IETF Logo Mail Archive

Re: [pkix] [smime] Fwd: Last Call: <draft-schaad-smime-algorithm-attribute-03.txt> (SignerInfo Algorithm Protection Attribute) to Proposed Standard

"Denis Pinkas"<denis.pinkas@bull.net> Fri, 17 December 2010 08:21 UTC

Return-Path: <denis.pinkas@bull.net>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7AA023A6940; Fri, 17 Dec 2010 00:21:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Level:
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_BAD_ID=2.837]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPhkC2Ho1wMc; Fri, 17 Dec 2010 00:21:29 -0800 (PST)
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by core3.amsl.com (Postfix) with ESMTP id 2ADEA3A6926; Fri, 17 Dec 2010 00:21:29 -0800 (PST)
Received: from MSGA-001.frcl.bull.fr (msga-001.frcl.bull.fr [129.184.87.31]) by odin2.bull.net (Bull S.A.) with ESMTP id 34BBE138075; Fri, 17 Dec 2010 09:30:16 +0100 (CET)
Received: from FRCLS4013 ([129.182.108.120]) by MSGA-001.frcl.bull.fr (Lotus Domino Release 5.0.11) with SMTP id 2010121709231323:56543 ; Fri, 17 Dec 2010 09:23:13 +0100
From: Denis Pinkas <denis.pinkas@bull.net>
To: ietf <ietf@ietf.org>, smime <smime@ietf.org>, pkix <pkix@ietf.org>
Date: Fri, 17 Dec 2010 09:23:11 +0100
Message-Id: <DreamMail__092311_70675148164@msga-001.frcl.bull.fr>
References: <4CFD6726.8040100@ieca.com>
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-Mailer: DreamMail 4.4.1.0
X-MIMETrack: Itemize by SMTP Server on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 17/12/2010 09:23:13, Serialize by Router on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 17/12/2010 09:23:15, Serialize complete at 17/12/2010 09:23:15
Content-Type: multipart/alternative; boundary="----=_NextPart_10121709231114517662106_002"
Subject: Re: [pkix] [smime] Fwd: Last Call: <draft-schaad-smime-algorithm-attribute-03.txt> (SignerInfo Algorithm Protection Attribute) to Proposed Standard
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: denis.pinkas@bull.net
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Dec 2010 08:21:31 -0000

I have a few comments about draft-schaad-smime-algorithm-attribute-03.txt:

1) The key question is what should contain the field signatureAlgorithm ?

SignatureAlgorithmIdentifier is defined in section 10.1.2 from RFC 5652:

10.1.2.  SignatureAlgorithmIdentifier

   The SignatureAlgorithmIdentifier type identifies a signature
   algorithm, and it can also identify a message digest algorithm.
   Examples include RSA, DSA, DSA with SHA-1, ECDSA, and ECDSA with
   SHA-256.  A signature algorithm supports signature generation and
   verification operations.  The signature generation operation uses the
   message digest and the signer's private key to generate a signature
   value.  The signature verification operation uses the message digest
   and the signer's public key to determine whether or not a signature
   value is valid.  Context determines which operation is intended.

      SignatureAlgorithmIdentifier ::= AlgorithmIdentifier


Some examples are questionable: is RSA really a "signature algorithm" ?
sha-1withRSA is really a signature mechanism, since it cannot be used for encryption.

If "real signature algorithms" were being used in the OID, then half of the problems mentioned in the draft would disappear.
This case should be mentioned in the draft.
 
The draft should also recommend the use of signature algorithms using both a hash function and an asymetric algorithm.

2) We come from a point where, 20 years ago, the same certificate was used for three purposes: 
authentication, non repudiation and encipherment. RSA was the single algorithm used in practice.
Since then, there are many situations where different certificates are used for each purpose.

We now should recommend to use "real signature algorithms", which mean an OID specifying 
a combination of a hash function and an asymetric cryptographic algorithm.

If a certificate is being used, then an OID specifying the algorithm in the certificate should be OID 
specifying a combination of a hash function and an asymetric cryptographic algorithm.

When certificates are being used, when the ESSCertID is being used, and when "real signature algorithms" are being used
then the new proposed protection attribute is not needed.

The current draft does not mention this possibility.

3) There is another draft under discussion in the PKIX WG called: draft-ietf-pkix-ocspagility-09.

Although the field "certIdentifier" below is misnamed, the idea is to say that for Elliptic Curves we need two parameters 
instead of one. This is what the proposed draft is attempting to say:
     PreferredSignatureAlgorithm ::= SEQUENCE {        sigIdentifier   AlgorithmIdentifier,        certIdentifier  AlgorithmIdentifier OPTIONAL        }

   The syntax of AlgorithmIdentifier is defined in section 4.1.1.2 of   RFC 5280 [RFC5280]

   sigIdentifier specifies the signature algorithm the client prefers,   e.g. algorithm=ecdsa-with-sha256. Parameters are absent for most   common signature algorithms.

   certIdentifier specifies the subject public key algorithm identifier   the client prefers in the server's certificate used to validate the   OCSP response. e.g. algorithm=id-ecPublicKey and parameters=   secp256r1.

   certIdentifier is OPTIONAL and provides means to specify parameters   necessary to distinguish among different usages of a particular   algorithm, e.g. it may be used by the client to specify what curve it   supports for a given elliptic curve algorithm.
Note the this draft provides a correct example for a signature algorithm identifier: ecdsa-with-sha256
The draft proposed by Jim should consider the case of OIDs for Elliptic Curves 

4) The draft is missing a risk analysis or examples for real possibilities of substitution. 

For the above reasons, I believe that a new draft should be issued.

Denis

---------- 
>From : smime-bounces 
To : smime 
Date : 2010-12-06, 23:43:50
Subject : [smime] Fwd: Last Call: (SignerInfo Algorithm Protection Attribute) to Proposed Standard


-------- Original Message --------
Subject: Last Call: <draft-schaad-smime-algorithm-attribute-03.txt> 
(Signer Info Algorithm Protection Attribute) to Proposed Standard
Date: Mon, 06 Dec 2010 14:35:04 -0800
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>

The IESG has received a request from an individual submitter to consider
the following document:
- 'Signer Info Algorithm Protection Attribute'
   <draft-schaad-smime-algorithm-attribute-03.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2011-01-03. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://datatracker.ietf.org/doc/draft-schaad-smime-algorithm-attribute/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-schaad-smime-algorithm-attribute/


No IPR declarations have been submitted directly on this I-D.
_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

_______________________________________________
smime mailing list
smime@ietf.org
https://www.ietf.org/mailman/listinfo/smime

v2.23.0 | Report a Bug | By Email