Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
Eric Rescorla <ekr@rtfm.com> Thu, 03 May 2018 20:10 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2C4312EACF for <secdir@ietfa.amsl.com>; Thu, 3 May 2018 13:10:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EI83JvpRZcLd for <secdir@ietfa.amsl.com>; Thu, 3 May 2018 13:10:28 -0700 (PDT)
Received: from mail-ot0-x22e.google.com (mail-ot0-x22e.google.com [IPv6:2607:f8b0:4003:c0f::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3937B12EAC0 for <secdir@ietf.org>; Thu, 3 May 2018 13:10:25 -0700 (PDT)
Received: by mail-ot0-x22e.google.com with SMTP id y10-v6so22061766otg.10 for <secdir@ietf.org>; Thu, 03 May 2018 13:10:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ifwy6LmQHSiPe6ZARXCskgT/4cOQH+5uPxlycgYbG1A=; b=TvIfYLvkkNx1iZXuus/isyicn+g4n3c3XCwBD5S+5INeB9nHW5ucbgkomhHl78g5MR xzG1du7vLt4y/PS5y/J+H8BzQ4Jgu/p2RKSrJvy22G6AJbR9+wL8s3/gjEF/9a7yBUHI xDgt6dTZbbpb7N+9szbHj4mthG0tII4maIFq7Sb87De1PGQuWOqzkQEoCRiAv8vEliYc pEO8JNy6YtsyyDzdvYOdxusoNGz4YXLzdoE1gqxolEOatk4Ha27H5ocBsICtv4YpK7Rw 1OEFdn2YbCOvBVGofiEDGLfyiC2SfRYO+gQ75RxNjSSrJJA5ZnNhy+WWsaA81/RdNRYg RZxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ifwy6LmQHSiPe6ZARXCskgT/4cOQH+5uPxlycgYbG1A=; b=VLG7eWHEVcH9ROkUyiO9Iz0Wet1XzIu+ZuVfofElSlmgO4klK48MWZ79QpRXHxent9 bB0+BbAieqT9LmGRzr4o7AX/gKHRhGO0MoUCnwItHsarkrfPhelZN5OH8htyEH7yp465 W+GdbU7wFGN/pxDftdhTuqPZhKFB0GaMZFp0eFNZI2MkxQnqbQuksDE33NycS7Ze1u5B 16AuPSSUl0YkiXR4N7DULRLmHb6CY7Vu5jhoCTxNrRMM9brHiIf99SOfsDaXoq2YAvj+ jhZ4CZlycx0WMHCayNjsVfXCZC+ozzKqKjykpTKAQTaDljVRrhysdBL+g8OpMV4xvv9Z kmXQ==
X-Gm-Message-State: ALQs6tAA7zBepdp32TYKwrL9Uw2x87xDg26gTk2tKIgSgihUx8VM2jMA EhP641eAs0tPFHZQi4IiOcXZutgLTHXUTf5y9zk3yQ==
X-Google-Smtp-Source: AB8JxZrJBqPpgNK0wOv4Zy6HNYPfdlz9AAK9xXn0e4k7fp3c6R5GHgMdMHj/Qo4OthspUdKppR2EF1f3tTKqv0F1Bnk=
X-Received: by 2002:a9d:72c6:: with SMTP id d6-v6mr4674037otk.392.1525378224556; Thu, 03 May 2018 13:10:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.118.130 with HTTP; Thu, 3 May 2018 13:09:43 -0700 (PDT)
In-Reply-To: <054301d3e271$dc22db10$94689130$@augustcellars.com>
References: <152432458128.20660.6956595430755199355@ietfa.amsl.com> <054301d3e271$dc22db10$94689130$@augustcellars.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 03 May 2018 13:09:43 -0700
Message-ID: <CABcZeBPFmDfOH3bhZXeo+1rytZVm47COa8n-x=oSTuzjjHH-ag@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: Matthew Miller <linuxwolf+ietf@outer-planes.net>, secdir@ietf.org, SPASM <spasm@ietf.org>, draft-ietf-lamps-rfc5750-bis.all@ietf.org, IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000391e5f056b52cb77"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/YXWP7Cumu1FPOPHExrgiWtMmacY>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 20:10:30 -0000
probably "parse" not "parser" On Wed, May 2, 2018 at 5:01 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > > > -----Original Message----- > > From: Matthew Miller <linuxwolf+ietf@outer-planes.net> > > Sent: Saturday, April 21, 2018 8:30 AM > > To: secdir@ietf.org > > Cc: spasm@ietf.org; draft-ietf-lamps-rfc5750-bis.all@ietf.org; > ietf@ietf.org > > Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05 > > > > Reviewer: Matthew Miller > > Review result: Has Nits > > > > I have reviewed this document as part of the security directorate's > ongoing > > effort to review all IETF documents being processed by the IESG. These > > comments were written primarily for the benefit of the security area > > directors. Document editors and WG chairs should treat these comments > > just like any other last call comments. > > > > Document: draft-ietf-lamps-rfc5750-bis-05 > > Reviewer: Matthew A. Miller > > Review Date: 2018-04-21 > > IETF LC End Date: 2018-04-27 > > IESG Telechat date: N/A > > > > Summary: > > > > This document is ready, but there is one nit around PKCS #6 handling that > > might benefit from explanation. > > > > This document describes the certificate handling expectations for senders > > and receivers of S/MIME 4.0. It obsoletes RFC 5750, adding requirements > to > > support internationalized email addresses, increase RSA minimum key > sizes, > > and support ECDSA using P-256 and Ed25519; older algorithms such as DSA, > > MD5, and SHA-1 are relegated to historical. > > > > Major Issues: N/A > > > > Minor Issues: N/A > > > > Nits: > > > > Section 2.2.1. "Historical Note about CMS Certificates" is almost entired > > unchanged, but added a requirement that receivers MUST be able to process > > PCKS #6 extended certificates. This almost seems at odds with the rest > of > > the paragraph that precedes this MUST, noting PKCS #6 has little use and > > PKIX is functionally equivalent. > > A short explanation of why this additional handling requirement would > seem > > helpful. > > How about the following which is just a description of what we are looking > for in terms of behavior. > > Receiving agents MUST be able to parser and process a message > containing PKCS #6 extended certificates although ignoring those > certificates is expected behavior. > > > >
- [secdir] Secdir last call review of draft-ietf-la… Matthew Miller
- Re: [secdir] Secdir last call review of draft-iet… Jim Schaad
- Re: [secdir] Secdir last call review of draft-iet… Jim Schaad
- Re: [secdir] Secdir last call review of draft-iet… Eric Rescorla
- Re: [secdir] Secdir last call review of draft-iet… Jim Schaad