draft-ietf-smime-cms-rsa-kem-10 LC comments

Alfred Hönes <ah@TR-Sys.de> Sun, 13 December 2009 20:40 UTC

Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9BD773A68AF for <ietf@core3.amsl.com>; Sun, 13 Dec 2009 12:40:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.154
X-Spam-Level: ***
X-Spam-Status: No, score=3.154 tagged_above=-999 required=5 tests=[AWL=-0.697, BAYES_50=0.001, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQ453mTXJI5l for <ietf@core3.amsl.com>; Sun, 13 Dec 2009 12:40:48 -0800 (PST)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id D4B8B3A6887 for <ietf@ietf.org>; Sun, 13 Dec 2009 12:40:47 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA025786771; Sun, 13 Dec 2009 21:39:31 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id VAA14162; Sun, 13 Dec 2009 21:39:21 +0100 (MEZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <200912132039.VAA14162@TR-Sys.de>
Subject: draft-ietf-smime-cms-rsa-kem-10 LC comments
To: jdrandall@comcast.net, kaliski_burt@emc.com, jbrainard@rsa.com, turners@ieca.com
Date: Sun, 13 Dec 2009 21:39:21 +0100
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Mon, 14 Dec 2009 10:23:24 -0800
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Dec 2009 20:40:49 -0000

I have taken a closer look at draft-ietf-smime-cms-rsa-kem-10
and will send another detailed editorial review to the authors.

Below are my more significant comments and questions:

(A)

Shouldn't this memo be updated to also encompass usage of
"AES Key Wrap with Padding" (RFC 5649) ?
(Compared to immediate inclusion in this memo, having to process
another document performing such update in the near future seems
to be an undue load on IETF/IESG/RFC-Editor cycles.)

Otherwise, a short note would be welcome in the memo indicating
why that is not being done.

(B)

In Appendix B.1, it is rather confusing (and might most likely
become the origin of implementation faults) that the draft uses
the same Name, "RSA-KEM", for the Key Transport Algorithm and the
underlying KeyEncapsulationMechanism, with the respective OIDs
named 'id-rsa-kem' and 'id-kem-rsa'.

The "S/MIME New ASN.1" draft has tried to introduce more rational
and systematic names for algorithm objects and OIDs, by always
including an algorithm type specific name component;
this is "kta-" for key transport algorithms.

So it might make sense to rename 'id-rsa-kem' to 'id-kta-rsa-kem'
in order to get a greater "mnemonic distance" from 'id-kem-rsa',
which is expected to appear in the PARAMETERS of the former.

Of course, such change needs to be reflected in the ASN.1 module
in Appendix B.3.

(C)

In Appendix B.2.1, 'x9-44-components' is used without definition.
(This definition only appears much later, in the ASN.1 module in B.3.)
Similar branch OIDs used throughout B.1 and B.2 are collected and
presented at the beginning of App. B.; therefore, it would make much
sense to also place there the definition of 'x9-44-components'.

(D)

Appendix B.2.2 still contains the clause written many years ago (it
appears for the first time in the -01 draft version dated Oct. 2003):

           vvvvvvvvvvvvvvvvvv
|    NOTE: As of this writing, the AES Key Wrap and the Triple-DES Key
|    Wrap are in the process of being approved by ASC X9.
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It seems likely that this has been resolved in the meantime.
Please check and correct if necessary.


Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah@TR-Sys.de                     |
+------------------------+--------------------------------------------+