Protocol Action: 'Cryptographic Messages Syntax (CMS) Algorithm Identifier Protection Attribute' to Proposed Standard (draft-schaad-smime-algorithm-attribute-05.txt)
The IESG <iesg-secretary@ietf.org> Tue, 25 January 2011 17:05 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@core3.amsl.com
Delivered-To: ietf-announce@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D0A753A684F; Tue, 25 Jan 2011 09:05:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rJhWn53Ojx3g; Tue, 25 Jan 2011 09:05:50 -0800 (PST)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9FF9B3A6855; Tue, 25 Jan 2011 09:05:49 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Cryptographic Messages Syntax (CMS) Algorithm Identifier Protection Attribute' to Proposed Standard (draft-schaad-smime-algorithm-attribute-05.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 3.10
Message-ID: <20110125170549.32528.35336.idtracker@localhost>
Date: Tue, 25 Jan 2011 09:05:49 -0800
Cc: Internet Architecture Board <iab@iab.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2011 17:05:50 -0000
The IESG has approved the following document: - 'Cryptographic Messages Syntax (CMS) Algorithm Identifier Protection Attribute' (draft-schaad-smime-algorithm-attribute-05.txt) as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-schaad-smime-algorithm-attribute/ Technical Summary An authenticated/signed attribute is defined to protect the algorithm definitions of the message body and the signature. Currently this information is not included in the signature computation and could theoretically be changed without the signature validator knowing. This provides an attack avenue on CMS signature and authentication operations that currently has no known successful attacks. The new attribute is prophylactic. Working Group Summary There was a small amount of discussion on the working group list if this should be expanded to include the new authenticated encryption algorithms. It was decided that these should be treated separately by any interested community. The document was considered in the S/MIME working group, but there was no push for adoption as it was believed that the working group would be shutting down shortly. Document Quality The document has been implemented by the author and an example of using the attribute can be found in draft-schaad-smime-hash-experiment. There are no known plans for vendors to implement this, but I have received private email asking as to the status of the document. Personnel Jim Schaad (ietf@augustcellars.com) is the Document Shepherd. Sean Turner (turners@ieca.com) is the Responsible Area Director.