[lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-crmf-update-algs-06: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 07 April 2021 20:57 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8813D3A298F; Wed, 7 Apr 2021 13:57:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-crmf-update-algs@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, tim.hollebeek@digicert.com, tim.hollebeek@digicert.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.27.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <161782906107.17950.16652353438946700482@ietfa.amsl.com>
Date: Wed, 07 Apr 2021 13:57:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/9sHInrsHR_K1gVQ-voByDsO_Y-w>
Subject: [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-crmf-update-algs-06: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 20:57:42 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-lamps-crmf-update-algs-06: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lamps-crmf-update-algs/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Where is the use of ECC with CRMF specified? RFC 4211 itself only covers RSA, (FF)DH, and DSA as the listed private-key options that have a PrivateKeyInfo structure defined. Other than that I only have nits and a request to reclassify a reference. Section 3 algId identifies the algorithm used to compute the MAC value. All implementations MUST support id-PasswordBasedMAC as presented in Section 4.4 of [RFC4211]. Implementations MAY also support PBMAC1 presented in Section 7.1 of [RFC8018]. nit: s/PBMAC1 presented/PBMAC1 as presented/ Section 4.4 mac identifies the algorithm and associated parameters of the MAC function to be used. All implementations MUST support HMAC-SHA256 [HMAC]. All implementations SHOULD support AES-GMAC AES [GMAC] with a 128 bit key. nit: s/ AES / / nit: s/128 bit/128-bit/ When this object identifier is used in the ASN.1 algorithm identifier, the parameters SHOULD be present. When present, the parameters MUST contain a type of NULL. nit: I suggest starting the sentence with "Also per [RFC4231],". Section 6 function. In 2010, researchers showed that about half of the real- world passwords can be broken with less than 150 million trials, nit: s/the real-world passwords/the real-world passwords in a leaked corpus/ (or similar) Section 8.2 I tihnk draft-ietf-lamps-cms-aes-gmac-alg needs to be a normative reference, since we SHOULD support AES128-GMAC.
- [lamps] Benjamin Kaduk's Yes on draft-ietf-lamps-… Benjamin Kaduk via Datatracker
- Re: [lamps] Benjamin Kaduk's Yes on draft-ietf-la… Russ Housley