Re: Evaluation: draft-ietf-impp-im - Common Profile for InstantMessaging (CPIM)

[hardie@qualcomm.com]

> Beyond that, it isn't clear to me that they've said enough about how to
> use CMS and S/MIME.  There are lots of possible options and variations;
> I don't know that all are useful or correct here.  That's where I want
> to defer to Russ.
A portion of this discussion came up in response to a review by
Sam Hartman.  Sam raised two issues:  how a certificate was checked
to be sure that it matched an instant inbox or presence.  After discussion
with Jon, it was agreed that text was needed to explain how a certificate
would store the im: URI or pres: URI (subjectAltName was the proposal,
I believe). Jon said he would provide that text as part of the update post-IESG
review.  The other question was whether the draft listed a
mandatory algorithm for CMS.  The resolution there was that the
draft authors would have preferred AES, but given that it was not
at the time standardized, the draft inherited the defaults of CMS and
S/MIME.  The other issue there was that supporting AES instead of
3DES was likely to lead to problems with some existing S/MIME
stacks and supporting both looked problematic in different ways.

After pointers to the text in the draft, Sam was convinced that it was
sufficiently specified.  I did contact Russ during this exchange, but he
was in the middle of heading off for vacation, so we traded voice mails
but did not speak in person.