IETF Logo Mail Archive

Re: [lamps] I-D Action: draft-ietf-lamps-cmp-algorithms-04.txt

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Fri, 07 May 2021 06:33 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7713E3A091F for <spasm@ietfa.amsl.com>; Thu, 6 May 2021 23:33:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wpmb593oC4JS for <spasm@ietfa.amsl.com>; Thu, 6 May 2021 23:33:02 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20061.outbound.protection.outlook.com [40.107.2.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2BE93A0916 for <spasm@ietf.org>; Thu, 6 May 2021 23:33:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NlhgTlefmlW6S2AUFMoT/FD7aZMKBZGoq7XdMIdWkojLrQet53Z6IqQJaNh6alMb9xsvtIuS4TJItptwUfcgrR/ZbfWP/9a8/gLLYRqxSKeIrZ9qwRHYAlQdif8NzVd/Kpnk7Cl3qU8wjiVmTArqOZQxEgp85YI+qpEZtbPth4llk/KW5SPhV2bz9Nmciead9Ik6DWPEMXKg1nABv6RU0j3FHOuAv5/Wzr+eB9cpyM9oyvjTFGhjO+bNRgbTgKPtxl/5ZzBcefySKHy9vG1Q9jsGltyDXtkub9W+PUlyCpfTgMHmR9lh+YRVfNKVeixPKqJ3ebBEHVqZkS4sOoB3RA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=apNhAMw8CiM3WjimYvf8E6vCyi11y0JlLa1lKP4BNog=; b=mxWoLBz36woPyGl3O99UTg9K121oghkDmOnsVKmUjBRNy1Dv9sd7RnqV0zrxjI9pebR6Jtf0g2A0zxDQmhv6b7utfXDlL9Z+Z0cga3yVcW9Ek1n/vSu78iXNLx8+Gx4Rq0lhGjn8QLTzXg70bCZVa3C5RVyn0fMc/LHSGVyaZORFu0eynqcUtG/hGx8gFAIgM80j1P+jirrjUuSnpCejjx0ZyvVpHQj+LoAotKrx+I4QcnhiRHxEdET9qlYCDzmZ2k67n3wmG2wi8DT5XoibqTPD1s/rHCHgyvAFH653Pe2EanZrhH5US3AF5Pzkx6dgYBCDFvvLPqDmaBGF4FV9Kg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=apNhAMw8CiM3WjimYvf8E6vCyi11y0JlLa1lKP4BNog=; b=eMtfSnMGEQJV534g/12cXyLbB1WV0RyyMC3XkU5h5WQMpvuuSJ5NgBIjngM1JkXxfoX4UZ/+QJqUgAfObY39lqfaNDHBcmkuB47LQ8CnUFmkrg0zhOrxLXMyepMnXp6xh69Q2DQe/mv92s5YgCaH5gTKxXU76G1wKnsBV6irNHE=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB2514.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:d8::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.26; Fri, 7 May 2021 06:32:59 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::8563:833c:2122:ae5c%7]) with mapi id 15.20.4108.028; Fri, 7 May 2021 06:32:59 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cmp-algorithms-04.txt
Thread-Index: AQHXQcS4eJ8xm0WW+0efnN1Z/EzK1KrVGYaAgADc8/A=
Date: Fri, 07 May 2021 06:32:59 +0000
Message-ID: <AM0PR10MB2418710F1CBD3291B16B1E8FFE579@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <162022905638.17127.6645256641140023215@ietfa.amsl.com> <DEA0E3DB-B31B-41D9-BA77-58899CC50304@vigilsec.com>
In-Reply-To: <DEA0E3DB-B31B-41D9-BA77-58899CC50304@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-05-07T06:32:56Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=dbcbfcb0-5de5-48a3-bb6b-c0558ba0b1d1; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;vigilsec.com; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.171.21]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f401ae37-d10a-422a-14e1-08d91121f500
x-ms-traffictypediagnostic: AM0PR10MB2514:
x-microsoft-antispam-prvs: <AM0PR10MB2514BC2F6E7A9EC206D7F066FE579@AM0PR10MB2514.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6X14NXJnWGhSM8pXRbhHwMlfPR+sPDd2Wr/dSgNxPrURsZbFF8ub8rZP+15hnzAqqdeQEuYU6ln9A8O9rymNjjpbBdEweC+SHe/oSo4c0RQ2+M6PTY2yXhSYxsHSKJwyu046WYES8Ifrr/8BNBAAhUffdysrwsrVYMCPB58Bx0a2IP8Ybb8JkOm3r74iZPiDzwkM2cUwfgj+OevYj7sFncwBsCw9QcNI5S48ThuOGt6+Dvhh9Ch4YTK98TX30L/pt8ELKgYts788WwOGaIJYC+NOKxh2y6O7pGPmCb5IGcDevmLwoz1cMmO3gtzH1VUjm/Bi5QW8qSJF63sdzDR1zlaogtj+iSWpww1idNAL9LGMlmp3lKmCsBjEsBBFTT9kytpchDm2iiVzVH0xYZKNU6MEuCNm9Z7O5yXmv8AUy+ScaMzQ2OuGcXSSzvBh0f8bq8fmqouk1HXWkiMtzTWjkq+glzdyKwQZCPGfjhn437LSclCKSz/tvWfcC0P6DKWPMVdxssc5U/YIpu3bp6KGkXi9vfwa6dWMXDPhISMyOOBN89ERT2FMeffp+pDkFMdFuf4lTPLakTCGd3oPWUDGMCVe6RXc6lckK8VpmOEesDQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(376002)(136003)(396003)(366004)(86362001)(83380400001)(33656002)(2906002)(478600001)(38100700002)(52536014)(316002)(66946007)(4326008)(64756008)(66556008)(122000001)(66476007)(55016002)(76116006)(7696005)(8676002)(71200400001)(6506007)(26005)(8936002)(9686003)(186003)(66446008)(6916009)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: