Last Call Review of draft-schaad-smime-algorithm-attribute-
review-schaad-smime-algorithm-attribute-secdir-lc-wallace-2011-01-10-00

Request Review of draft-schaad-smime-algorithm-attribute
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-01-18
Requested 2010-12-16
Authors Jim Schaad
Draft last updated 2011-01-10
Completed reviews Secdir Last Call review of -?? by Carl Wallace
Assignment Reviewer Carl Wallace 
State Completed
Review review-schaad-smime-algorithm-attribute-secdir-lc-wallace-2011-01-10
Review completed: 2011-01-10

Review
review-schaad-smime-algorithm-attribute-secdir-lc-wallace-2011-01-10

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document looks good to me.  I have a few minor comments and
editorial suggestions.

For consistency, I suggest the definitions of the signatureAlgorithm and
macAlgorithm fields refer to the corresponding fields in SignerInfo and
AuthenticatedData similar to the description of the digestAlgorithm
field, i.e., refer to SignerInfo.signatureAlgorithm and
AuthenticatedData.macAlgorithm.  

Though it doesn't really matter, given the requirement for one of
signatureAlgorithm or macAlgorithm to be present, why not use a CHOICE
and force the issue?

In 3.2, change signature validation to MAC verification.