There are obvious errors (intentionnaly left by the editor
in order to know how many people read the document).
On page 1:
The message digest algorithms are defined in and [SHS].
^^^
Also in section 2.4:
2.4. SHA-512
The SHA-256 message digest algorithm is defined in [SHS].
whereas it should be:
2.4. SHA-512
The SHA-512 message digest algorithm is defined in [SHS].
It would be valuable to explain why DSA cannot be used
with SHA-384 and SHA-512.
In addition, it is not acceptable to reference in the *normative*
references "work in progess", i.e.[ECCADD].
The same applies for [SHS]. The text states:
NOTE [to be removed upon publication as an RFC]: NIST has not yet
finalized FIPS 186-3 and there is a chance that the draft may be
changed. This may result in differences between what is documented
in the current version of this document and what is in the FIPS. It
is intended to synchronize the final version of this draft with the
FIPS before publication as an RFC.
There is a more substantive comment on the first paragraph of section 1.
The text states:
If an implementation chooses to support one of the algorithms
discussed in this document, then the implementation MUST do so as
described in this document.
I believe the text should be:
If an implementation chooses to support one of the algorithms
discussed in this document, then the implementation MUST do so as
described in [SHS].
A small discussion in the security considerations section on the advantages
(in particular in terms of performances versus security) of using one or
another function from the SHA2 family would be helpful.
While I welcome this draft, everybody should take into consideration that,
if the SHA2 family happens to be broken then we will be at risk.
This should be mentioned into the security considerations section.
The NESSIE program has evaluated with succces the WHIRLPOOL algorithm.
WHIRLPOOL would be a good substitute to SHA-512 and I would encourage
that "someone" drafts an RFC to specify OIDs for using WHIRLPOOL with CMS.
Denis
>The IESG has received a request from the S/MIME Mail Security WG (smime)
>to consider the following document:
>
>- 'Using SHA2 Algorithms with Cryptographic Message Syntax '
> <draft-ietf-smime-sha2-03.txt> as a Proposed Standard
>
>The IESG plans to make a decision in the next few weeks, and solicits
>final comments on this action. Please send substantive comments to the
>ietf@xxxxxxxx mailing lists by 2008-03-07. Exceptionally,
>comments may be sent to iesg@xxxxxxxx instead. In either case, please
>retain the beginning of the Subject line to allow automated sorting.
>
>The file can be obtained via
>http://www.ietf.org/internet-drafts/draft-ietf-smime-sha2-03.txt
>
>
>IESG discussion can be tracked via
>https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16033&rfc_flag=0
>
>
Regards,
Denis Pinkas
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf