Skip to main content

Last Call Review of draft-ietf-smime-cms-rsa-kem-
review-ietf-smime-cms-rsa-kem-secdir-lc-kent-2009-12-18-00

Request Review of draft-ietf-smime-cms-rsa-kem
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-01-07
Requested 2009-12-11
Authors John Brainard , Burt Kaliski , Sean Turner , James Randall
I-D last updated 2009-12-18
Completed reviews Secdir Last Call review of -?? by Stephen Kent
Secdir Last Call review of -?? by Stephen Kent
Assignment Reviewer Stephen Kent
State Completed
Request Last Call review on draft-ietf-smime-cms-rsa-kem by Security Area Directorate Assigned
Completed 2009-12-18
review-ietf-smime-cms-rsa-kem-secdir-lc-kent-2009-12-18-00
I reviewed version 05 of this I-D in July of 2008.  The current version is 10.

My original reviewed cited only a two major concerns:



	- the previous version was ambiguous about support for 


Camella. This version clarifies this issue, making support for 


Camellia a SHOULD.






	- the pervious version called for using an algorithm ID (with 


very complex parameters) in a cert to signal when a message recipient 


requires use of RSA-KEM. The authors addressed this concern in 


Section 2.3 (and Appendix B), by stating that these parameters MUST 


be absent when this OID is used in a cert in this context.






I have corresponded with Sean and he suggested that he could provide 


more explicit words re the fact that the parameters MUST be omitted 


when the algorithm OID appears in the SubjectPublicKey field of a 


cert. I encourage Sean to include this additional text.




Steve