Dhruv:Thanks for taking my comments into consideration. Snipping directly to..
- It is unusual to mention a draft name in the abstract. Perhaps change that to RFC XXXX and add a note to the RFC editor that XXXX should be replaced with the RFC# assigned to the draft.
Yes. That document is already in the RFC Editor's queue. It will have an RFC number before this document is published.
Dhruv: I like the practice of using RFC XXXX with the RFC editor note. Something like -- "...KEMRecipientInfo as specified in RFC XXXX." "RFC Editor Note: Please replace XXXX with the RFC number allocated to draft-ietf-lamps-cms-kemri and remove this note".
I see. I'll do a PR for that.
- Throughout the I-D there are various MUST conditions, it is unsure to me what happens when those conditions are not met.
Some of the MUST statements are needed to properly implement RSA-KEM. One has implemented a different (probably less secure) algorithm if the MUST statements are not follow, especially these:
The RSA-KEM Algorithm provides a fixed-length ciphertext. The recipient MUST check that the received byte string is the expected length and the expected length and corresponds to an integer in the expected range prior to attempting decryption with their RSA private key as described in Steps 1 and 2 of Appendix A.2.
Dhruv: I understand that, I was wondering if there is any existing reference that one could point to say that the error handling is as per existing RFCs? Feel free to ignore the comment if it doesn't make sense, you are the expert :)
I cannot think of anything to reference here.
- Section A.1, step 2 - "Encrypt the random integer Z..."; shouldn't this be z instead of Z. I see RFC 5099 used z. Why was that changed?
RFC 5990 uses both z and Z.
Z = IntegerToString (z, nLen)
Dhruv: I understood that lowercase z is the integer, whereas Z is the string and since the text uses "random integer", I thought this ought to be z instead of Z. Am I wrong?
In RFC 5990, you do math on z (e.g., c = z^e mod n). I believe the same is true in rfc5990bis (e.g., z = ct^d mod n).
Russ
|
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call