IETF Logo Mail Archive

Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07

Roman Danyliw <rdd@cert.org> Fri, 29 October 2021 14:52 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A0E3A12A5 for <spasm@ietfa.amsl.com>; Fri, 29 Oct 2021 07:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K8AS57cMgYmw for <spasm@ietfa.amsl.com>; Fri, 29 Oct 2021 07:52:45 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0139.outbound.protection.office365.us [23.103.209.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8F1A3A12A0 for <spasm@ietf.org>; Fri, 29 Oct 2021 07:52:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Iy3dRZBTqoAcZ4bZk3uTXMUHFI/iLfsg1xsflPwLni/JL4rAfqoUG8tfc/S7dkeRwZo7/53ax8GmlxxZudrJoj09yhcb0yVxkeJuidZiJx+AZo/kbg8xMg/7JdYMMnYHDh9YMyrhZLSc+eOL5aB2fG02Ac3j2oWEmIIva6jPZdLiZXqKIGBBkO/1jK+FMZv4J3xfotHl+r29F2rLanr3EZTSWtJpcgAPTx1Umn5vFFen6abluN/lejNTm/1oMZMFiTDQrKI/n42VbAbysF/kBnZYQDmhp5oG60w7x8QAEDZTP8rL19/Hskqx9ARC8XPWWJXVq73AUVb+CXn7Au+v/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RTMsFf5BrRDpuzcwJVklKJYBMWZ8NahC+jNIYl2m4gQ=; b=tDLjAtNX2n3Efa2G+FjYbqw6V0KumkgNeQpgrtcQZsuC6ztWOpa5nFJgOUdjcaZD5Ej4Gbcx56sb63sYUpxlWf/DR1U85x23LOBUbuJcyEJQOwY8sHiL9AIqfOWzQkxuH6gXsJAFW8LdbKQAt6NZjuMQf+lF1D/KGjmA6dnn8n3a8YRMOj8KKT6jcbSW2ZUIBeT41NyqTCPaq6zF1e0Otg4RYW0oC31Z2mAEVWmiTi+UfzmI+oriHunOC23KpAmAzHFqtW3zZj1cl3HXCyQbW79GIRKHidaIsVThGzCDX2PnA/vlugw5gr/k6z0KKvBi/ABX6OrYIW5cm44TRQ6VCw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RTMsFf5BrRDpuzcwJVklKJYBMWZ8NahC+jNIYl2m4gQ=; b=fhjlAX/wuVNH55N8+IEGEZLAHZTl1dGaz+QzKBgX7MQqTXuh1GS1/3beS/Vfmq2/bg6GtECNeLu8Bg2Tn9imjw/WNpolnxSIIX1bc3SggDiul1olsuqjI7y5stnH9TmuQK7n9TSGDSaEINQ4L3k1OuCPIfwJdLRNtjMLUaqm264=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0882.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:132::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.18; Fri, 29 Oct 2021 14:52:38 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.015; Fri, 29 Oct 2021 14:52:38 +0000
From: Roman Danyliw <rdd@cert.org>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: AD review of draft-ietf-lamps-cmp-algorithms-07
Thread-Index: AdfKsmHop5v82zipS+Kei9oAXI0KtQAiaocAAGW8cIA=
Date: Fri, 29 Oct 2021 14:52:38 +0000
Message-ID: <BN1P110MB0939E0472BE839285D719B8ADC879@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <BN1P110MB0939774B07F1FF05E5DBBC42DC849@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <AM0PR10MB2418F86C7FA82F1D40F910D4FE879@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <AM0PR10MB2418F86C7FA82F1D40F910D4FE879@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: siemens.com; dkim=none (message not signed) header.d=none;siemens.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 25073910-f025-42fe-e95e-08d99aebc035
x-ms-traffictypediagnostic: BN1P110MB0882:
x-microsoft-antispam-prvs: <BN1P110MB088205D90C524D6D4B47084CDC879@BN1P110MB0882.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:2449;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zhE9PIoy+Cwdpo/UEwQS10t0rlf/FIbi4bCvZ36MEM2fkNQomrS+6ICcp7R01jQKgbTyxbTv6YYf/r0iAoN72CxgADrtulGj5oUEgFORnr3LHwbqJ8pJaFc3e/s7XNGhzdb7sNje90rV4SSoF7/i+cuhofnmdRM9g+fbzrF4lvNzhMr0lHCcpV2A4eQbluivELLW00q3eKpHczUkXSjmFMlqlMoXuuULY6XWckvC6YBsOlBtX0oXdesW+LzzgYmwG8bjg564yRoQuUak188qMsxApg7EXinuyBk0NqI5MtoERJdua538FCpxLuhVgL5VFiJ8g2YMTf5otMqiLLyT8lRElrB9M5KIzi37u+GP66bLDNw4cWRJi1MIA34x/ja96QfMrP+BLPsFTTg47Tjg1UCs8fHHN0kNj2M7Be/3Hzl6C0N3oefbbI0TiOr673OPSCX6lFeWV8t/CT80WThy+WCHmqNkI1qBrc3SvvQz0F5KAtcleYNx2JCTOjj+6s9PK/dczssM+zweHocK+OVQ9pN6qt+e1PKHEFBkPzi8ZZ9q9WDakhYSrtC/mKoKvcQtV3c7KF44afnjct2ebKZ/DFpZN25CdX1165oA8bsLUMXmL4+/GNDCuvI73E3IZD1T
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(122000001)(2906002)(4326008)(9686003)(38100700002)(5660300002)(55016002)(52536014)(8936002)(8676002)(83380400001)(19627235002)(71200400001)(498600001)(82960400001)(66476007)(66446008)(186003)(64756008)(7696005)(6506007)(30864003)(53546011)(33656002)(6916009)(66556008)(26005)(86362001)(76116006)(38070700005)(66946007)(66574015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yvCSshI/HAeF+tGTveo23cqNV8GGL7vbRHrDpTCJTiZlr5BRGk9i+jQ0wPjPbLxpY+1U36yWS3HfJKsIR65WLUrKuL8b5nRKFsdFZgQcZND0dtKU7L0W7cuIVWHtBVGuknL6jcG83gdQaewQFRbBkOLijMPqsLkTxZ6iQfAv2qroOj1ziYU8w8t7RacykmvdmCaiOo0lDYpyCUw+gQojj0umoGsjiBUe6fnffTPCM1p9r07441MJ0ZbNLhV4EmtbqzQ88lqJ9+4ZryRneLeiqSMqipBHgn+IVw1vQM/r3KBxqF6qKw45HK54g05t3DFI+7SHb7kR1xM+IRD/uAAbn6rOjFyNt0bke4xI0UhL3I+iJHGmJjqkHf2oopTCVHJbGR+Yp4+6uzWwJRVM8w2za9EPn5SjO3FXD0y8iv7BkEtKqnxXK9mtJAcqrDZbmKT7Xi72YY4C8CfdvCnXYeuFay6f3H05oavb4EzYZyaxxBCv6dlf36aJgsGCF0HOIfRbGt/QWGRq5awLe/8AjhNgJzhzKsBaBGcWPu2yR+/0Y5DZ+Dj4GgZ9aSnQywPNdK6W/rY/2ohW7yPOoa7/Z8KvdCKCaIo2adPL4RCSYhNiE3I5wr8dWwqx7KBlRyAFsyUQPbKmi+GcPTRtBbIVySZnOJ4VqN+4aWEoD9piy6T+CVB68Zq2Oqu+3LGBfv8iOdjWUPxe/heKsh/ClGXyuFra/PzCz8FckS1V75mYhj4Dn+Q=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 25073910-f025-42fe-e95e-08d99aebc035
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Oct 2021 14:52:38.1377 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0882
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/cUkab0Pu28yKb30jHpJlFCVpjvA>
Subject: Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2021 14:52:50 -0000

