Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)
RFC 4056

Note: This ballot was opened for revision 03 and is now closed.

(Russ Housley; former steering group member) Yes

Yes ()
No email
send info

(Alex Zinin; former steering group member) No Objection

No Objection ()
No email
send info

(Allison Mankin; former steering group member) No Objection

No Objection ()
No email
send info

(Bert Wijnen; former steering group member) No Objection

No Objection (2004-02-05)
No email
send info
Do we know where the two OIDs listed (in sect 2) have been assigned?
Would it be good to add a ptr to that?

(Bill Fenner; former steering group member) No Objection

No Objection ()
No email
send info

(David Kessens; former steering group member) No Objection

No Objection ()
No email
send info

(Harald Alvestrand; former steering group member) No Objection

No Objection (2004-02-04)
No email
send info
I didn't see any note about the fact that having 2 signature algorithms creates noninteroperability, which in turn is not good for security in deployment.
But that may be "too obvious to mention".

(Jon Peterson; former steering group member) No Objection

No Objection (2004-02-04)
No email
send info
I found the use of attribute names like 'signature' in this document somewhat confusing because they are unquoted. For example, in Section 3, the following paragraph (in its entirety) appears:

   signature contains the single value resulting from the signing 
   operation. 

I assumed this was a typo of the trailing fragment of a sentence, until I understood that this was referring to a 'signature' attribute in CMS SignedData, and hence it was uncapitalized. I'd like to suggest that such terms be quoted in the document.

There's also several places (3 in Section 4)where line wrap or some other editorial process has put line feeds in the middle of paragraphs.

(Margaret Cullen; former steering group member) No Objection

No Objection ()
No email
send info

(Ned Freed; former steering group member) No Objection

No Objection ()
No email
send info

(Steven Bellovin; former steering group member) No Objection

No Objection ()
No email
send info

(Ted Hardie; former steering group member) No Objection

No Objection (2004-02-03)
No email
send info
Nit:
--->The generation of RSA private key relies on random numbers

Shouldn't this be "an RSA private key" or "RSA private keys"?

(Thomas Narten; former steering group member) No Objection

No Objection ()
No email
send info