Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 29 October 2021 12:30 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBE7D3A117B for <spasm@ietfa.amsl.com>; Fri, 29 Oct 2021 05:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDFMuWYiwmtZ for <spasm@ietfa.amsl.com>; Fri, 29 Oct 2021 05:30:49 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140089.outbound.protection.outlook.com [40.107.14.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BE403A117D for <spasm@ietf.org>; Fri, 29 Oct 2021 05:30:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZURyzz1vUklNWXOlQPbh6uTHdPaAesdZs/PjzREbe7//vGzuyzo2j6PLsdXNRz5C1gdFpv6swKhWfD2m95JbIuHyJKxj7T4UxXsxonol35rzPIzsvxyFR3dskOXXP7XBZtjWfSgh9KnSg7OR25cgP4fHFsg5V66GAYw2+d9frDAJBKivwSLIgzjWLZoZUap4Du6wZIvoU2Z4vva3qnCUjhTuutEqSnLAEi0kIB6HJstTJ0Im5S2uLr2H/I1rg8sxS9jI4xNbpgI+8iXP6/5gld0gJlmi8X+rdd8xy4YWkfIqZRf6Whteux/LErYRSb/WZhtXMMo8BTMpyWQPPTaSVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sDValzjSQSGgPfLu1gJ69d4D23PKzWBuI2T9XHGIsrQ=; b=XfPQNrJUXby2ojJFCoQM8tWfcaxnPBrwjaJvZZP8td+b+gKYWy/tGamVjk0fHckfV4fw3jJfuyLcbiDaX02Q+OWJMMNsdXQXI+UfEny1Q961GOx0U2Zups0qohInghMDZLNKj3jY0hq/zQr1apWcIjm7JnPg+XoZB7ln/TyasYFHKZNE/Cejx47MD0zxv99BN47tNFEVNZcfPZF4Dm++zLHjcFZ8PAjLkSb80WtVvRu+T4yhI8bk4iODSNDQefHavNt+oiTdaKqqJ/6eu0788o7A64sxDOd9cS/grWyXF3CYfA7X0mn58Pnn1X6SOX/VxQQuIaQAh0QG6RjqsnrU3g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sDValzjSQSGgPfLu1gJ69d4D23PKzWBuI2T9XHGIsrQ=; b=SnvZuIVPpypUlrimAFJ62aBxTStO3n05KwQUIz0Jc5Okm3nTFfQtQ/cA7z8MklsXQUw0TrbJXzqDnACZ5mUeXGVf/B9Pvz0Qeri/tcCGouox9fBfMEK8c2W3kclxUolNxPDj+sDt7zn+UQQ1B1Y9XD+kOfdNlvpPOtUzBi+Ts90=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2211.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.20; Fri, 29 Oct 2021 12:30:46 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::39c3:e100:ecf5:3596]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::39c3:e100:ecf5:3596%7]) with mapi id 15.20.4649.015; Fri, 29 Oct 2021 12:30:46 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Roman Danyliw <rdd@cert.org>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: AD review of draft-ietf-lamps-cmp-algorithms-07
Thread-Index: AdfKsmHop5v82zipS+Kei9oAXI0KtQAiaocA
Date: Fri, 29 Oct 2021 12:30:46 +0000
Message-ID: <AM0PR10MB2418F86C7FA82F1D40F910D4FE879@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <BN1P110MB0939774B07F1FF05E5DBBC42DC849@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN1P110MB0939774B07F1FF05E5DBBC42DC849@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-10-29T12:30:44Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=4a69a945-cc46-4395-9b80-d4e3fee21f63; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6ee1e74f-6a91-4fc1-bb9e-08d99ad7eedd
x-ms-traffictypediagnostic: AM0PR10MB2211:
x-microsoft-antispam-prvs: <AM0PR10MB2211C87CFC69DAC7594E7D48FE879@AM0PR10MB2211.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ta1jDbP50mx0qfz+E11ZXtk4VbG2RmfJcsJPqyvpQBwg5r+YB3EtsbttEdVtr/tw0dxUUkHc486IGU0HUoAdEDts4deU4cCyjqn8LHIZsNI+2g+nWkQQE8bDxlbTIoDKRR8sEbjsOnyxZo/iHBKCyWos+39XNxtHF2NJ51WlZhKmz2igLd9G9CrzEJ2/d3/kkDgUUoG72pBw3/7StX3bapjo5dxHppXSK+jq/LyCFLA2zSCgRL/bC7yPdVFc6Z/JpXP9ULSRhazwTXSKeBZ7Ddb3UB3+q6VdFNDRTB+0NlINJOP0az0eF4Hs1WRkFZxUbANEr3NULCDPo1e+NkHNyHj5GUjrrFhleOY50xsbq8GuaxrvSw+rcyWwj5kl3zRouAxGv/4pBdvMJ6KrcuSOcXafzpAot1aNDyg4XSDIS9EsHC2O14r0JYlPLogsphalbDmZJGGgKAfnnyTCtMn05bp7nN7pfTIiUpVFyboIjeGmoW4ARIq30HdAyQ3nv/CloXiiu3rhv/QBn+STQOi4aWE0vxpFLiSIPYp6vZE/MVBXcUWYMczzswgcVY04rbyVXX9mmJvK4Up9FJu8ow41FxS2aXzEBmfl8EP2r+3/W/BglNnkaKPfyDF+IMN3gMmIQ/FJtJ0JrBxdEDuxQS1MBggC3e8kYV4zDOt0DSfJUNc/kjjkRtASGQiRAXbROttSv9jJCh5AReb74TTkCVjXcg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(122000001)(33656002)(2906002)(8676002)(4326008)(186003