Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)
RFC 4056

Note: This ballot was opened for revision 03 and is now closed.

(Russ Housley) Yes

(Harald Alvestrand) No Objection

Comment (2004-02-04)
No email
send info
I didn't see any note about the fact that having 2 signature algorithms creates noninteroperability, which in turn is not good for security in deployment.
But that may be "too obvious to mention".

(Steven Bellovin) No Objection

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ned Freed) No Objection

(Ted Hardie) No Objection

Comment (2004-02-03)
No email
send info
Nit:
--->The generation of RSA private key relies on random numbers

Shouldn't this be "an RSA private key" or "RSA private keys"?

(David Kessens) No Objection

(Allison Mankin) No Objection

(Thomas Narten) No Objection

(Jon Peterson) No Objection

Comment (2004-02-04)
No email
send info
I found the use of attribute names like 'signature' in this document somewhat confusing because they are unquoted. For example, in Section 3, the following paragraph (in its entirety) appears:

   signature contains the single value resulting from the signing 
   operation. 

I assumed this was a typo of the trailing fragment of a sentence, until I understood that this was referring to a 'signature' attribute in CMS SignedData, and hence it was uncapitalized. I'd like to suggest that such terms be quoted in the document.

There's also several places (3 in Section 4)where line wrap or some other editorial process has put line feeds in the middle of paragraphs.

(Bert Wijnen) No Objection

Comment (2004-02-05)
No email
send info
Do we know where the two OIDs listed (in sect 2) have been assigned?
Would it be good to add a ptr to that?

(Alex Zinin) No Objection