Re: [Spasm] Document Updates
Wei Chuang <weihaw@google.com> Tue, 14 March 2017 08:02 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C49F1294A6 for <spasm@ietfa.amsl.com>; Tue, 14 Mar 2017 01:02:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trpR-_J3A1KU for <spasm@ietfa.amsl.com>; Tue, 14 Mar 2017 01:02:44 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A77C126CD8 for <spasm@ietf.org>; Tue, 14 Mar 2017 01:02:44 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id m124so89008230oig.1 for <spasm@ietf.org>; Tue, 14 Mar 2017 01:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Dpv3Lalffm/O5dA9Rkk/E0zzJa9qA+DywzC0Qn/etHs=; b=VJovPmfo5lt/hVXMtsjeGWH+xAvfwLj68ADI1TpZaOtRnL2DcNf32uTmMJKzIGFeEM pxzNgBPkXXu3delXQ7d9dd9YqQ5+uy+klXVQ9arqqMArwFG+qAXZkdv8N3ga5nVOVWkA +oz8WRORtzc41g2vGNLfGRXVZms50dj/3vvK4uAYny4+H0jsksHaOBNSf3nQMCW+6mYL 5YRNVwoAD2NECGgqcyMjoD/fqeJOLaT2ngjL61ARdJv4jtwS4s//5Juu1zVZx6wWWITc amJqx4koW/BJ0M1wZ9K3AWAVW678abQyfKGgLrNC9yfDjMX66y6NskJ30W78d6GpyxYP twqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Dpv3Lalffm/O5dA9Rkk/E0zzJa9qA+DywzC0Qn/etHs=; b=tSTUpkuOxgLnE/NMxP7fYJvYRggrwARC2NkUb9Dr8MDyAJW5KYnJT10JLOQ1+R/wrE EKaFD5YIn+4zVWRsFDZ8EZzOhE4qRWw16ciJBYrvzzOl+/hqwt07eDhgM/6PTwU01rxc NHyFJ942zOYLSYj415xc5ho1mzigBk2ddsRc4BhQR8/l4uaAh/JTC8H+EFW3SP75IzVd RsqsLFzPEvwxtOA8PY3sbeoRHfxARQWQJht/iDn0yFMj92GGYfFom7Gp+qIVc8ILIZoL l/bCE5gNMyLVvfeQ6jXFpehi2RIFXLZfaZjL94xmBS8zzOHHpzeVSApfNdokE1W9a76U nftA==
X-Gm-Message-State: AMke39noVJDFY/kOdjb4VSWp5P8MkVlGrX5MYKJ6BP2eyptC0hzOxuE/Pr9pGH7ShrCckLszVLUbXJ4b7WtbQ8Er
X-Received: by 10.202.79.18 with SMTP id d18mr20286819oib.9.1489478563676; Tue, 14 Mar 2017 01:02:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.41.226 with HTTP; Tue, 14 Mar 2017 01:02:42 -0700 (PDT)
In-Reply-To: <5701426C-F82E-4E2E-9205-50F11FEC0F88@vigilsec.com>
References: <0bea01d29c31$b4930430$1db90c90$@augustcellars.com> <5701426C-F82E-4E2E-9205-50F11FEC0F88@vigilsec.com>
From: Wei Chuang <weihaw@google.com>
Date: Tue, 14 Mar 2017 01:02:42 -0700
Message-ID: <CAAFsWK3nrZ2r-5TJh=y3tGfjrpZNtPABmkRi6d=EFUeO6ifgtA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a113d85c4b62f95054aac40b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/5FH6pUz8J5HGg6awrJ73bPkoKjo>
Cc: SPASM <spasm@ietf.org>
Subject: Re: [Spasm] Document Updates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 08:02:46 -0000
On Mon, Mar 13, 2017 at 1:01 PM, Russ Housley <housley@vigilsec.com> wrote: > > I have released new versions of the two S/MIME documents to address all > last > > call comments received. > > > > I have not dealt with one comment which has to do with the first default > > algorithm to be used for encryption when there is no knowledge of what > the > > recipient of the message is capable of. This has traditionally always > been > > the "best possible recommendation" that we can provide. For this > reason, I > > have set it to AES-128 GCM. > > > > Russ has requested that this be changed to AES-256 CBC because we are > > introducing not only a new algorithm but a new CMS structure at the same > > time. This means that not only would a down client be unable to decrypt > the > > message but would not recognize it as being an encrypted message. > > > > I do not really think that I care about this possible problem as it > should > > be dealt with cleanly, an ASN.1 decode error needs to be coped with. For > > this reason I do not think there is going to be a significant behavior > > difference between an ASN.1 decode/message type recognition problem and a > > cannot decrypt because the algorithm is unknown. > > Implementer’s please state you preference. After conferring with some folks over here, our preference is for AES GCM since it provides integrity. We agree its better to make these updates 'cleanly' rather than string out the updates. -Wei
- [Spasm] Document Updates Jim Schaad
- Re: [Spasm] Document Updates Russ Housley
- Re: [Spasm] Document Updates Wei Chuang