)(82960400001)(52536014)(66476007)(26005)(5660300002)(38100700002)(76116006)(8936002)(316002)(30864003)(86362001)(38070700005)(64756008)(66446008)(19627235002)(508600001)(9686003)(6506007)(66946007)(71200400001)(66556008)(55016002)(7696005)(66574015)(83380400001)(6916009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NyD25ffJp2b35Et96A7qtSk1DyRLECifi9oZfv2953BkpEn3aNuyHAyDickeVU5vp02VxOP9INb7XNvU3VZWTg6f0BLoh321zvMtfyVz3hGl1unSYXYbmioPIcERR38ibD2+LHlu40xugPY7MSV1HwVDD4vddUnWWVsOXmV9QyEmbZYjh23pmuldXqn9bi9YBUS+kfTFMTNzuYuQkA+ELDlXwcilB0K4kZUVVVj9CJlw+tjVXclOIcZ9TcnOr7fX+yjg02dQpxUEnvGamSm7tZsLnZt59Cd8FE4SRnMqQlXc0PIxH5EkW/uhwIr1h835M1YCbQHEwC4W9odYGYaGXszn6kg2VdKCp8PwkK0oXqF7tiWQ1+eDU0xn+Zir+wJC7J0zHPS7XZjtbWnW8TkFEKFSj1nOm7vVNcghUm7pQ9lvzyxq39pi5MHkNhSmRVq8HpeWPIHYVoQBTcd4MuNiz6Au8tsP495LY5Z53uLRBngzcw49KedOv9WioHHtOz8Ia3BjbjBEzpPXNpBEvetPfpsUpzAzH49/nDj6EXEy3oHz/J7iIJymfi7jcLL8tS9ewon5ntI7W8gTFXDx/KkaijA1A8VHBw9eIptSqKYJbB9LtqwSur4nBnEbTTJxhl9ZtwN+aL8Id8jj226lXID3nhJ4xJ/85RN6/FyRtgpcpli8dbQI4HO08EXqnkxYLnstIdeVUPsTuVyNNKDX+1C6262bbAJmP9g7cZVKITIW9PxNsmzJfB5PAlSLZRUzAoalR6NpHn+F+dxQ2fMl7+NTvynEE1kMCHaW5SXMenYJWqM9onLNsdJNtbbH+JhlmvYeXYrFgqZpFTSi+gf0sUSCRshUOZ9TnIjlg8ihajrL24O+9J5C0/7t9gxPGlU61NwLjO1IOLDdTQqkUt8ZMqNG9I0E7mUt12Tdv+It/ibkMAFcFuB/8MYgayXnDCpk+aCuy91wlpVvOgrxQYPgy6Pha4j53FMpkzb1uhwMSpSreQZPtYpTZ4PkB9A8a2a6yBT0zymksLtwg1ViXe9tpJLPIQNQjqfO5nL2sosMGYbO4OepNxC2lX5hLhOfNbdsX0MVpkOPt3qjMZEmxyxo7EyDBJsnnrvIJv7m/r0hFeVk9D89pEOQRaqKJwLcgRchKy12Kod6sivD8oWregzbxMgde2q3c88QeFgDlSV3SMQj5pWWwX6B9dKNsyhurUm9yxGszC+reNlqwOU011u7UaedWu+UvdmvSxIdB4EkEvpqb4iOxcxyBKvcDAYRIPfYGQPD6nysPHpTPuTFgMqB/JYMlSBdQiAf3/aU4vzP+I+X/qE32NnRTcOz4lCB4q3qCxpXRp5Q471mC9Z7ZwH//zYx7sumcb3ohBL4iD7EOEpwUnvbgIAasrW+Md1yU6OoJZJ2/Fj4N6yAzPUqSMpIiWyh3DYZbb1eeq7nlG9Wz6l2UzHZJ4r4fntvbcYf/BBnDcBeXBZs/bhN67zAeCF0aYCDGkb6wwrZeYEwH2zn3kAi/lYFmbp9UxF9BDaQh5kRFdhJvQvjoC5bDp0yALLkMYrW9loNjK4m9lgtodCV4mnod4XBEes/MhEtukuDq7W6xnWv+9Xl1WsdYmFIxr7wCfiicvIrnbOwWhBYh68kLlzh72gxu5WkOTsblbEEo7UlPl9RSn5NED52MNoNyF2Z3H9hvg==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6ee1e74f-6a91-4fc1-bb9e-08d99ad7eedd
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2021 12:30:46.4411 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: P2AJ7nSTx13fDkPE3J2foE1Q+wBzrb5Wlq21+yOTfJQZBeiQ0fcVG644ExwA9ereAKzDXGjiK4HCwtamcQulZaW3WHhB+7di4c4jRMYw4Dw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2211
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/1Kgs8TnToKSVK4Yrbb6j1TP40fU>
Subject: Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2021 12:30:55 -0000
Roman Many thanks for your feedback. I am confused regarding your comments on field names vs. type names. If you look for example at the definition of KeyAgreeRecipientInfo (RFC 5652 Section 6.2.2): KeyAgreeRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 3 originator [0] EXPLICIT OriginatorIdentifierOrKey, ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, recipientEncryptedKeys RecipientEncryptedKeys } My reading is that keyEncryptionAlgorithm is the field name and KeyEncryptionAlgorithmIdentifierits the type. Am I wrong? Please find further comments below inline. Feedback on you comment regarding Section 7 and Section 9 will come next week. > -----Ursprüngliche Nachricht----- > Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Roman Danyliw > > Hi! > > I did an AD review of draft-ietf-lamps-cmp-algorithms-07 with my comments > below. Thanks for this work to evolve CMP. > > ** Section 2, 3, etc. Editorial. When listing the places where digest and > signature algorithm identifies are found, consider if enumerating them as a > bulleted list might be easier to read. For example: > > OLD > Digest algorithm identifiers are located in the hashAlg field of > OOBCertHash, the owf field of Challenge, PBMParameter, CertStatus, > and DHBMParameter, and the digestAlgorithms field of SignedData and > the digestAlgorithm field of SignerInfo. > > NEW > Digest algorithm identifiers are located in: > * hashAlg field of OOBCertHash > * owf field of Challenge, PBMParameter, CertStatus, and DHBMParameter > * digestAlgorithms field of SignedData > * digestAlgorithm field of SignerInfo. I like this proposal and will update the draft accordingly. I also change the paragraph on digest value locations accordingly. I did the same in other sections, where appropriate. > > ** Section 2. > Note: Specific conventions are needed for CertStatus content in > certConf messages when confirming certificates where the > AlgorithmIdentifier of the certificate signature does not clearly > imply a specific hash algorithm. In such cases the hash algorithm to > use to build certHash should be specified, e.g., as done in > Section 2.1 and Section 2.2 for certificates signed using EdDSA. > > I'm confirming my understanding of the text. Is the specific convention being > described here the second sentence (i.e., explicitly specifying the hash > algorithm)? I ask because "conventions" was plural suggesting that there was > more than one. Good point. Doth this proposal solved your issue? Old: Note: Specific conventions are needed for CertStatus content in certConf messages when confirming certificates where the AlgorithmIdentifier of the certificate signature does not clearly imply a specific hash algorithm. In such cases the hash algorithm to use to build certHash should be specified, e.g., as done in Section 3.3 for certificates signed using EdDSA. New: Note: When confirming certificates where the AlgorithmIdentifier of the certificate signature does not clearly imply a specific hash algorithm and no specific hash algorithm is defined for usage with this signature algorithm, as done in Section 3.3 for EdDSA, the hash algorithm needs to indicated in the hashAlgs field of the certConf message as specified in CMP Updates Section 2.9 [I-D.ietf-lamps-cmp-updates]. > > ** Section 3. Editorial. s/Section 7.2,RFC/Section 7.2, RFC/ Yes, thanks > > ** Section 3.1. Editorial. > OLD > The algorithm identifiers for RSASAA-PSS signatures used with SHA2 > message digest algorithms is identified by the following OID: > > NEW > The algorithm identifier for RSASAA-PSS signatures used with SHA2 > message digest algorithms is identified by the following OID: I will update the draft accordingly > > ** Section 3.3. Editorial. s/signature algorithm Ed25519 MUST/signature > algorithm Ed25519 that MUST/ Yes, thanks > > ** Section 4.1. > > Key agreement algorithm identifiers are located in the EnvelopedData > RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields. > > -- "keyEncryptionAlgorithm" is the type, the field name is > "KeyEncryptionAlgorithmIdentifier" per Section 6.2.1 of RFC5652. It should > likely read "... KeyAgreeRecipientInfo KeyEncryptionAlgorithmIdentifier". Section 4.1 addresses key agreement. Therefore RFC 5652 Section 6.2.2 applies. RFC 5652 Section 6.2.2 defines: KeyAgreeRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 3 originator [0] EXPLICIT OriginatorIdentifierOrKey, ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, recipientEncryptedKeys RecipientEncryptedKeys } Isn't keyEncryptionAlgorithm the field name? > > -- why is "fields" plural? Isn't the cardinality here a single field? Yes, it should be "field". > > -- I'm mentioning it here but it applies to the other uses, using spaces to convey > the nested CMS structure is confusing. I propose to use '-' instead of a space in case such structure is required. While switching to the bulleted lists I removed the