Hi Hendrik,
Thank you for addressing my (minor) concerns. The changes are fine with me.
Regards,
Dan
On Wed, May 11, 2022 at 6:15 PM Brockhaus, Hendrik <hendrik.brockhaus@xxxxxxxxxxx> wrote:
Dan
Many thanks for your review. Please find my proposal below.
> Von: Dan Romascanu via Datatracker <noreply@xxxxxxxx>
>
> Ready with nits.
>
> Nits/editorial comments:
>
> 1. It would be useful to provide references for terms at first occurrence. For
> example Section 2 directly mentions OOBCertHash, CertStatus, Challenge,
> PBMParameter, DHBMParameter, etc. without providing a reference.
Theses are ASN.1 values or types specified in RFC 4210 (CMP), RFC 4211 (CRMF), CMP Updates, and RFC 5652 (CMS).
Not to overload the text in the Section 2 to Section 6, I propose to add a paragraph to Section 1.1.
New text:
In the following sections the ASN.1 values and types are listed where
algorithm identifier and output values are provided. Theses ASN.1 values
and types are defined in CMP [RFC4210], CRMF [RFC4211],
CMP Updates [I-D.ietf-lamps-cmp-updates], or CMS [RFC5652].
>
> 2. Section 2.2 - provide reference for X.509 at first occurrence (probably
> [RFC4210])
Old text:
The SHA-3 family of hash functions is defined in FIPS Pub 202
[NIST.FIPS.202] and includes fixed output length variants SHA3-224,
SHA3-256, SHA3-384, and SHA3-512, as well as extendable-output
functions (SHAKEs) SHAKE128 and SHAKE256. Currently SHAKE128 and
SHAKE256 are the only members of the SHA3-family which are specified
for use in X.509 and PKIX [RFC8692], and CMS [RFC8702] as one-way
hash function for use with RSASSA-PSS and ECDSA as one-way hash
function for use with RSASSA-PSS and ECDSA.
New text:
The SHA-3 family of hash functions is defined in FIPS Pub 202
[NIST.FIPS.202] and includes fixed output length variants SHA3-224,
SHA3-256, SHA3-384, and SHA3-512, as well as extendable-output
functions (SHAKEs) SHAKE128 and SHAKE256. Currently SHAKE128 and
SHAKE256 are the only members of the SHA3-family which are specified
for use in X.509 certificates [RFC8692] and CMS [RFC8702] as one-way
hash function for use with RSASSA-PSS and ECDSA.
>
> 3. For clarity and in order to avoid confusions it would be useful to expand MAC
I extended 'MAC' to 'message authentication code (MAC)' in its first occurrence in Sections 4.4, 6, 6.1, and 6.2.
>
> 4. For clarity it would be useful to position Table 3 to start at top of the page to
> avoid split at printing
I will try doing it with the next update. I have to look it up how to do this using xml2rfc :-)
Does these changes sufficiently address your comment?
Hendrik
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
