I have no concerns with the updating the IANA registrations to point to 
draft-ietf-anima-rfc8366bis.

I think the document should contain a reference to ITU-T X.680 to define object 
identifier.

I think that the first paragraph of Section 7.1 should contain something like 
this:

   An object identifier (OID) [[ITU-T.X680] for JSON-encoded Voucher Data
   is allocated in Section 12.4.  This OID ia placed in the 'eContentType' field
   in the EncapsulatedContentInfo:

      id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
           us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }

      id-ct OBJECT IDENTIFIER ::= { id-smime 1 }

      id-ct-animaJSONVoucher OBJECT IDENTIFIER ::= { id-ct 40 }

In some places, the document uses PKCS#7, and in other places it uses PKCS7.  
They should be consistent.  I wonder if just using CMS in all cases would be 
better.

Section 7.1 of the document could be a bit more clear. A CMS-signed structure 
would be:

      ContentInfo {
        contentType          id-signedData, -- (1.2.840.113549.1.7.2)
        content              SignedData
      }

      SignedData {
        version              CMSVersion, -- always set to 3
        digestAlgorithms     DigestAlgorithmIdentifiers, -- Only one
        encapContentInfo     EncapsulatedContentInfo,
        certificates         CertificateSet, -- Signer cert. path
        crls                 CertificateRevocationLists, -- Optional
        signerInfos          SET OF SignerInfo -- Only one
      }

      SignerInfo {
        version              CMSVersion, -- always set to 3
        sid                  SignerIdentifier,
        digestAlgorithm      DigestAlgorithmIdentifier,
        signedAttrs          SignedAttributes, -- Required
        signatureAlgorithm   SignatureAlgorithmIdentifier,
        signature            SignatureValue,
        unsignedAttrs        UnsignedAttributes -- Optional
      }

      EncapsulatedContentInfo {
        eContentType         id-ct-animaJSONVoucher,
                                       -- (1.2.840.113549.1.9.16.1.40)
        eContent             OCTET STRING
      }                            -- Contains JSON object

Russ



> On Jun 16, 2026, at 4:53 PM, David Dong via RT 
> <[email protected]> wrote:
> 
> Dear Russ Housley (cc: anima WG),
> 
> As the designated expert for the SMI Security for S/MIME CMS Content Type 
> (1.2.840.113549.1.9.16.1) subregistry, can you review the proposed reference 
> update in draft-ietf-anima-rfc8366bis-31 for us? Please see:
> 
> https://datatracker.ietf.org/doc/draft-ietf-anima-rfc8366bis/
> 
> The due date is June 30th.
> 
> If this is OK, when the IESG approves the document for publication, we'll 
> update the registrations at:
> 
> https://www.iana.org/assignments/smi-numbers/
> 
> When the review is complete (or, if you have concerns that need to be 
> addressed, when the initial review is complete), we'll update the 
> Datatracker's "IANA expert review" state and send any comments to the authors.
> 
> With thanks,
> 
> David Dong
> IANA Services Sr. Specialist

_______________________________________________
Anima mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to