duCtOmox+zi+9O+GQ81XaJjg923ckkSH115XfTurWIKGF0A673an96Aw/dTWbrRSiP8FsqjMuWGTYg8UhXLb2DI9DsEb1xX5W0XWPA/boSTPxpGTt2N767unMYXPhJFaHiODBBoO0KlizF2RctGPAVOwxilEU2K2jZVIGpmB4hEmhfr2FFCFUk/8hFACOaO/CEh1bDXjVbbObgTVGD9hXEfIRCxflePBKaYJa3/VnU4U9YqbJtxLOKAazDMBMXX/0/PNoXRkT68XwnEtwv+ve9NRQwOE4yGm2IOkTE+frOYcH8EkjEIy8s5LX1rveE67Rp+e4RjSq8xFyFlCmAhXoR6ZamMneyFdwBIFaTnpbxQPnh7R/b7vHMjuPTBfVLRIBv1rSmNydh5te1v05OL3ydTKFlLDR+AFcJvrxlZ0j9l5wVEABniO8I11k6N5S3LZ2MXrIH1j7eoEdTun8wRg/pqx25YZlSSeFbha3IPbSevmoHGpgY77ziw+SfYeS18Mv78VnLECmHnejAOh3UJjaC/F1/Gbc8jyJwDtsUAGBRaNQeEl0VMbiJmlXiypyfwTmJsyIuVvNGcMscH2/H8TOlrUMrZAJG6k/JZsGUDVkI+MntHgW4xsh0MIedCpbacvAq8xxK9+4U3eAFvQNp4Doletbead7MpO9Y+4iMAfXG7Y8cVCPKtpp7Bq/OrovCdDIk+UzQgfQZP9bj1QrBhXBvQkF+zpp7dp8vbFwAtOaI2mceORhKtmAgB87BcXO6X7UZPAlhZ1+oNkcBDKMNQKRaodeFjVZyDXg2TpMwy8mI8A8i3A2vSnYgyvMNH+wJUSriPdV3dB71PfruOev/42YEN/HXCvdeaPHUR6I1nVKwQkThjtQkfCDT/ni9Luhz9TFAtNI0ctSW46GMUQyO89iefpyC9wE+pQ/Ukx68WhmzBZP5VkoQKZt3ZI3DcH4k3ItJNAStMqQ3hbalnrtLwJ9iyII7sZP7DUlIR2qLPdhCPKgZBikS3l8vRAKju1ammGyDljEMtbIs2cDMnYkqIlluAWU4ut87fHz5yL7qKOa6KkkbtEPoqIzzkhrBh8tdCU/7EsZ+VG03/KQcQt85SfpcUfsmQT3gxiqYhQefb5YJvx1yZ0x8va5IimvHgZlAYn4BA62K/lPb0ANFC15UrC9q75mmW/ugEAB9Jem3XsaKjgvw1T+uFysHbf1tac+yWQxqYrEpDP/9B0/suDs43BgPwWW9WOXWEpJRlQAY9V9bBOxyOcZQDHPku3mTazymg1NV5tE62c4p1btwDEiXL9nNyKwDthAjspyk33yJt2QlV4VwuPhqBsHbfU9QbfSVyN
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f401ae37-d10a-422a-14e1-08d91121f500
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2021 06:32:59.0572 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dwOmpSX6ukHdfwZlXySkLeuzI8jCG3iwzfYbq7cvzfMGDxnKG39WQxDL4PbOneyZIXA6Ph4tr9zxGzWEAfTNd4vG/lwJRLHudjdDWp+q87Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2514
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/1yxwGm4BtmXDTUQn6IOTw0H9AK8>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cmp-algorithms-04.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 06:33:07 -0000

Russ

Thank you for your comments.

> Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Russ Housley
> 
> Typo in Section 5:  s/proofe-of-possession/proof-of-possession/

Thanks, will be changed

> 
> In Section 7, it says "following guidelines should be followed".  That is a bit
> awkward.  More importantly, the things that follow are the criteria, and then
> there is a SHOULD statement.  I thnk the sentence introducing the bullets could
> reflect this better.

I suggest the following change:

Old
"the following guidelines should be followed."

New
"the following criteria SHOULD guide the choice of algorithms used for managing certificates."

> 
> In Table 1, what mode of AES is used for PROT_SYM_ALG?  I think it should be
> CBC.

I will change from "AES" --> "AES-CBC" 

> 
> In section 9, I suggest a rewording of the AES-GMAC paragraph:
> 
>    AES-GMAC MUST NOT be used as the pseudo random function
>    in PBKDF2; the use of AES-GMAC more than once with the same
>    key and the same nonce will break the security.

Thank you for this suggestion. It reads much better.

Hendrik

v2.23.0 | Report a Bug | By Email