Hi Hendrik!

> -----Original Message-----
> From: Brockhaus, Hendrik <hendrik.brockhaus@siemens.com>
> Sent: Friday, October 29, 2021 8:31 AM
> To: Roman Danyliw <rdd@cert.org>
> Cc: LAMPS WG <spasm@ietf.org>
> Subject: AW: AD review of draft-ietf-lamps-cmp-algorithms-07
> 
> Roman
> 
> Many thanks for your feedback.
> 
> I am confused regarding your comments on field names vs. type names.
> If you look for example at the definition of KeyAgreeRecipientInfo (RFC 5652
> Section 6.2.2):
>       KeyAgreeRecipientInfo ::= SEQUENCE {
>         version CMSVersion,  -- always set to 3
>         originator [0] EXPLICIT OriginatorIdentifierOrKey,
>         ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
>         keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
>         recipientEncryptedKeys RecipientEncryptedKeys } My reading is that
> keyEncryptionAlgorithm is the field name and
> KeyEncryptionAlgorithmIdentifierits the type. Am I wrong?

You should be confused, because I'm wrong.  Sorry about that.  In that syntax of "<type> <type> <type> <field name>" that is used in the document, I translated it in my head as "<field name> <field name> ... <type>".  Please ignore all the various places where I called this out incorrectly in my earlier feedback.

