RE: I-D ACTION:draft-ietf-smime-aes-alg-03.txt
"Housley, Russ" <rhousley@rsasecurity.com> Mon, 03 December 2001 20:45 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA29178 for <smime-archive@odin.ietf.org>; Mon, 3 Dec 2001 15:45:30 -0500 (EST)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id fB3KDWu15253 for ietf-smime-bks; Mon, 3 Dec 2001 12:13:32 -0800 (PST)
Received: from tholian.rsasecurity.com (mail.rsasecurity.com [204.167.112.129]) by above.proper.com (8.11.6/8.11.3) with SMTP id fB3KDT215247 for <ietf-smime@imc.org>; Mon, 3 Dec 2001 12:13:29 -0800 (PST)
Received: from sdtihq24.securitydynamics.com by tholian.rsasecurity.com via smtpd (for mail.imc.org [208.184.76.43]) with SMTP; 3 Dec 2001 20:13:27 UT
Received: from ebola.securitydynamics.com (ebola.securid.com [192.168.7.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id PAA13564; Mon, 3 Dec 2001 15:13:31 -0500 (EST)
Received: from exna00.securitydynamics.com (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with ESMTP id fB3KDL803387; Mon, 3 Dec 2001 15:13:22 -0500 (EST)
Received: by exna00.securitydynamics.com with Internet Mail Service (5.5.2653.19) id <YFW8S70G>; Mon, 3 Dec 2001 14:59:42 -0500
Received: from HOUSLEY-LAP.rsasecurity.com (10.3.1.87 [10.3.1.87]) by exna00.securitydynamics.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id YFW8S6XJ; Mon, 3 Dec 2001 14:45:27 -0500
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Francois.Rousseau@CSE-CST.GC.CA
Cc: jimsch@nwlink.com, ietf-smime@imc.org
Message-Id: <5.0.1.4.2.20011203141403.0297d970@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0.1
Date: Mon, 03 Dec 2001 14:18:35 -0500
Subject: RE: I-D ACTION:draft-ietf-smime-aes-alg-03.txt
In-Reply-To: <A7896A2B763AD511B27C00AA00DD93713CD1DA@NIAGARA>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Francois: >I have the following comments on this updated Internet Draft: > >a. Section 2.3.1 indicates that Generation of the an AES key used in doing >AES-KeyWrap is done using the method in [DH] with the following >modifications: The Hash function H will be [SHA-256] rather than SHA-1. As >you know, RFC2631 defines one Key Derivation Function (KDF), which is >derived from one of the two KDFs defined under ANSI X9.42. However, NIST >recently suggested a new standardized KDF for both ANSI X9.42 and X9.63 in >its Key Establishment Schemes document presented at its second Key >Management Workshop on November 1-2. Since you are already questioning if >you should change the OID for this KDF because you are mandating SHA-256 not >SHA-1, shouldn't S/MIME, NIST and ANSI take this opportunity to standardize >on one common algorithm for this KDF? Jim and I had an e-mail exchange with Paul Timmel on this subject. We plan to stick with SHA-1. >b. Section 2.3.2 is about the AES CEK wrap process, shouldn't it be more >general than just wrapping an AES key in another AES key similarly to the >recently approved <draft-ietf-smime-key-wrap-01.txt>? If yes, the last >sentence of this section indicates that if different lengths are supported, >the KEK MUST be of equal or greater length then the CEK. I would disagree >with this mandatory requirement if other types of keys could be wrapped an >AES key. Take for example Triple DES with three keys (i.e. 192 bits), which >has only an effective strength of 112 bits, could securely be wrapped with a >KEK of 128 bits instead of 192 bits. This last comment also applies to >Section 6, which indicates that when wrapping a content-encryption key with >a key-encryption key, the key-encryption key should always be at least the >same length as the content-encryption key. I do not think that this is a general mechanism. The one in draft-ietf-smime-key-wrap-01 certainly is not. The analysis of the algorithms in draft-ietf-smime-key-wrap-01 was not done for the general cases. NIST has said that this algorithm is appropriate for wrapping one AES key with another, and that is how we plan to use it. I do not see any reason to mix algorithms. >Feel free to distribute these comments and your response on the mailing list >since I am not currently a member of the S/MIME list, but only monitor its >status on the web site. Russ
- I-D ACTION:draft-ietf-smime-aes-alg-03.txt Internet-Drafts
- RE: I-D ACTION:draft-ietf-smime-aes-alg-03.txt Housley, Russ