Closed DDvO closed 1 year ago
Appendix E contains additional explanation, but no normative text. To have the base-specification in Section 5.1.3.4 not too large, this additional guidance was shifted on purpose to an appendix.
Regarding Security Considerations: It is never a good idea to overlook the Security considerations section. See also cms-kemri draft for similar examples for normative text in the Security Considerations section.
@Akretsch wrote in #30:
One more point to add on this, which he also mentioned to me this morning: The security considerations section 8.8: https://lamps-wg.github.io/cmp-updates/draft-ietf-lamps-rfc4210bis.html#name-recurring-usage-of-kem-keys contains an important functional requirement:
IMO this should be given already in Section 5.1.3.4 because otherwise this can easily be overlooked by implementers focusing on the main body of the spec, so regarding KEM use on Section 5.1.3.4.