Gen-art review of draft-ietf-smime-multisig-04.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
_http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html_).

Please resolve these comments along with any other Last Call comments
you may receive.


Document: draft-ietf-smime-multisig-04.txt
Reviewer: Elwyn Davies
Review Date: 7 March 2008
IETF LC End Date: 7 March 2008
IESG Telechat date: (if known)

Summary:
Mostly fine except for a piece of unclear specification noted below and 
a few editorial nits.
Caveat: I am not a security expert and this should not be taken as an 
endorsement of the security competence of the proposal.

Comments:
s3:  The first part of the specification for MultipleSignatures is :

>    The fields in MultipleSignatures have the following meaning:
>
>      - bodyHashAlg includes the digest algorithmIdentifier for the
>      referenced multiple-signatures attribute.
>
>      - signAlg includes the signature algorithmIdentifier for the
>      referenced multiple-signatures attribute.
>
I am confused by the use of 'includes' here: Do these specs imply that 
the values of these fields are comma separated lists of all relevant alg 
identifiers for the signatures?  An example with three signatures might 
clarify what is going on, but the spec should be clarified in any case, 
I think (but I may just not be sufficiently knowledgable about this sort 
of spec).
 

Editorial:
idnits reports a clean bill of health.

Abstract: Expand CMS acronym.

s5: s/in a singled/in a single/

s5.2: s/the rquire application/the required application/

s5.3, para 5: The first sentence
>
> If signatures are added for the support of [ESS] features, then the
>    fact that an outer layer signature can be treated as a non-
>    significant failure.
>
does not parse.  Probably missing 'is invalid' or some such relating to 
outer layer signature.


Appendix B: 'hashes CMS'??? Does not parse!

B.1: s/is needed/are needed/

B.2 1/a/ii: s/Reistance/Resistance/

B.2 1/c/iii: s/success/successful/

B.2 2: Expand DER acronym.

B.2: is not normative but uses SHOULD NOT.

B.2 (2nd para on p18): s/that the attack/than the attack/



_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]