[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt

To: "Sean P. Turner" <turners@xxxxxxxx>, "'Blake Ramsdell'" <blaker@xxxxxxxxx>
Subject: RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt
From: "Jim Schaad" <ietf@xxxxxxxxxxxxxxxxx>
Date: Mon, 28 Jul 2008 14:43:00 +0100
Cc: <ietf-smime@xxxxxxx>
In-reply-to: <20080701003001.D4EE13A6B29@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
References: <20080701003001.D4EE13A6B29@xxxxxxxxxxxxxx>
Sender: owner-ietf-smime@xxxxxxxxxxxx
Thread-index: AcjbEh1yJ7+xsRIzTQOZzEodyEmkBgVpUNrQ

Comments on the draft.

In section 4.4.3, I find the following text confusing:

End-entity certificates contain an extension that 
   constrains the certificate from being an issuing authority 
   certificate (see Section 4.4.2). 


I believe that this text might be better as it clarifies what is being
stated.  I.e. it is not the fact that basic constraints is being used which
actually does the mentioned constraint.


End-entity certificates contain the Key Usage extension which restraints the
end-entity from using the key to perform issuing authority operations (see
4.4.4)

Also the previous comment (on 3851bis) on key sizes > 4096 should be applied
to this document

jim

> -----Original Message-----
> From: owner-ietf-smime@xxxxxxxxxxxx [mailto:owner-ietf-
> smime@xxxxxxxxxxxx] On Behalf Of Internet-Drafts@xxxxxxxx
> Sent: Tuesday, July 01, 2008 1:30 AM
> To: i-d-announce@xxxxxxxx
> Cc: ietf-smime@xxxxxxx
> Subject: I-D ACTION:draft-ietf-smime-3850bis-04.txt
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the S/MIME Mail Security Working Group of
> the IETF.
> 
> 	Title		: Secure/Multipurpose Internet Mail Extensions
> (S/MIME) Version 3.2 Certificate Handling
> 	Author(s)	: S. Turner, B. Ramsdell
> 	Filename	: draft-ietf-smime-3850bis-04.txt
> 	Pages		: 20
> 	Date		: 2008-6-30
> 
> This document specifies conventions for X.509 certificate usage by
>    Secure/Multipurpose Internet Mail Extensions (S/MIME) agents.
> S/MIME
>    provides a method to send and receive secure MIME messages, and
>    certificates are an integral part of S/MIME agent processing.
> S/MIME agents validate certificates as described in RFC 3280bis, the
>    Internet X.509 Public Key Infrastructure Certificate and CRL
> Profile.
>    S/MIME agents must meet the certificate processing requirements in
>    this document as well as those in RFC 3280bis. This document
>    obsoletes RFC 3850.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-smime-3850bis-04.txt
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.

Follow-Ups:
- RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt
  - From: Paul Hoffman
- RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt
  - From: Turner, Sean P.
- RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt
  - From: Jim Schaad

References:
- I-D ACTION:draft-ietf-smime-3850bis-04.txt
  - From: Internet-Drafts

Prev by Date: RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt
Next by Date: RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt
Previous by thread: I-D ACTION:draft-ietf-smime-3850bis-04.txt
Next by thread: RE: I-D ACTION:draft-ietf-smime-3850bis-04.txt
Index(es):
- Date
- Thread