IETF Logo Mail Archive

Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt

Russ Housley <housley@vigilsec.com> Sun, 01 May 2016 15:53 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4990512D0C6 for <spasm@ietfa.amsl.com>; Sun, 1 May 2016 08:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P4DWz8mOZSXA for <spasm@ietfa.amsl.com>; Sun, 1 May 2016 08:53:47 -0700 (PDT)
Received: from mail.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id C18D112B011 for <spasm@ietf.org>; Sun, 1 May 2016 08:53:47 -0700 (PDT)
Received: from localhost (ronin.smetech.net [209.135.209.5]) by mail.smetech.net (Postfix) with ESMTP id 938DCF2401F; Sun, 1 May 2016 11:53:47 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from mail.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id Amf3oYThrHRD; Sun, 1 May 2016 11:37:27 -0400 (EDT)
Received: from russellsleysmbp.home (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.smetech.net (Postfix) with ESMTP id B5772F24013; Sun, 1 May 2016 11:53:36 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <0afb01d1a355$d064a720$712df560$@augustcellars.com>
Date: Sun, 01 May 2016 11:53:35 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <1B417FAF-53F0-47AC-BA78-0F2FC0B33AAE@vigilsec.com>
References: <CAFTDvC5g5CeY0V4xO3NahYc226BMOF5QCCK41_admqiz88ZZ3Q@mail.gmail.com> <0afb01d1a355$d064a720$712df560$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/9WmmA71vqBDZuK7ST6WkkjdJoC0>
Cc: spasm@ietf.org, Laetitia Baudoin <lbaudoin@google.com>
Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2016 15:53:50 -0000

I think we need to explain this situation in the security considerations, at least to the level that an implementer knows what services they are getting and not getting.

Russ


On Apr 30, 2016, at 11:01 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> 
> 
> -----Original Message-----
> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Laetitia Baudoin
> Sent: Friday, April 29, 2016 12:44 PM
> To: spasm@ietf.org
> Subject: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt
> 
> Hi,
> 
> Could we update the text in section 3.4 [Creating an Authenticated
> Enveloped-Only Message]?
> 
> Currently it states:
> -----
> 
> This section describes the format for enveloping a MIME entity
>   without signing it.  It is important to note that sending
>   authenticated enveloped but not signed messages does not provide for
>   authentication or non-repudiation.  It is possible to replace
>   ciphertext in such a way that the processed message will still be
>   valid, but the meaning can be altered.
> 
> -----
> 
> Which is incorrect: alterations to the encrypted part of the message would
> be detected.
> The problem is that authenticated encryption alone does not prove anything
> about the sender.
> 
> [JLS]  It is not totally incorrect, but I would agree that it is misleading.
> The odds of being able change the message are approximately 1 in 2^128
> (assuming a 128-bit authentication tag).  This is much better than the CBC
> world where the odds would be roughly 1 in 256.
> 
> An alternative to the last sentence could be something like "It is possible
> to change the sender without altering the validity of the processed
> message".
> 
> [JLS]  I find this to be a very misleading statement.  I find that the term
> authenticated encryption to be very misleading.  An AE algorithm only gives
> authentication about the sender under some very specific conditions, and
> those conditions are not generally found for many S/MIME messages.  If it
> had been up to me, I would have called this class of algorithms integrity
> protected encryption rather than authenticated encryption.
> 
> Just to be clear, the following conditions would be required to have an
> authenticated encryption in terms of knowing who the sender is.  1) You
> would need to use an authenticated encryption algorithm, 2) One would need
> to have exactly one recipient information structure (otherwise any other
> recipient can change the message or forge a future message), and 3) the CEK
> would need to be a key directly derived from information about both the
> sender and the recipient.  This would require the use of static-static DH
> which is not generally considered to be an option for S/MIME.
> 
> Given these conditions, I believe that it would be very unwise to say that
> one is going to get authentication from an S/MIME message.  One will get
> integrity protection but that is a different service.
> 
> Jim
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email