Skip to main content

Last Call Review of draft-ietf-smime-cms-rsa-kem-

Request Review of draft-ietf-smime-cms-rsa-kem
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-01-07
Requested 2009-12-11
Authors John Brainard , Burt Kaliski , Sean Turner , James Randall
Draft last updated 2009-12-18
Completed reviews Secdir Last Call review of -?? by Stephen Kent
Secdir Last Call review of -?? by Stephen Kent
Assignment Reviewer Stephen Kent
State Completed
Review review-ietf-smime-cms-rsa-kem-secdir-lc-kent-2009-12-18
Completed 2009-12-18
I reviewed version 05 of this I-D in July of 2008.  The current version is 10.

My original reviewed cited only a two major concerns:

	- the previous version was ambiguous about support for 

Camella. This version clarifies this issue, making support for 

Camellia a SHOULD.

	- the pervious version called for using an algorithm ID (with 

very complex parameters) in a cert to signal when a message recipient 

requires use of RSA-KEM. The authors addressed this concern in 

Section 2.3 (and Appendix B), by stating that these parameters MUST 

be absent when this OID is used in a cert in this context.

I have corresponded with Sean and he suggested that he could provide 

more explicit words re the fact that the parameters MUST be omitted 

when the algorithm OID appears in the SubjectPublicKey field of a 

cert. I encourage Sean to include this additional text.