> Please find further comments below inline.
> Feedback on you comment regarding Section 7 and Section 9 will come next
> week.
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Roman Danyliw
> >
> > Hi!
> >
> > I did an AD review of draft-ietf-lamps-cmp-algorithms-07 with my
> > comments below.  Thanks for this work to evolve CMP.
> >
> > ** Section 2, 3, etc.  Editorial. When listing the places where digest
> > and signature algorithm identifies are found, consider if enumerating
> > them as a bulleted list might be easier to read.  For example:
> >
> > OLD
> >    Digest algorithm identifiers are located in the hashAlg field of
> >    OOBCertHash, the owf field of Challenge, PBMParameter, CertStatus,
> >    and DHBMParameter, and the digestAlgorithms field of SignedData and
> >    the digestAlgorithm field of SignerInfo.
> >
> > NEW
> > Digest algorithm identifiers are located in:
> > * hashAlg field of OOBCertHash
> > * owf field of Challenge, PBMParameter, CertStatus, and DHBMParameter
> > * digestAlgorithms field of SignedData
> > * digestAlgorithm field of SignerInfo.
> 
> I like this proposal and will update the draft accordingly. I also change the
> paragraph on digest value locations accordingly. I did the same in other
> sections, where appropriate.

Thanks.

> >
> > ** Section 2.
> > Note: Specific conventions are needed for CertStatus content in
> >    certConf messages when confirming certificates where the
> >    AlgorithmIdentifier of the certificate signature does not clearly
> >    imply a specific hash algorithm.  In such cases the hash algorithm to
> >    use to build certHash should be specified, e.g., as done in
> >    Section 2.1 and Section 2.2 for certificates signed using EdDSA.
> >
> > I'm confirming my understanding of the text.  Is the specific
> > convention being described here the second sentence (i.e., explicitly
> > specifying the hash algorithm)?  I ask because "conventions" was
> > plural suggesting that there was more than one.
> 
> Good point. Doth this proposal solved your issue?
> 
> Old:
>    Note: Specific conventions are needed for CertStatus content in
>    certConf messages when confirming certificates where the
>    AlgorithmIdentifier of the certificate signature does not clearly
>    imply a specific hash algorithm.  In such cases the hash algorithm to
>    use to build certHash should be specified, e.g., as done in
>    Section 3.3 for certificates signed using EdDSA.
> 
> New:
>    Note: When confirming certificates where the AlgorithmIdentifier
>    of the certificate signature does not clearly imply a specific hash
>    algorithm and no specific hash algorithm is defined for usage with
>    this signature algorithm, as done in Section 3.3 for EdDSA, the hash
>    algorithm needs to indicated in the hashAlgs field of the certConf
>    message as specified in CMP Updates Section 2.9
>    [I-D.ietf-lamps-cmp-updates].

Looks good.  Thanks.

> >
> > ** Section 3.  Editorial.  s/Section 7.2,RFC/Section 7.2, RFC/
> 
> Yes, thanks
> 
> >
> > ** Section 3.1.  Editorial.
> > OLD
> > The algorithm identifiers for RSASAA-PSS signatures used with SHA2
> >    message digest algorithms is identified by the following OID:
> >
> > NEW
> > The algorithm identifier for RSASAA-PSS signatures used with SHA2
> >    message digest algorithms is identified by the following OID:
> 
> I will update the draft accordingly
> 
> >
> > ** Section 3.3.  Editorial. s/signature algorithm Ed25519
> > MUST/signature algorithm Ed25519 that MUST/
> 
> Yes, thanks
> 
> >
> > ** Section 4.1.
> >
> > Key agreement algorithm identifiers are located in the EnvelopedData
> >    RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields.
> >
> > -- "keyEncryptionAlgorithm" is the type, the field name is
> > "KeyEncryptionAlgorithmIdentifier" per Section 6.2.1 of RFC5652.  It
> > should likely read "... KeyAgreeRecipientInfo
> KeyEncryptionAlgorithmIdentifier".
> 
> Section 4.1 addresses key agreement. Therefore RFC 5652 Section 6.2.2 applies.
> 
> RFC 5652 Section 6.2.2 defines:
>       KeyAgreeRecipientInfo ::= SEQUENCE {
>         version CMSVersion,  -- always set to 3
>         originator [0] EXPLICIT OriginatorIdentifierOrKey,
>         ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
>         keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
>         recipientEncryptedKeys RecipientEncryptedKeys }
> 
> Isn't keyEncryptionAlgorithm the field name?
> 
> >
> > -- why is "fields" plural? Isn't the cardinality here a single field?
> 
> Yes, it should be "field".
> 
> >
> > -- I'm mentioning it here but it applies to the other uses, using
> > spaces to convey the nested CMS structure is confusing.
> 
> I propose to use '-' instead of a space in case such structure is required. While
> switching to the bulleted lists I removed the nested structure.

