At Wed, 18 Jan 2017 10:17:00 -0800, Kathleen Moriarty wrote: ... > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > As for Alissa's comment on transport, more language added to the Security > Considerations section would be helpful to explain why the CMS signature > is sufficient. I am assuming that the only exposure would be to public > information during transport that is protected from tampering, unless I > missed something in reading the draft (I don't think you are transferring > private keys and didn't see that in the text).
Correct, no private keys in flight here. Everything being transferred is a signed object intended for public consumption. Will try to come up with something for security considerations (I would say "suggestions welcome" but I think you just did...). _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr