Document: draft-ietf-smime-rfc3369bis-03
Reviewer: Spencer Dawkins
Date: May 26, 2004

This draft is almost down to nits for publication as a Proposed
Standard.

It's well-written, and provides an appropriate level of background and
detail in most cases.

I have one point of confusion:

There are a lot of "versions" that are "always set to 3", or some such
(the values differ) with no explanation. This is fine for implementers
but doesn't make the next revision easier (why was it "3"? let's
change it and see what breaks?). At the very least, I would be curious
whether receiving a signed message with version=4 should be fatal, or
what. People who work in the area probably know this, but I don't work
in the area.

On to the nits:

- At the end of the Introduction, "and symmetric key-encryption key
techniques for key management" is probably perfectly correct, but uses
the word "key" three times in nine words (in addition to other
appearances in the same sentence). Is there any other way to say this?

- There's a blown paragraph break at the bottom of page 9.

- "Authenticode" is used twice with no reference given (I wasn't born
knowing what this is).

- In 6.0, "any of the three key management techniques" is tossed in
with no references. There's a list of three key management techniques
given several other places in the document - either make these all
pointers to the same list, or repeat the list one more time? But it
wasn't obvious that this was the same list provided elsewhere.

- I am embarrassed to mention it, but there are a LOT of indented
paragraphs that explain parameters, and it's really hard to spot the
parameter being explained in the text, because the parameter is
neither more or less indented than the rest of the paragraph. This is
what hanging lists are for!

Thanks,

Spencer