Re: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification) to Proposed Standard
Jim Schaad <ietf@augustcellars.com> Sun, 15 April 2018 21:46 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC6112D7F1; Sun, 15 Apr 2018 14:46:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v16jPllZIiOh; Sun, 15 Apr 2018 14:45:59 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E019512D7F0; Sun, 15 Apr 2018 14:45:58 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Sun, 15 Apr 2018 14:43:31 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Tim Hollebeek' <tim.hollebeek@digicert.com>, ietf@ietf.org
CC: draft-ietf-lamps-rfc5751-bis@ietf.org, lamps-chairs@ietf.org, ekr@rtfm.com, housley@vigilsec.com, spasm@ietf.org
References: <152365448277.5553.10237322036686012069.idtracker@ietfa.amsl.com> <MWHPR14MB1376C743E760220DEFBF2DCA83B10@MWHPR14MB1376.namprd14.prod.outlook.com>
In-Reply-To: <MWHPR14MB1376C743E760220DEFBF2DCA83B10@MWHPR14MB1376.namprd14.prod.outlook.com>
Date: Sun, 15 Apr 2018 14:45:50 -0700
Message-ID: <012701d3d503$214207b0$63c61710$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIHPjTpWLURD0kndXwPQzxepJfQ2gGwkdt/o432RHA=
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/8BKkhX87X2EQDZHcmQL3wSHIzLg>
Subject: Re: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification) to Proposed Standard
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2018 21:46:02 -0000
> -----Original Message----- > From: Tim Hollebeek <tim.hollebeek@digicert.com> > Sent: Sunday, April 15, 2018 8:32 AM > To: ietf@ietf.org; IETF-Announce <ietf-announce@ietf.org> > Cc: draft-ietf-lamps-rfc5751-bis@ietf.org; lamps-chairs@ietf.org; > ekr@rtfm.com; housley@vigilsec.com; spasm@ietf.org > Subject: RE: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> > (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 > Message Specification) to Proposed Standard > > I just read the whole draft and have the following comments. Overall, the > draft seems to be in excellent shape. > > I apologize if any of these were discussed earlier in the process, before I > started following this draft. More than happy to create a pull request with > the changes once I get some feedback on these. > > Section 2.1: > > Is it worth adding "SHOULD support SHA-3" ? At the time this document cleared WGLC the answer was definitely no. For those people who believe in having consistency in all of the hash algorithms the answer would still be no as there are no SHA-3 signature algorithms that are currently either MUST or SHOULDs. The answer would be different if Ed448 was in that list. I think that this means the answer is still no. > > Section 2.2: > > "NIST is unable to provide the seeds that were > used to create their standardized curves, this means that there is a > section of the community which believes that there might be a back > door to these curves." > > This is a comma splice; recommend changing the comma to semi-colon. > > "there is only a requirement for curve in the sending agent list" > > I think "only a requirement for ONE curve in the sending agent list" was > meant. Yes this is what should have been there. > > Section 2.7.2. "All algorithms that use 112-bit keys are considered by many > to be weak encryption." > > Is the LENGTH of the key, or the STRENGTH of the key intended? > > If the former, are there other examples of 112-bit keys other than two key > 3DES (~80 bits of strength)? > If not, why not say two key 3DES to be explicit? > > If the latter, what's the rationale for considering 112 bits of strength > weak for symmetric algorithms in a standard where RSA-2048 is considered > strong? > > I don't find "considered by many" to be a useful statement. After all, the > world is considered by many to be flat. This should have been caught and updated when the security considerations text was updated to address the same problem. I have modified my copy to read Algorithms such as RC2 are considered to be weak encryption algorithms. Algorithms such as TripleDES are not state of the art and are considered to be weaker algorithms than AES. A sending agent that is controlled by a human SHOULD allow a human sender to determine the risks of sending data using a weaker encryption algorithm before sending the data, and possibly allow the human to use a stronger encryption algorithm such as AES GCM or AES CBC even if there is a possibility that the recipient will not be able to process that algorithm. Jim > > -Tim > > > -----Original Message----- > > From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of The IESG > > Sent: Friday, April 13, 2018 5:21 PM > > To: IETF-Announce <ietf-announce@ietf.org> > > Cc: draft-ietf-lamps-rfc5751-bis@ietf.org; lamps-chairs@ietf.org; > > ekr@rtfm.com; housley@vigilsec.com; spasm@ietf.org > > Subject: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> > > (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 > Message > > Specification) to Proposed Standard > > > > > > The IESG has received a request from the Limited Additional Mechanisms > for > > PKIX and SMIME WG (lamps) to consider the following document: - > > 'Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 > > Message Specification' > > <draft-ietf-lamps-rfc5751-bis-07.txt> as Proposed Standard > > > > The IESG plans to make a decision in the next few weeks, and solicits > final > > comments on this action. Please send substantive comments to the > > ietf@ietf.org mailing lists by 2018-04-27. Exceptionally, comments may be > sent > > to iesg@ietf.org instead. In either case, please retain the beginning of > the > > Subject line to allow automated sorting. > > > > Abstract > > > > > > This document defines Secure/Multipurpose Internet Mail Extensions > > (S/MIME) version 4.0. S/MIME provides a consistent way to send and > > receive secure MIME data. Digital signatures provide authentication, > > message integrity, and non-repudiation with proof of origin. > > Encryption provides data confidentiality. Compression can be used to > > reduce data size. This document obsoletes RFC 5751. > > > > > > > > > > The file can be obtained via > > https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5751-bis/ > > > > IESG discussion can be tracked via > > https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5751-bis/ballot/ > > > > > > No IPR declarations have been submitted directly on this I-D. > > > > > > > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://www.ietf.org/mailman/listinfo/spasm