[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: comments on draft-ietf-smime-examples-08.txt

To: "'Yves Duhem'" <axaxaxas@xxxxxxxxxxxx>, "'ietf-smime-examples'" <ietf-smime-examples@xxxxxxx>
Subject: RE: comments on draft-ietf-smime-examples-08.txt
From: "Blake Ramsdell" <blake@xxxxxxxxxxxxxxxxxx>
Date: Thu, 31 Oct 2002 03:14:00 -0800
Importance: Normal
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime-examples/mail-archive/>
List-id: <ietf-smime-examples.imc.org>
List-unsubscribe: <mailto:ietf-smime-examples-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime-examples@xxxxxxxxxxxx

> -----Original Message-----
> From: owner-ietf-smime-examples@xxxxxxxxxxxx 
> [mailto:owner-ietf-smime-examples@xxxxxxxxxxxx] On Behalf Of 
> Yves Duhem
> Sent: Tuesday, October 01, 2002 7:56 AM
> To: ietf-smime-examples
> Subject: comments on draft-ietf-smime-examples-08.txt
> 
> I have have done a few tests on the CMS S/MIME examples and found
> some problems :
> -the old OID "1.3.14.3.2.29" for SHA1withRSA is used in Alice's RSA 
> certificate (AliceRSASignByCarl.cer) instead of 
> "1.2.840.113549.1.1.5" 
> (which is the one given in the ASN.1 description).

Agree.  This is significant and must be fixed.

> -the SubjectKeyIdentifier in the example 5.7 is 20 octets long while
> in the corresponding certificate the extension's value is 22 
> octets long
> (the first two octets are missing).

I believe that you have incorrectly extracted the SubjectKeyIdentifier
from the certificate.  The SubjectKeyIdentifier in the certificate is 20
bytes long -- please remember that you must remove a second layer of
OCTET STRING to get to the juicy center (the extension value is encoded
as an OCTET STRING, and the KeyIdentifier type is also an OCTET STRING).

> -the S/MIME examples have a <CR> end of line whereas it 
> should have been 
>   <CR><LF>

An updated 5.8.eml and 5.9.eml have been created, but I believe that
this is an outstanding issue for 6.8.eml.  This is not a cryptographic
change, so just changing the EOL characters to CRLF is sufficient.

Side note (Paul) -- the timezone is a bit nutty (-0360) in 6.8.eml.

> -the 5.9 S/MIME example have a protocol parameter in its Content-Type 
> header with a value of application/pkcs7-signature instead of 
> "application/pkcs7-signature" (and this parameter does not 
> appear in the
> description of the example, only in the base64)

5.9.eml is in the process of being fixed.

> -the descriptions often do not match the examples.

This is being worked on also.

Thanks for the comments...

Blake

References:
- comments on draft-ietf-smime-examples-08.txt
  - From: Yves Duhem

Prev by Date: comments on draft-ietf-smime-examples-08.txt
Next by Date: Fwd: I-D ACTION:draft-ietf-smime-examples-09.txt
Previous by thread: comments on draft-ietf-smime-examples-08.txt
Next by thread: Fwd: I-D ACTION:draft-ietf-smime-examples-09.txt
Index(es):
- Date
- Thread