Re: Editorial Details before publishing REC from Donald Eastlake 3rd on 2002-12-03 (xml-encryption@w3.org from December 2002)

From: Donald Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 3 Dec 2002 08:17:43 -0500 (EST)
To: Tom Gindin <tgindin@us.ibm.com>
Cc: Joseph Reagle <reagle@w3.org>, <xml-encryption@w3.org>
Message-ID: <Pine.LNX.4.44.0212030815450.11792-100000@netbusters.com>

I think RFCs are easier to access and more permanent. The AES Wrap 
reference form RFC 3394 is just to a URL, not even a FIPS, and NIST URLs 
have proven unstable. Referenceing RFC 3394 is better.

Thanks,
Donald

On Wed, 27 Nov 2002, Tom Gindin wrote:

> Date: Wed, 27 Nov 2002 13:36:18 -0500
> From: Tom Gindin <tgindin@us.ibm.com>
> To: Joseph Reagle <reagle@w3.org>
> Cc: Donald Eastlake <dee3@torque.pothole.com>, xml-encryption@w3.org
> Subject: Re: Editorial Details before publishing REC
> 
> 
>       My own suggestion, for whatever it's worth, is that we remove the
> reference to CMS-AES from section 5.4 and add a reference to either RFC
> 3394 or AES-WRAP (see the bibliography within RFC 3394) to section 5.6.2.
> Does anybody know of any text within 5.4 that came from CMS-AES instead of
> from RFC 2437 or some other version of PKCS#1?
> 
>             Tom Gindin
> 
> Joseph Reagle <reagle@w3.org> on 11/27/2002 11:49:44 AM
> 
> To:    Tom Gindin/Watson/IBM@IBMUS, Donald Eastlake
>        <dee3@torque.pothole.com>
> cc:    <xml-encryption@w3.org>
> Subject:    Re: Editorial Details before publishing REC
> 
> 
> On Tuesday 26 November 2002 05:09 pm, Tom Gindin wrote:
> >       On the other hand, CMS-AES draft 5 makes no reference to RSA#1 v1.5
> > until the security considerations section, and IMHO there seems to be
> > little point in using it as an intermediate reference instead of going
> > straight to the stable RFC 2437.  You could say that the two RSA variants
> > are the ones which have been used for key transport in documents of the
> > CMS series, of course.
> 
> Honestly, I'm somewhat confused by this on further investigation.
> 
>   5.4 Key Transport
>   The Key Transport algorithms given below are those used in
>   conjunction with the Cryptographic Message Syntax (CMS) of
>   S/MIME [CMS-Algorithms, CMS-AES]. (These specifications are
>   still works in progress so we include those parts of their
>   present specification within this document as the
>   normative specification.)
> 
> But is this section actually profiling these specs? "5.6.2 CMS Triple DES
> Key Wrap" has a profile CMS-Algorithms. However, the only mention of
> CMS-AES is in the text above, and in the bibliography...?
> 
> 
> 
> 
> 
> 

-- 
======================================================================
 Donald E. Eastlake 3rd                       dee3@torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake@motorola.com

Received on Tuesday, 3 December 2002 08:17:47 UTC