIMEASN1:

[SMIMEASN1] Hoffman, P. and J. Schaad, "New ASN.1 Modules for SMIME", in progress.

12) Sec 4: r/In such cases, each SignerInfo must be processed as if it were the only SignerInfo, and the CMS content constraints must be met in order for that signature to be considered valid./In such cases, each SignerInfo MUST be processed as if it were the only SignerInfo, and the CMS content constraints MUST be met in order for that signature to be considered valid.
2010-04-30
06 Sean Turner
[Ballot discuss]
This is new:

1) References to [PKIXASN1] and [SMIMEASN1] need to normative.  The ASN.1 in these modules is required to implement the module …
[Ballot discuss]
This is new:

1) References to [PKIXASN1] and [SMIMEASN1] need to normative.  The ASN.1 in these modules is required to implement the module found in Annex A.
2010-04-30
06 Sean Turner [Ballot Position Update] Position for Sean Turner has been changed to Discuss from No Objection by Sean Turner
2010-04-27
06 Sean Turner
[Ballot comment]
Here are my comments on this draft:

1) Sec 1: r/relying parties MUST ensure/relying parties must ensure

1) Sec 1.2: r/The CMS content …
[Ballot comment]
Here are my comments on this draft:

1) Sec 1: r/relying parties MUST ensure/relying parties must ensure

1) Sec 1.2: r/The CMS content constraints mechanism can be used to place limits on the use of the subject public key used key used for .../The CMS content constraints mechanism can be used to place limits on the use of the subject public key used for ...

2) Sec 2 AttrType: r/value must be/value MUST be

3) Sec 3.1: r/If unconstrained, the trust anchor must either include/If unconstrained, the trust anchor MUST either include

4) Sec 3.1: r/trust anchor must have/trust anchor MUST have

5) Sec 3.1: r/processing must still be performed/processing MUST still be performed

6) Sec 3.5: r/then constraints must be checked./then constraints MUST be checked.

7) Sec 4.2: may/MAY X2

8) Sec 4.3: r/checking must be performed/checking MUST be performed

9) A.1 (to make it align with the PKIXASN1 import:

OLD:

FROM CryptographicMessageSyntax-2009

NEW:

FROM -- [SMIMEASN1]
    CryptographicMessageSyntax-2009

10) Add a reference (same kind as PKIX) for SMIMEASN1:

[SMIMEASN1] Hoffman, P. and J. Schaad, "New ASN.1 Modules for SMIME", in progress.
2010-04-27
06 Sean Turner [Ballot Position Update] New position, No Objection, has been recorded by Sean Turner
2010-04-26
06 Tim Polk [Ballot Position Update] New position, Yes, has been recorded for Tim Polk
2010-04-26
06 Tim Polk Ballot has been issued by Tim Polk
2010-04-26
06 Tim Polk Created "Approve" ballot
2010-04-26
06 Tim Polk
2010-04-26
06 Tim Polk [Note]: 'Geoff Beier <GBeier@cygnacom.com> is the document shepherd' added by Tim Polk
2010-04-26
06 Tim Polk Placed on agenda for telechat - 2010-05-06 by Tim Polk
2010-04-19
06 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2010-04-16
06 Amanda Baber IANA comments:

As described in the IANA Considerations section, we understand this
document to have NO IANA Actions.
2010-04-15
06 Sam Weiler Request for Last Call review by SECDIR Completed. Reviewer: Paul Hoffman.
2010-03-24
06 Sam Weiler Request for Last Call review by SECDIR is assigned to Paul Hoffman
2010-03-24
06 Sam Weiler Request for Last Call review by SECDIR is assigned to Paul Hoffman
2010-03-22
06 Amy Vezza Last call sent
2010-03-22
06 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2010-03-22
06 Tim Polk Last Call was requested by Tim Polk
2010-03-22
06 (System) Ballot writeup text was added
2010-03-22
06 (System) Last call text was added
2010-03-22
06 (System) Ballot approval text was added
2010-03-22
06 Tim Polk State Changes to Last Call Requested from Publication Requested by Tim Polk
2010-03-22
06 Tim Polk Intended Status has been changed to Proposed Standard from Informational
2010-03-22
06 Tim Polk Note field has been cleared by Tim Polk
2010-03-22
04 (System) New version available: draft-housley-cms-content-constraints-extn-04.txt
2010-03-02
06 Tim Polk Draft Added by Tim Polk in state Publication Requested
2010-02-01
03 (System) New version available: draft-housley-cms-content-constraints-extn-03.txt
2009-10-20
02 (System) New version available: draft-housley-cms-content-constraints-extn-02.txt
2009-09-05
06 (System) Document has expired
2009-03-04
01 (System) New version available: draft-housley-cms-content-constraints-extn-01.txt
2007-10-04
00 (System) New version available: draft-housley-cms-content-constraints-extn-00.txt