[smime] [Technical Errata Reported] RFC5084 (4774)
RFC Errata System <rfc-editor@rfc-editor.org> Thu, 11 August 2016 18:47 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B7712D60E for <smime@ietfa.amsl.com>; Thu, 11 Aug 2016 11:47:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.869
X-Spam-Level:
X-Spam-Status: No, score=-103.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJRpRsqWjJ-g for <smime@ietfa.amsl.com>; Thu, 11 Aug 2016 11:47:33 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B64012D5CA for <smime@ietf.org>; Thu, 11 Aug 2016 11:47:33 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 4444EB8111E; Thu, 11 Aug 2016 11:47:33 -0700 (PDT)
To: housley@vigilsec.com, stephen.farrell@cs.tcd.ie, Kathleen.Moriarty.ietf@gmail.com, paul.hoffman@vpnc.org, blaker@gmail.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Message-Id: <20160811184733.4444EB8111E@rfc-editor.org>
Date: Thu, 11 Aug 2016 11:47:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/89lW3-5fYwaTImEnZoDbchoX5EM>
Cc: quannguyen@google.com, rfc-editor@rfc-editor.org, smime@ietf.org
Subject: [smime] [Technical Errata Reported] RFC5084 (4774)
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2016 18:47:34 -0000
The following errata report has been submitted for RFC5084, "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5084&eid=4774 -------------------------------------- Type: Technical Reported by: QUAN NGUYEN <quannguyen@google.com> Section: 3.2 Original Text ------------- aes-ICVlen AES-GCM-ICVlen DEFAULT 12 A length of 12 octets is RECOMMENDED. Corrected Text -------------- aes-ICVlen AES-GCM-ICVlen DEFAULT 16 A length of 16 octets is RECOMMENDED. Notes ----- Many JCE providers including OpenJDK, BouncyCastle, Conscrypt have a bug to use 12 bytes authentication tag (aes-ICVlen) as default if the code path [1] uses CMS. According to Ferguson's attack (http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-GCM/Ferguson2.pdf), if a user encrypts 2^32 block length message, then 12 bytes authentication tag length has only 96 - 32 = 64 bits security which is not good enough nowadays. Furthermore, once a forgery happens then authentication is leaked. [1] In other code paths, all providers use 16 bytes authentication tag as default. Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -------------------------------------- RFC5084 (draft-ietf-smime-cms-aes-ccm-and-gcm-03) -------------------------------------- Title : Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) Publication Date : November 2007 Author(s) : R. Housley Category : PROPOSED STANDARD Source : S/MIME Mail Security Area : Security Stream : IETF Verifying Party : IESG
- Re: [smime] [Technical Errata Reported] RFC5084 (… Quan Nguyen
- Re: [smime] [Technical Errata Reported] RFC5084 (… Quan Nguyen
- Re: [smime] [Technical Errata Reported] RFC5084 (… Jim Schaad
- Re: [smime] [Technical Errata Reported] RFC5084 (… Quan Nguyen
- Re: [smime] [Technical Errata Reported] RFC5084 (… Russ Housley
- Re: [smime] [Technical Errata Reported] RFC5084 (… Quan Nguyen
- Re: [smime] [Technical Errata Reported] RFC5084 (… Quan Nguyen
- Re: [smime] [Technical Errata Reported] RFC5084 (… Quan Nguyen
- Re: [smime] [Technical Errata Reported] RFC5084 (… Russ Housley
- Re: [smime] [Technical Errata Reported] RFC5084 (… Russ Housley
- Re: [smime] [Technical Errata Reported] RFC5084 (… Sean Leonard
- Re: [smime] [Technical Errata Reported] RFC5084 (… Paul Hoffman
- Re: [smime] [Technical Errata Reported] RFC5084 (… Jim Schaad
- [smime] [Technical Errata Reported] RFC5084 (4774) RFC Errata System