Comments: draft-ietf-smime-cmsalg-00

Here is the next set of comments:

1)  Table 1:  I hate to do it this way, but I don't think RSA is the correct
entry for Key Transport.  Given that we know that RSA-OAEP is coming down
the road, I think that this should be renamed as RSA v1.5 or something
similar. I see a similar problem for signature algorithms and the note.  See
comments 3 and 4 below.

2) Section 2.1:  I believe that the MUST and SHOULD statements in this
paragraph are in conflict.  ie. MUST encode as and SHOULD generate with.
These should be resolved as MUST in both locations.

3) Section 3:  RSA is not a signature algorithm.  RSA-SHA1 and RSA-MD5 are
signature algorithms.  RSA is a public key algorithm.

4) Section 3/Table 1:  From the requirements on digest algorithms I assume
that RSAwithSHA1 is a MUST and RSAwithMD5 is a SHOULD.

5) Section 3.1:  Change to "The algorithms parameter field MUST be encoded
as absent."

6) Section 3.2:  Boy we really messed this one up.  Section 3.2 should occur
as two different sections one for RSAwithMD5 and one for RSAwithSHA1.  I
will never understand how all of us missed this one.

The OIDs for this should be:
       sha1withRSAEncryption (1 2 840 113549 1 1 5)
or
#define szOID_OIWSEC_sha1RSASign "1.3.14.3.2.29"