Re: [Fwd: I-D ACTION:draft-ietf-smime-3851bis-09.txt]
Sean Turner <turners@ieca.com> Thu, 23 April 2009 20:53 UTC
Return-Path: <owner-ietf-smime@mail.imc.org>
X-Original-To: ietfarch-smime-archive@core3.amsl.com
Delivered-To: ietfarch-smime-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D53DE3A6833 for <ietfarch-smime-archive@core3.amsl.com>; Thu, 23 Apr 2009 13:53:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.535
X-Spam-Level:
X-Spam-Status: No, score=-2.535 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7HsKCU3zjH91 for <ietfarch-smime-archive@core3.amsl.com>; Thu, 23 Apr 2009 13:53:21 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 065843A6A90 for <smime-archive@ietf.org>; Thu, 23 Apr 2009 13:51:12 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n3NKhTBr002286 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Apr 2009 13:43:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n3NKhT7R002285; Thu, 23 Apr 2009 13:43:29 -0700 (MST) (envelope-from owner-ietf-smime@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from smtp108.biz.mail.re2.yahoo.com (smtp108.biz.mail.re2.yahoo.com [206.190.52.47]) by balder-227.proper.com (8.14.2/8.14.2) with SMTP id n3NKhIfv002261 for <ietf-smime@imc.org>; Thu, 23 Apr 2009 13:43:28 -0700 (MST) (envelope-from turners@ieca.com)
Received: (qmail 58550 invoked from network); 23 Apr 2009 20:43:17 -0000
Received: from unknown (HELO thunderfish.local) (turners@96.231.116.223 with plain) by smtp108.biz.mail.re2.yahoo.com with SMTP; 23 Apr 2009 20:43:17 -0000
X-Yahoo-SMTP: qPTWNAeswBAtDTSn9GKlmmL3C90ke7grn_5n9To-
X-YMail-OSG: nv46i.sVM1lifevqifcWLeemCgkz1GgQiCEeaROovElCE7k1bnEr7SR2l9boKd_l5QnP17._dQ0_I0cf.8XZ6dMoIhwQXJUCYNXejh3C.FbJ1lck4wKoTbL1uNXov5XeULpkPFlYhw.p5q0McrM2mPigZCgwWR6eUGvq.SuIaQ6WehFXFe7UEMEHnd8UeUQFL6z2yJ2RgFztdjbS3CfoWis0WRS.nh6IOZYm3yxOLZdWmdHaL0G37wq9UtT4for1Ey44pSJUlD4uBRqjUxf4kAxq.Vg3apdm90aLAk7tFfe7GwrJ6jjz
X-Yahoo-Newman-Property: ymail-3
Message-ID: <49F0D2E4.3060909@ieca.com>
Date: Thu, 23 Apr 2009 16:43:16 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: ietf-smime@imc.org
Subject: Re: [Fwd: I-D ACTION:draft-ietf-smime-3851bis-09.txt]
References: <49E4E4D9.5000208@ieca.com> <49EDBC74.6010102@ieca.com>
In-Reply-To: <49EDBC74.6010102@ieca.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I did receive some comments on this draft at the last second. Two were
on the key size text:
- SHOULD- on 1024-bit DSA key ought to be SHOULD
- In 4.3: 1023 <= key size <= 2048 : MUST needs to be
1024 <= key size <= 2048 : MUST
(this is the same rationale as for 3850bis) The 1st one I think is a
good suggestion because SHOULD- on a key size doesn't seem to make much
sense to me especially in the light of DSA with SHA-256 being a SHOULD+.
The 2nd one is editorial because we can't have two different
requirements for the same key size.
I also received some other non-key size related comments:
- RSA-PSS should be replaced with RSASSA-PSS
- RSA-OAEP should be replaced with RSAES-OESP
- RSASA-PSS in references should be RSASSA-PSS
- Change noted to 3.2.2 not implemented and should also
be applied to 3.6 (replace encrypted with enveloped)
- Rephrase the last sentence in the 2nd para of 2.3:
OLD:
As AES 128 CBC is the mandatory to implement content encryption
algorithm thus, when DH ephemeral-static is supported, AES-128 key wrap
algorithm MUST also be supported.
NEW:
As AES-128 CBC is the mandatory to implement content encryption
algorithm, the AES-128 key wrap algorithm MUST also be supported when DH
ephemeral-static is used
- Rephrase 1st sentence in 4th of Security Considerations
OLD:
The choice of 2048 bits as the RSA asymmetric key size in this
specification is based on the desire to provide 100 bits of security.
NEW:
The choice of 2048 bits as the RSA asymmetric key size in this
specification is based on the desire to provide 112 bits of security.
All but the last I consider editorial and will incorporate. For the
last one, instead of replacing 100 with 112 I'd like to make it say "at
least 100 bits of security". I think this is what we intended though
technically a 2048-bit key size does offer 112 bits of security.
Unless there's strong objections to these resolutions I'll post a new
version of this ID Friday afternoon for Tim to continue processing.
spt
Sean Turner wrote:
>
> To date, I have received no comments on this version of the ID.
>
> spt
>
> Sean Turner wrote:
>> This ID incorporates comments necessary to resolve IESG DISCUSSES, one
>> IETF LC comment I missed, and incorporates key size text from our Area
>> Directory. The changes were in some cases significant and as a result
>> I'm asking for a one week comment period that will end 22 April 2009 @
>> 8am EST.
>>
>> spt
>
>
- Re: [Fwd: I-D ACTION:draft-ietf-smime-3851bis-09.… Sean Turner
- I-D ACTION:draft-ietf-smime-3851bis-09.txt Internet-Drafts
- [Fwd: I-D ACTION:draft-ietf-smime-3851bis-09.txt] Sean Turner
- Re: [Fwd: I-D ACTION:draft-ietf-smime-3851bis-09.… Sean Turner