Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
RFC 5990

Note: This ballot was opened for revision 13 and is now closed.

Lars Eggert (was Discuss) No Objection

(Pasi Eronen; former steering group member) Discuss

Discuss [Treat as non-blocking comment] (2010-03-10 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
I have reviewed draft-ietf-smime-cms-rsa-kem-12, and have couple of
small concern that I'd like to discuss before recommending approval of
the document:

- It looks like the ASN.1 is not fully aligned with 18033-2 and X9.44.
I might be misinterpreting this, but to me it looks like 18033-2 and
X9.44 would use OID "id-ac-generic-hybrid" (instead of id-rsa-kem) as
the "top-level OID", and id-kem-rsa would be found in
GenericHybridParameters.kem structure.

(The OID id-rsa-kem doesn't seem to occur in 18033-2/X9.44 at all?
And BTW, it's *very* confusing to have two different OIDs named
id-rsa-kem and id-kem-rsa.)

- Section 2.1, "KDF3 (see [IEEE-P1363a])": IEEE 1363a-2004 doesn't
have KDF3; it does, however, define KDF2. Should this be KDF2, or
should the reference point to X9.44?

- It looks like ANS-9.44 needs to be normative references, since you
need the KDF to implement this.

(Cullen Jennings; former steering group member) Yes

Yes (2010-03-10 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Thanks for the examples in the back. I know they helped at least one implementor.

(Tim Polk; former steering group member) Yes

Yes ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Adrian Farrel; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Alexey Melnikov; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Dan Romascanu; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Lisa Dusseault; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Magnus Westerlund; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Peter Saint-Andre; former steering group member) No Objection

No Objection (2010-06-08)
No email
send info
1. In Section 1, the text "specified the of different object identifier" is missing a word (I assume "use" between "the" and "of").

2. In Section 2.4, this text is potentially confusing:

   The intended application for the key MAY be indicated in the key
   usage certificate extension (see [PROFILE], Section 4.2.1.3). If the
   keyUsage extension is present in a certificate that conveys an RSA
   public key with the id-rsa-kem object identifier as discussed above,
   then the key usage extension MUST contain the following value:

       keyEncipherment.

Is the indented text meant to be "keyEncipherment" (without the period) instead of "keyEncipherment." (with the period)?

(Ralph Droms; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Robert Sparks; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Ron Bonica; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Ross Callon; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Russ Housley; former steering group member) (was Discuss, Yes, Discuss) No Objection

No Objection (2010-03-09)
No email
send info

(Sean Turner; former steering group member) Recuse

Recuse ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info