[lamps] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
Matthew Miller <linuxwolf+ietf@outer-planes.net> Sat, 21 April 2018 15:29 UTC
Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E079127698; Sat, 21 Apr 2018 08:29:41 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Matthew Miller <linuxwolf+ietf@outer-planes.net>
To: secdir@ietf.org
Cc: spasm@ietf.org, draft-ietf-lamps-rfc5750-bis.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.78.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152432458128.20660.6956595430755199355@ietfa.amsl.com>
Date: Sat, 21 Apr 2018 08:29:41 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/LtfCDYs-jsYcDFliR4ecOjlxuck>
Subject: [lamps] Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Apr 2018 15:29:41 -0000
Reviewer: Matthew Miller Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Document: draft-ietf-lamps-rfc5750-bis-05 Reviewer: Matthew A. Miller Review Date: 2018-04-21 IETF LC End Date: 2018-04-27 IESG Telechat date: N/A Summary: This document is ready, but there is one nit around PKCS #6 handling that might benefit from explanation. This document describes the certificate handling expectations for senders and receivers of S/MIME 4.0. It obsoletes RFC 5750, adding requirements to support internationalized email addresses, increase RSA minimum key sizes, and support ECDSA using P-256 and Ed25519; older algorithms such as DSA, MD5, and SHA-1 are relegated to historical. Major Issues: N/A Minor Issues: N/A Nits: Section 2.2.1. "Historical Note about CMS Certificates" is almost entired unchanged, but added a requirement that receivers MUST be able to process PCKS #6 extended certificates. This almost seems at odds with the rest of the paragraph that precedes this MUST, noting PKCS #6 has little use and PKIX is functionally equivalent. A short explanation of why this additional handling requirement would seem helpful.
- [lamps] Secdir last call review of draft-ietf-lam… Matthew Miller
- Re: [lamps] Secdir last call review of draft-ietf… Jim Schaad
- Re: [lamps] Secdir last call review of draft-ietf… Jim Schaad
- Re: [lamps] Secdir last call review of draft-ietf… Eric Rescorla
- Re: [lamps] Secdir last call review of draft-ietf… Jim Schaad