nested structure. > > ** Section 4.1. Checking my understanding, is it accurate that both the key > agreement algorithm identifiers and the key encryption algorithm identifiers are > going to the same place in EnvelopedData? Thanks for spotting this. This points at a confusion on my side. This needs to be changed in Lightweight CMP Profile Section 4.1.6.1 as well. Looking at RFC 5753 Section 3.1.1 I understand now, that the key agreement algorithm OID is located in keyEncryptionAlgorithm and the key-wrap algorithm OID is located in the parameters field of the key agreement algorithm OID, e.g., a PARAMS field (see RFC 5753 A.3). RFC 5753 Section 3.1.1 - keyEncryptionAlgorithm MUST contain the object identifier of the key-encryption algorithm, which in this case is a key agreement algorithm (see Section 7.1.4). The parameters field contains KeyWrapAlgorithm. The KeyWrapAlgorithm is the algorithm identifier that indicates the symmetric encryption algorithm used to encrypt the content-encryption key (CEK) with the key- encryption key (KEK) and any associated parameters (see Section 7.1.5). Algorithm requirements are found in Section 8. RFC 5753 Appendix A.2 kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme PARAMS TYPE KeyWrapAlgorithm ARE required UKM -- TYPE unencoded data -- ARE preferredPresent SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme } > > ** Section 4.1. > Wrapped content-encryption keys are located in the EnvelopedData > RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys > encryptedKey field. > > -- "encryptedKey" is also a type. It should likely be "EncryptedKey" per Section > 6.2.2 of RFC5652. RFC 5652 Section 6.2.2 defines RecipientEncryptedKey ::= SEQUENCE { rid KeyAgreeRecipientIdentifier, encryptedKey EncryptedKey } Isn't encryptedKey the field name? > > -- My ASN.1 reading always needs help. Should it be "... RecipientEncryptedKeys > RecipientEncryptedKey EncryptedKey" or "RecipientEncryptedKeys > EncryptedKey"? Same thing would apply to "RecipientInfos" and > "RecipientInfo". I propose updating Section 4.1 as follows: Old: Key agreement algorithm identifiers are located in the EnvelopedData RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields. Key encryption algorithm identifiers are located in the EnvelopedData RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm field. Wrapped content-encryption keys are located in the EnvelopedData RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys encryptedKey field. New: Key agreement algorithm identifiers are located in: * keyEncryptionAlgorithm field of KeyAgreeRecipientInfo Key wrap algorithm identifiers are located in: * KeyWrapAlgorithm parameters within keyEncryptionAlgorithm field of KeyAgreeRecipientInfo Wrapped content-encryption keys are located in: * encryptedKey field of RecipientEncryptedKeys > > ** Section 4.2. > Key transport algorithm identifiers are located in the EnvelopedData > RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field. > > Similar to Section 4.1, keyEncryptionAlgorithm is the type. It likely should be > KeyEncryptionAlgorithmIdentifier per Section 6.2.1 of RFC5652 RFC 5652 Section 6.2.1 defines: KeyTransRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 0 or 2 rid RecipientIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } Isn't keyEncryptionAlgorithm the field name? > > ** Section 4.2 > Key transport encrypted content-encryption keys are located in the > EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey > Field. > > Similar to Section 4.1, encryptedKey is the type. It likely should be EncryptedKey > per Section 6.2.1 of RFC5652. RFC 5652 Section 6.2.1 defines: KeyTransRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 0 or 2 rid RecipientIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } Isn't encryptedKey the field name? > > ** Section 4.3. As before, > s/keyEncryptionAlgorithm/KeyEncryptionAlgorithmIdentifier/ See above > > ** Section 4.3. As before, s/encryptedKey/EncryptedKey/ See above > > ** Section 4.4. As before, > s/keyDerivationAlgorithm/KeyDerivationAlgorithmIdentifier/ RFC 5652 Section 6.2.4 defines: PasswordRecipientInfo ::= SEQUENCE { version CMSVersion, -- Always set to 0 keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } Isn't keyDerivationAlgorithm the field name? > > ** Section 5. Editorial. s/Section 7,RFC/Section 7, RFC/ Yes, thanks > > ** Section 5. As before, s/ contentEncryptionAlgorithm > /ContentEncryptionAlgorithmIdentifier/ > > ** Section 6. Editorial. s/Section 7,RFC/Section 7, RFC/ Yes, thanks > > ** Section 6.1.1. Editorial. s/andAlgorithm/and Algorithm/ Yes, thanks > > ** Section 7. I would have benefit from a bit more clarity on the direction > provided in this section. > > -- "The following criteria will help implementers choose appropriate algorithms > for managing certificates" > > The bulleted list seems like only part of the criteria. As a non-exhaustive list, > additional considerations might be the capabilities of the end-point (e.g., does > the target deployment have hardware acceleration for some, are some > algorithms simply out of reach due to available compute or expected software > support); or perhaps local policy or compliance requirements? > > -- "The cryptographic strength of the algorithm with the lowest security." > > It seems like some words are missing here. Is the intent here to guide the > selection towards the algorithm that provides the minimum amount of strength > relative to the needed security requirements? > > ** Section 7.1. The text in this section seems it should explicit say that it is > updating RFC4210. > > OLD > The following table contains definitions of algorithms used within > > NEW > The following table updates the definitions of algorithms used within > > ** Section 7.1. If an algorithm is listed in the "Change from 4210" column, > should it be considered the equivalent of being added to the "other" column (per > Appendix D.2 of RFC4210? If so, please be explicit about that. > > ** Section 7.1. Table 1. > > -- What does it mean for PasswordBasedMac to be in both the Mandatory and > Change-from-4210 column for the MSG_MAC_ALG row? It was already the MTI > in RFC4210. Same question and situation with D-H for the PROT_ENC_ALG row. > > -- Should 3-DES be considered "other" in MSG_MAC_ALG and PROT_SYM_ALG? > > -- Editorial. In PROT_SYM_ALG and SYM_PENC_ALG, the "3-DES (3-key-EDE), > CBC Mode" should read "3-DES (3-key-EDE, CBC mode)" per the text in RFC4210. > > ** Section 9. Can a reference be added for the theoretical weakness in > PasswordBasedMac? > > ** Section 9. Editorially, the first paragraph ("RFC 4210 Appendix D.2 ...) and the > two paragraphs of "In Section 7 ..." and "To keep the list ...", seem to be saying > the same thing. Recommend a merge. > > ** Section 9. > In such systems the weakened algorithms should > be disabled from further use. > > Can this document make stronger recommendations about deprecating certain > algorithms such as 3-DES SHA-1 with normative language rather than keeping it > in the "other" category in the profiles? > > ** Normative References. [I-D.ietf-lamps-lightweight-cmp-profile] should be a > normative reference given the use of normative language around it in Section > 7.2. I will move the reference up Hendrik
- [lamps] AD review of draft-ietf-lamps-cmp-algorit… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Mike Ounsworth
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik