Re: [lamps] New Version Notification for draft-ietf-lamps-crmf-update-algs-03.txt
Russ Housley <housley@vigilsec.com> Fri, 29 January 2021 17:27 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC9B43A119D for <spasm@ietfa.amsl.com>; Fri, 29 Jan 2021 09:27:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRKsERjBV8Ig for <spasm@ietfa.amsl.com>; Fri, 29 Jan 2021 09:27:29 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 579D43A116F for <spasm@ietf.org>; Fri, 29 Jan 2021 09:27:29 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 6D9DA300B93 for <spasm@ietf.org>; Fri, 29 Jan 2021 12:27:26 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id o5yg1WEu69A2 for <spasm@ietf.org>; Fri, 29 Jan 2021 12:27:24 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 971F5300B78 for <spasm@ietf.org>; Fri, 29 Jan 2021 12:27:24 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Fri, 29 Jan 2021 12:27:25 -0500
References: <161194056513.11286.8665929175142199665@ietfa.amsl.com>
To: LAMPS <spasm@ietf.org>
In-Reply-To: <161194056513.11286.8665929175142199665@ietfa.amsl.com>
Message-Id: <CFDA135B-CD86-49AC-908D-F61389660B14@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/UNOEv6IG6tQQR18KpDyxOzeIgYQ>
Subject: Re: [lamps] New Version Notification for draft-ietf-lamps-crmf-update-algs-03.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2021 17:27:33 -0000
This revision addresses several recent comments: Signature Key POP: algId identifies the algorithm used to compute the MAC value. All implementations MUST support id-PasswordBasedMAC as presented in Section 4.4 of this document. Implementations MAY also support PBMAC1 presented in Section 7.1 of [RFC8018]. Iteration Count: There is a trade off between protection of the password from attacks and the time spent by the server processing the iterations. As part of that tradeoff, an iteration count smaller than 10,000 can be used when automated generation produces shared secrets with high entropy. GMAC MAC Length: The GMACParameters length parameter field tells the size of the message authentication code in octets. GMAC supports lengths between 12 and 16 octets, inclusive. However, for use with CRMF, the maximum length of 16 octets MUST be used. References: Point to draft-ietf-lamps-cms-aes-gmac-alg. Used a shorter anchor name for NISTSP800-63B. With these changes, I believe that all open comments have been addressed. Russ > On Jan 29, 2021, at 12:16 PM, internet-drafts@ietf.org wrote: > > > A new version of I-D, draft-ietf-lamps-crmf-update-algs-03.txt > has been successfully submitted by Russ Housley and posted to the > IETF repository. > > Name: draft-ietf-lamps-crmf-update-algs > Revision: 03 > Title: Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) > Document date: 2021-01-29 > Group: lamps > Pages: 8 > URL: https://www.ietf.org/archive/id/draft-ietf-lamps-crmf-update-algs-03.txt > Status: https://datatracker.ietf.org/doc/draft-ietf-lamps-crmf-update-algs/ > Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-crmf-update-algs > Htmlized: https://tools.ietf.org/html/draft-ietf-lamps-crmf-update-algs-03 > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-crmf-update-algs-03 > > Abstract: > This document updates the cryptographic algorithm requirements for > the Password-Based Message Authentication Code in the Internet X.509 > Public Key Infrastructure Certificate Request Message Format (CRMF) > specified in RFC 4211. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > >
- Re: [lamps] New Version Notification for draft-ie… Russ Housley