Re: Issues with S/MIME Message Specification
EKR <ekr@rtfm.com> Tue, 18 May 1999 21:00 UTC
Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA15888 for <smime-archive@odin.ietf.org>; Tue, 18 May 1999 17:00:45 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id NAA20008 for ietf-smime-bks; Tue, 18 May 1999 13:03:26 -0700 (PDT)
Received: from speedy.rtfm.com ([208.217.207.85]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id NAA20004 for <ietf-smime@imc.org>; Tue, 18 May 1999 13:03:23 -0700 (PDT)
Received: from romeo.rtfm.com (romeo.rtfm.com [208.217.207.82]) by speedy.rtfm.com (8.9.1/8.6.4) with ESMTP id NAA14617; Tue, 18 May 1999 13:03:24 -0700 (PDT)
Received: (ekr@localhost) by romeo.rtfm.com (8.9.2/8.6.4) id NAA05143; Tue, 18 May 1999 13:02:52 -0700 (PDT)
To: bjueneman@novell.com
Cc: The IESG <iesg-secretary@ietf.org>, RFC Editor <rfc-editor@isi.edu>, ietf-smime@imc.org
Subject: Re: Issues with S/MIME Message Specification
References: <006701bea15d$124b2e60$4dd44189@provo.novell.com>
From: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset="US-ASCII"
Date: Tue, 18 May 1999 13:02:52 -0700
In-Reply-To: "Robert R. Jueneman"'s message of "Tue, 18 May 1999 12:34:32 -0600"
Message-ID: <kj3e0u16z7.fsf@romeo.rtfm.com>
Lines: 55
X-Mailer: Gnus v5.6.45/XEmacs 20.4 - "Emerald"
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
"Robert R. Jueneman" <bjueneman@novell.com> writes:
> Regarding the S/MIME Version 3 Message Specification,
> draft-ietf-smime-msg-08.txt, I believe that all MUSTs and SHOULDs
> regarding specific cryptographic algorithms should be removed from this
> document, and contained only in the Cryptographic Message Syntax document.
> I can see no reason at all why such things should be specified twice -- it
> just makes conformance checking all that much more difficult. An example
> of this kind of difficulty is para 2.2 of the S/MIME Message
> Specification, which says that sending and receiving agents SHOULD support
> rsaEncryption, whereas the Cryptographic Message Syntax , para 12.2, says
> that CMS implementations "may" support RSA. Neither mentions RSA with
> OAEP.
CMS and S/MIME MSG intentionally have different requirements.
In order to preserve backwards compatibility with S/MIMEv2,
implementations SHOULD implement RSA. CMS implementations that
do not need to be used in the S/MIME context may very well
have no need to use RSA.
> The second part of 2.7 specifies that receiving agents SHOULD support
> RC2/40 "or a compatible algorithm at a key size of 40 bits..." This
> recommendation suffers from two major problems, in my view. First, it is
> LESS secure than 56-bit DES, which is now acceptable world-wide (with
> perhaps one or two minor exceptions -- not quite clear) for data
> encryption.
The purpose of this is once again for compatability with S/MIME v2
which required RC2.
> And second, it is a proprietary, trade-secret algorithm.
This statement is incorrect. See RFC-2268:
2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
> Finally, somewhere in these documents there is a statement regarding the
> advisability of including the content encryption key encrypted in the
> originator's public key, but despite rereading the documents multiple
> times I can't find that text again. As I recall, the text said that this
> SHOULD be done. I would argue that this should be changed to MUST, for I
> can't imagine a situation where the originator of an encrypted message
> would not want to be able to read his own message, for example in an
> outgoing or Sent-Mail queue. He might need to be able to decrypted, and
> even retract it in order to resend it with modifications. It would not be
> reasonable to rely on the originator to bcc herself to gain this
> capability -- it ought to be required by the spec.
I disagree. Firstly, it's entirely possible that the originator
does not have a public key suitable for data encryption -- he
might have a signature only key. Secondly, encrypted content keys
take up a not-insignificant amount of space in the message. Mandating
this serves no interoperability requirement and therefore
it's inappropriate.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
- Protocol Action: Cryptographic Message Syntax to … The IESG
- Issues with S/MIME Message Specification Robert R. Jueneman
- Re: Issues with S/MIME Message Specification EKR
- Re: Issues with S/MIME Message Specification Paul Hoffman / IMC
- RE: Issues with S/MIME Message Specification Robert R. Jueneman
- Re: Issues with S/MIME Message Specification Andrew Farrell
- RE: Issues with S/MIME Message Specification Robert R. Jueneman
- RE: Issues with S/MIME Message Specification Andrew Ferguson
- Re: Issues with S/MIME Message Specification Andrew Farrell
- Re: Issues with S/MIME Message Specification Russ Housley
- Protocol Action: Cryptographic Message Syntax to … The IESG