Last Call Review of draft-ietf-smime-cms-rsa-kem-
review-ietf-smime-cms-rsa-kem-secdir-lc-kent-2009-12-18-00
Request | Review of | draft-ietf-smime-cms-rsa-kem |
---|---|---|
Requested revision | No specific revision (document currently at 13) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2010-01-07 | |
Requested | 2009-12-11 | |
Authors | John Brainard , Burt Kaliski , Sean Turner , James Randall | |
I-D last updated | 2009-12-18 | |
Completed reviews |
Secdir Last Call review of -?? by Stephen Kent
Secdir Last Call review of -?? by Stephen Kent |
|
Assignment | Reviewer | Stephen Kent |
State | Completed | |
Request | Last Call review on draft-ietf-smime-cms-rsa-kem by Security Area Directorate Assigned | |
Completed | 2009-12-18 |
review-ietf-smime-cms-rsa-kem-secdir-lc-kent-2009-12-18-00
I reviewed version 05 of this I-D in July of 2008. The current version is 10. My original reviewed cited only a two major concerns: - the previous version was ambiguous about support for Camella. This version clarifies this issue, making support for Camellia a SHOULD. - the pervious version called for using an algorithm ID (with very complex parameters) in a cert to signal when a message recipient requires use of RSA-KEM. The authors addressed this concern in Section 2.3 (and Appendix B), by stating that these parameters MUST be absent when this OID is used in a cert in this context. I have corresponded with Sean and he suggested that he could provide more explicit words re the fact that the parameters MUST be omitted when the algorithm OID appears in the SubjectPublicKey field of a cert. I encourage Sean to include this additional text. Steve