[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PKCS#7 in PKIX-3
Hi All,
Given that we want to get another issue of PKIX-3 produced this month, I need
to decide what to write about protection bits this week.
I propose the following:
1. We keep the current protection bits definition and add text mandating
support for these for some specific algorithm(s). That is,
conforming implementations must be able to handle PKI messages which
are protected using the specified algorithm(s) with the bits carried in
the protectionBits field.
2. We add text highlighting the fact that, where available, any other
(external) protection mechamism (e.g. S/MIME) may equally be used to
protect PKI messages. (Probably the current text gives the impression
that omitting the protection bits means that there is no protection.)
In short, we mandate the ability to use the protection bits but
do not mandate that every (or indeed, any) protected PKI message use the
protection bits.
The above allows us to produce a specificiation which supports interop (at
least at the level of message protection) between any pair of implementations
but which also leaves open the question as to what protection mechanisms are
suitable for a given environment.
In the absence of further discussion (optimism:-) this is what I'll
put in the next draft.
Regards,
Stephen.
--
==========================================================================
Stephen FARRELL.......................................tel: +353-1-676 9089
Software and Systems Engineering Ltd..................fax: +353-1-676 7984
Fitzwilliam Court............................email: stephen.farrell@sse.ie
Leeson Close.....X.400: /c=ie/a=eirmail400/p=sse/o=sse/s=farrell/g=stephen
Dublin 2...........................................www: http://www.sse.ie/
IRELAND................................................"A Siemens Company"
==========================================================================