Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
RFC 5990
Note: This ballot was opened for revision 13 and is now closed.
(Pasi Eronen) Discuss
Discuss (2010-03-10 for -)
I have reviewed draft-ietf-smime-cms-rsa-kem-12, and have couple of small concern that I'd like to discuss before recommending approval of the document: - It looks like the ASN.1 is not fully aligned with 18033-2 and X9.44. I might be misinterpreting this, but to me it looks like 18033-2 and X9.44 would use OID "id-ac-generic-hybrid" (instead of id-rsa-kem) as the "top-level OID", and id-kem-rsa would be found in GenericHybridParameters.kem structure. (The OID id-rsa-kem doesn't seem to occur in 18033-2/X9.44 at all? And BTW, it's *very* confusing to have two different OIDs named id-rsa-kem and id-kem-rsa.) - Section 2.1, "KDF3 (see [IEEE-P1363a])": IEEE 1363a-2004 doesn't have KDF3; it does, however, define KDF2. Should this be KDF2, or should the reference point to X9.44? - It looks like ANS-9.44 needs to be normative references, since you need the KDF to implement this.
Comment (2010-03-10 for -)
No email
send info
send info
Typo: A.2, "public key n,e)" -> "public key (n,e)"
(Cullen Jennings) Yes
Comment (2010-03-10 for -)
No email
send info
send info
Thanks for the examples in the back. I know they helped at least one implementor.
(Tim Polk) Yes
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Ralph Droms) No Objection
(Lisa Dusseault) No Objection
(Lars Eggert) (was Discuss) No Objection
(Adrian Farrel) No Objection
(Russ Housley) (was Discuss, Yes, Discuss) No Objection
(Alexey Melnikov) No Objection
(Dan Romascanu) No Objection
(Peter Saint-Andre) No Objection
Comment (2010-06-08)
No email
send info
send info
1. In Section 1, the text "specified the of different object identifier" is missing a word (I assume "use" between "the" and "of"). 2. In Section 2.4, this text is potentially confusing: The intended application for the key MAY be indicated in the key usage certificate extension (see [PROFILE], Section 4.2.1.3). If the keyUsage extension is present in a certificate that conveys an RSA public key with the id-rsa-kem object identifier as discussed above, then the key usage extension MUST contain the following value: keyEncipherment. Is the indented text meant to be "keyEncipherment" (without the period) instead of "keyEncipherment." (with the period)?