- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Wed, 27 Nov 2002 13:36:18 -0500
- To: Joseph Reagle <reagle@w3.org>
- Cc: Donald Eastlake <dee3@torque.pothole.com>, <xml-encryption@w3.org>
My own suggestion, for whatever it's worth, is that we remove the reference to CMS-AES from section 5.4 and add a reference to either RFC 3394 or AES-WRAP (see the bibliography within RFC 3394) to section 5.6.2. Does anybody know of any text within 5.4 that came from CMS-AES instead of from RFC 2437 or some other version of PKCS#1? Tom Gindin Joseph Reagle <reagle@w3.org> on 11/27/2002 11:49:44 AM To: Tom Gindin/Watson/IBM@IBMUS, Donald Eastlake <dee3@torque.pothole.com> cc: <xml-encryption@w3.org> Subject: Re: Editorial Details before publishing REC On Tuesday 26 November 2002 05:09 pm, Tom Gindin wrote: > On the other hand, CMS-AES draft 5 makes no reference to RSA#1 v1.5 > until the security considerations section, and IMHO there seems to be > little point in using it as an intermediate reference instead of going > straight to the stable RFC 2437. You could say that the two RSA variants > are the ones which have been used for key transport in documents of the > CMS series, of course. Honestly, I'm somewhat confused by this on further investigation. 5.4 Key Transport The Key Transport algorithms given below are those used in conjunction with the Cryptographic Message Syntax (CMS) of S/MIME [CMS-Algorithms, CMS-AES]. (These specifications are still works in progress so we include those parts of their present specification within this document as the normative specification.) But is this section actually profiling these specs? "5.6.2 CMS Triple DES Key Wrap" has a profile CMS-Algorithms. However, the only mention of CMS-AES is in the text above, and in the bibliography...?
Received on Wednesday, 27 November 2002 13:37:17 UTC