- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Wed, 27 Nov 2002 13:36:18 -0500
- To: Joseph Reagle <reagle@w3.org>
- Cc: Donald Eastlake <dee3@torque.pothole.com>, <xml-encryption@w3.org>
My own suggestion, for whatever it's worth, is that we remove the
reference to CMS-AES from section 5.4 and add a reference to either RFC
3394 or AES-WRAP (see the bibliography within RFC 3394) to section 5.6.2.
Does anybody know of any text within 5.4 that came from CMS-AES instead of
from RFC 2437 or some other version of PKCS#1?
Tom Gindin
Joseph Reagle <reagle@w3.org> on 11/27/2002 11:49:44 AM
To: Tom Gindin/Watson/IBM@IBMUS, Donald Eastlake
<dee3@torque.pothole.com>
cc: <xml-encryption@w3.org>
Subject: Re: Editorial Details before publishing REC
On Tuesday 26 November 2002 05:09 pm, Tom Gindin wrote:
> On the other hand, CMS-AES draft 5 makes no reference to RSA#1 v1.5
> until the security considerations section, and IMHO there seems to be
> little point in using it as an intermediate reference instead of going
> straight to the stable RFC 2437. You could say that the two RSA variants
> are the ones which have been used for key transport in documents of the
> CMS series, of course.
Honestly, I'm somewhat confused by this on further investigation.
5.4 Key Transport
The Key Transport algorithms given below are those used in
conjunction with the Cryptographic Message Syntax (CMS) of
S/MIME [CMS-Algorithms, CMS-AES]. (These specifications are
still works in progress so we include those parts of their
present specification within this document as the
normative specification.)
But is this section actually profiling these specs? "5.6.2 CMS Triple DES
Key Wrap" has a profile CMS-Algorithms. However, the only mention of
CMS-AES is in the text above, and in the bibliography...?
Received on Wednesday, 27 November 2002 13:37:17 UTC