IETF Logo Mail Archive

Re: [smime] [Technical Errata Reported] RFC5084 (4774)

Jim Schaad <ietf@augustcellars.com> Sat, 13 August 2016 17:03 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6A9712B00B for <smime@ietfa.amsl.com>; Sat, 13 Aug 2016 10:03:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.148
X-Spam-Level:
X-Spam-Status: No, score=-3.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tl7rzgk71hyt for <smime@ietfa.amsl.com>; Sat, 13 Aug 2016 10:03:52 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D43F012B005 for <smime@ietf.org>; Sat, 13 Aug 2016 10:03:51 -0700 (PDT)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 13 Aug 2016 10:15:34 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'RFC Errata System' <rfc-editor@rfc-editor.org>, housley@vigilsec.com, stephen.farrell@cs.tcd.ie, Kathleen.Moriarty.ietf@gmail.com, paul.hoffman@vpnc.org, blaker@gmail.com
References: <20160811184733.4444EB8111E@rfc-editor.org>
In-Reply-To: <20160811184733.4444EB8111E@rfc-editor.org>
Date: Sat, 13 Aug 2016 10:03:18 -0700
Message-ID: <027701d1f584$98da3320$ca8e9960$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHRaEVFPn+0uXujd3jpR3UjAM3696BINtMw
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/OtD7faSDd3shiOZEPtmhOrndDEQ>
Cc: quannguyen@google.com, smime@ietf.org
Subject: Re: [smime] [Technical Errata Reported] RFC5084 (4774)
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Aug 2016 17:03:53 -0000

The first half of this errata must be rejected.  We do not change the ASN.1
for something like this under just about any circumstances.

Changing the recommendation of a value should probably not be done by an
erratum but by publishing a new document.  We could make discuss and make
the recommendation change in the new S/MIME document in the LAMPS group
rather than in this document.

Jim


> -----Original Message-----
> From: smime [mailto:smime-bounces@ietf.org] On Behalf Of RFC Errata System
> Sent: Thursday, August 11, 2016 11:48 AM
> To: housley@vigilsec.com; stephen.farrell@cs.tcd.ie;
> Kathleen.Moriarty.ietf@gmail.com; paul.hoffman@vpnc.org;
> blaker@gmail.com
> Cc: quannguyen@google.com; rfc-editor@rfc-editor.org; smime@ietf.org
> Subject: [smime] [Technical Errata Reported] RFC5084 (4774)
> 
> The following errata report has been submitted for RFC5084, "Using AES-CCM
> and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax
> (CMS)".
> 
> --------------------------------------
> You may review the report below and at:
> http://www.rfc-editor.org/errata_search.php?rfc=5084&eid=4774
> 
> --------------------------------------
> Type: Technical
> Reported by: QUAN NGUYEN <quannguyen@google.com>
> 
> Section: 3.2
> 
> Original Text
> -------------
> aes-ICVlen       AES-GCM-ICVlen DEFAULT 12
> 
> A length of 12 octets is RECOMMENDED.
> 
> Corrected Text
> --------------
> aes-ICVlen       AES-GCM-ICVlen DEFAULT 16
> 
> A length of 16 octets is RECOMMENDED.
> 
> Notes
> -----
> Many JCE providers including OpenJDK, BouncyCastle, Conscrypt have a bug
to
> use 12 bytes authentication tag (aes-ICVlen) as default if the code path
[1] uses
> CMS. According to Ferguson's attack
> (http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/CWC-
> GCM/Ferguson2.pdf), if a user encrypts 2^32 block length message, then 12
> bytes authentication tag length has only 96 - 32 = 64 bits security which
is not
> good enough nowadays. Furthermore, once a forgery happens then
> authentication is leaked.
> 
> [1] In other code paths, all providers use 16 bytes authentication tag as
default.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". If necessary, please use
"Reply
> All" to discuss whether it should be verified or rejected. When a decision
is
> reached, the verifying party (IESG) can log in to change the status and
edit the
> report, if necessary.
> 
> --------------------------------------
> RFC5084 (draft-ietf-smime-cms-aes-ccm-and-gcm-03)
> --------------------------------------
> Title               : Using AES-CCM and AES-GCM Authenticated Encryption
in the
> Cryptographic Message Syntax (CMS)
> Publication Date    : November 2007
> Author(s)           : R. Housley
> Category            : PROPOSED STANDARD
> Source              : S/MIME Mail Security
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG
> 
> _______________________________________________
> smime mailing list
> smime@ietf.org
> https://www.ietf.org/mailman/listinfo/smime

v2.23.0 | Report a Bug | By Email