Re: [smime] [Technical Errata Reported] RFC5753 (4777)
"Paul Hoffman" <paul.hoffman@vpnc.org> Sat, 13 August 2016 21:47 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB06612D539 for <smime@ietfa.amsl.com>; Sat, 13 Aug 2016 14:47:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J1l75pDiiUdG for <smime@ietfa.amsl.com>; Sat, 13 Aug 2016 14:47:24 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48A9A12B051 for <smime@ietf.org>; Sat, 13 Aug 2016 14:47:24 -0700 (PDT)
Received: from [10.32.60.16] (50-1-98-193.dsl.dynamic.fusionbroadband.com [50.1.98.193]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u7DLktUD043766 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 13 Aug 2016 14:46:55 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-98-193.dsl.dynamic.fusionbroadband.com [50.1.98.193] claimed to be [10.32.60.16]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Date: Sat, 13 Aug 2016 14:46:54 -0700
Message-ID: <EB493FAE-10F6-4B29-8960-32C70C81F28F@vpnc.org>
In-Reply-To: <20160813213421.15CF8B80D57@rfc-editor.org>
References: <20160813213421.15CF8B80D57@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/hWTfNsZBQVyC8pyQmDmCcIqzgSA>
Cc: smime@ietf.org, ietf@augustcellars.com, Kathleen.Moriarty.ietf@gmail.com, turners@ieca.com, stephen.farrell@cs.tcd.ie
Subject: Re: [smime] [Technical Errata Reported] RFC5753 (4777)
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Aug 2016 21:47:26 -0000
Please do not accept this errata until further discussion. Discussion: 1) I believe that the errata would be *much* clearer if the errata was only for the changed sentences, not the whole paragraph. Thus, I think the "Original Text" should start with "The originatorKey publicKey field MUST". If others agree, the submitter could turn in a new errata. 2) The submitter says "This error is also present in sections 3.1.2, 3.1.3, 3.2.1, 3.2.2, 7.2". That feels like it *might* be sufficient for the reader to understand, but it would be clearer if the errata included the change for each of those sections. If others agree, the submitter could turn in a new errata. --Paul Hoffman On 13 Aug 2016, at 14:34, RFC Errata System wrote: > The following errata report has been submitted for RFC5753, > "Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic > Message Syntax (CMS)". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=5753&eid=4777 > > -------------------------------------- > Type: Technical > Reported by: Jim Schaad <ietf@augustcellars.com> > > Section: 3.1.1 > > Original Text > ------------- > - originator MUST be the alternative originatorKey. The > originatorKey algorithm field MUST contain the id-ecPublicKey > object identifier (see Section 7.1.2). The parameters > associated > with id-ecPublicKey MUST be absent, ECParameters, or NULL. The > parameters associated with id-ecPublicKey SHOULD be absent or > ECParameters, and NULL is allowed to support legacy > implementations. The previous version of this document required > NULL to be present. If the parameters are ECParameters, then > they > MUST be namedCurve. The originatorKey publicKey field MUST > contain the DER encoding of the value of the ASN.1 type ECPoint > (see Section 7.2), which represents the sending agent's > ephemeral > EC public key. The ECPoint in uncompressed form MUST be > supported. > > Corrected Text > -------------- > - originator MUST be the alternative originatorKey. The > originatorKey algorithm field MUST contain the id-ecPublicKey > object identifier (see Section 7.1.2). The parameters > associated > with id-ecPublicKey MUST be absent, ECParameters, or NULL. The > parameters associated with id-ecPublicKey SHOULD be absent or > ECParameters, and NULL is allowed to support legacy > implementations. The previous version of this document required > NULL to be present. If the parameters are ECParameters, then > they > MUST be namedCurve. The originatorKey publicKey field MUST > contain the encoded public key as defined in [X9.62]. The > hybred > form MUST NOT be used. The ECPoint in uncompressed form MUST be > supported. This mirrors the same format used in public key > certificates as defined in Section 2.2 of [RFC5480]. > > Notes > ----- > There is a problem in that for ECPoints, the public key is defined to > be encoded differently in this document than it is in a public key > certificate. The difference is the presence of the ASN.1 OCTET STRING > wrapper. > > OpenSSL and BouncyCastle both use the unwrapped version per Dr. > Stephen Henson note to me in mail. > > This error is also present in sections 3.1.2, 3.1.3, 3.2.1, 3.2.2, 7.2 > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5753 (draft-ietf-smime-3278bis-09) > -------------------------------------- > Title : Use of Elliptic Curve Cryptography (ECC) > Algorithms in Cryptographic Message Syntax (CMS) > Publication Date : January 2010 > Author(s) : S. Turner, D. Brown > Category : INFORMATIONAL > Source : S/MIME Mail Security > Area : Security > Stream : IETF > Verifying Party : IESG
- Re: [smime] [Technical Errata Reported] RFC5753 (… Jim Schaad
- Re: [smime] [Technical Errata Reported] RFC5753 (… Paul Hoffman
- [smime] [Technical Errata Reported] RFC5753 (4777) RFC Errata System