Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt
"Jim Schaad" <ietf@augustcellars.com> Sun, 01 May 2016 03:34 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB57412D1C2 for <spasm@ietfa.amsl.com>; Sat, 30 Apr 2016 20:34:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vp94ubwkegzF for <spasm@ietfa.amsl.com>; Sat, 30 Apr 2016 20:34:44 -0700 (PDT)
Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4309E12D18C for <spasm@ietf.org>; Sat, 30 Apr 2016 20:34:44 -0700 (PDT)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id E779438F30; Sat, 30 Apr 2016 20:34:42 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Wei Chuang' <weihaw@google.com>, 'Laetitia Baudoin' <lbaudoin@google.com>
References: <CAFTDvC5g5CeY0V4xO3NahYc226BMOF5QCCK41_admqiz88ZZ3Q@mail.gmail.com> <CAAFsWK1J3baG7=KHpD67q9Uzt48tja=Dejud5xJrUT0HWp=HBw@mail.gmail.com>
In-Reply-To: <CAAFsWK1J3baG7=KHpD67q9Uzt48tja=Dejud5xJrUT0HWp=HBw@mail.gmail.com>
Date: Sat, 30 Apr 2016 20:34:42 -0700
Message-ID: <0afc01d1a35a$667346f0$3359d4d0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0AFD_01D1A31F.BA188DA0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGlmp13BAVndVKnuhSrCmxTsNgUlAGaazQXn+6jTSA=
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/c9BGmKI9rC5Ce6tsA7OWgyODl38>
Cc: spasm@ietf.org
Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 May 2016 03:34:47 -0000
Wei, See below. From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Wei Chuang Sent: Friday, April 29, 2016 1:52 PM To: Laetitia Baudoin <lbaudoin@google.com> Cc: spasm@ietf.org Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt First thanks goes to the authors of draft-schaad-rfc5751-bis-00 for doing the update. On Fri, Apr 29, 2016 at 12:44 PM, Laetitia Baudoin <lbaudoin@google.com <mailto:lbaudoin@google.com> > wrote: Hi, Could we update the text in section 3.4 [Creating an Authenticated Enveloped-Only Message]? Currently it states: ----- This section describes the format for enveloping a MIME entity without signing it. It is important to note that sending authenticated enveloped but not signed messages does not provide for authentication or non-repudiation. It is possible to replace ciphertext in such a way that the processed message will still be valid, but the meaning can be altered. ----- Which is incorrect: alterations to the encrypted part of the message would be detected. The problem is that authenticated encryption alone does not prove anything about the sender. An alternative to the last sentence could be something like "It is possible to change the sender without altering the validity of the processed message". +1 Also I'm bothered by the second sentence as too alarming as potential uses would presumably find a means to authenticate. [JLS] See my comments to Laetitia on why I don’t think authentication is a viable option here. As this update also adds AES-GCM, can draft-housley-cms-chacha20-poly1305-00 be considered too? That would help authenticated encryption algorithm diversity. [JLS] As Russ said in his mail, the actual draft is not going through this proposed working group. I would be open to having both AES-GCM and ChaCha/Pol1305 as being listed as AEAD algorithms to be supported by the message specification. I added in AES-GCM only because I needed to place some algorithm in the draft to motivate the reason for adding the CMS authenticated encryption algorithm. Also does this means that updating algorithms in general will be covered in this pass? If so, can keysize and algorithm deprecation occur e.g. drop md5? [JLS] Sean is unhappy, but I do believe that since the draft is open all of these issues are open as well. I am not really sure what I want to say about MD5 the current draft says it is supported so you can talk to (and potentially read old message from) S/MIME v2 implementations. Are we really sure that we want to shut off this option given that S/MIME v2 was only made historical by RFC 5751 in 2010. I think we need to be careful about how we make recommendations on MD5, but potentially doing a verify but don’t send makes sense. We need to have a strawman to discuss on key sizes, but this is normally a very controversial topic. For possible work much farther down the road, I would suggest that section 3.1 and details of wrapping messages in "message/rfc822" be clarified. [JLS] What are the things you want to be able to do that is not covered? This was heavily discussed at the time the original RFC was done and it was not possible to get any consensus about how to make this clearer than what it is. Indeed, there were tons of problems with deciding how to address what fields are to be duplicated, what fields can be hidden, how to show/highlight what happens in the event of a conflict between the fields. Think about the situation of sending a signed message to the spasm mailing list. In that event you get a new header added called sender that changes how Outlook displays who the message is coming from. (Consider a case where sender privacy is enforced by the mailing list.) The headers which are authenticated by DKIM are no longer the same as the ones in the message. There are lots of problems that need to be dealt with if we are going to “clarify” this language. Jim Thanks, -Wei _______________________________________________ Spasm mailing list Spasm@ietf.org <mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm
- [Spasm] Suggestions for draft-schaad-rfc5751-bis-… Laetitia Baudoin
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Wei Chuang
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Russ Housley
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Jim Schaad
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Jim Schaad
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Russ Housley
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Laetitia Baudoin
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Russ Housley
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Laetitia Baudoin
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Wei Chuang
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Wei Chuang