Above looks fine.  Thanks.

> >
> > ** Section 4.1. Checking my understanding, is it accurate that both
> > the key agreement algorithm identifiers and the key encryption
> > algorithm identifiers are going to the same place in EnvelopedData?
> 
> Thanks for spotting this. This points at a confusion on my side. This needs to be
> changed in Lightweight CMP Profile Section 4.1.6.1 as well.
> 
> Looking at RFC 5753 Section 3.1.1 I understand now, that the key agreement
> algorithm OID is located in keyEncryptionAlgorithm and the key-wrap algorithm
> OID is located in the parameters field of the key agreement algorithm OID, e.g.,
> a PARAMS field (see RFC 5753 A.3).
> 
> RFC 5753 Section 3.1.1
>    -  keyEncryptionAlgorithm MUST contain the object identifier of the
>       key-encryption algorithm, which in this case is a key agreement
>       algorithm (see Section 7.1.4).  The parameters field contains
>       KeyWrapAlgorithm.  The KeyWrapAlgorithm is the algorithm
>       identifier that indicates the symmetric encryption algorithm used
>       to encrypt the content-encryption key (CEK) with the key-
>       encryption key (KEK) and any associated parameters (see Section
>       7.1.5).  Algorithm requirements are found in Section 8.
> 
> RFC 5753 Appendix A.2
> kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= {
>   IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme
>   PARAMS TYPE KeyWrapAlgorithm ARE required
>   UKM -- TYPE unencoded data -- ARE preferredPresent
>   SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme
> }

Glad we caught that.

> >
> > ** Section 4.1.
> >    Wrapped content-encryption keys are located in the EnvelopedData
> >    RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
> >    encryptedKey field.
> >
> > -- "encryptedKey" is also a type.  It should likely be "EncryptedKey"
> > per Section
> > 6.2.2 of RFC5652.
> 
> RFC 5652 Section 6.2.2 defines
>       RecipientEncryptedKey ::= SEQUENCE {
>         rid KeyAgreeRecipientIdentifier,
>         encryptedKey EncryptedKey }
> 
> Isn't encryptedKey the field name?
> 
> >
> > -- My ASN.1 reading always needs help.  Should it be "...
> > RecipientEncryptedKeys RecipientEncryptedKey EncryptedKey" or
> > "RecipientEncryptedKeys EncryptedKey"?  Same thing would apply to
> > "RecipientInfos" and "RecipientInfo".
> 
> I propose updating Section 4.1 as follows:
> Old:
>    Key agreement algorithm identifiers are located in the EnvelopedData
>    RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields.
> 
>    Key encryption algorithm identifiers are located in the EnvelopedData
>    RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm field.
> 
>    Wrapped content-encryption keys are located in the EnvelopedData
>    RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
>    encryptedKey field.
> 
> New:
> Key agreement algorithm identifiers are located in:
> * keyEncryptionAlgorithm field of KeyAgreeRecipientInfo
> 
> Key wrap algorithm identifiers are located in:
> * KeyWrapAlgorithm parameters within keyEncryptionAlgorithm field of
> KeyAgreeRecipientInfo
> 
> Wrapped content-encryption keys are located in:
> * encryptedKey field of RecipientEncryptedKeys

Looks good.  Thanks.

> >
> > ** Section 4.2.
> > Key transport algorithm identifiers are located in the EnvelopedData
> >    RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.
> >
> > Similar to Section 4.1, keyEncryptionAlgorithm is the type.  It likely
> > should be KeyEncryptionAlgorithmIdentifier per Section 6.2.1 of
> > RFC5652
> 
> RFC 5652 Section 6.2.1 defines:
>       KeyTransRecipientInfo ::= SEQUENCE {
>         version CMSVersion,  -- always set to 0 or 2
>         rid RecipientIdentifier,
>         keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
>         encryptedKey EncryptedKey }
> 
> Isn't keyEncryptionAlgorithm the field name?
> 
> >
> > ** Section 4.2
> >    Key transport encrypted content-encryption keys are located in the
> >    EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey
> >    Field.
> >
> > Similar to Section 4.1, encryptedKey is the type.  It likely should be
> > EncryptedKey per Section 6.2.1 of RFC5652.
> 
> RFC 5652 Section 6.2.1 defines:
>       KeyTransRecipientInfo ::= SEQUENCE {
>         version CMSVersion,  -- always set to 0 or 2
>         rid RecipientIdentifier,
>         keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
>         encryptedKey EncryptedKey }
> 
> Isn't encryptedKey the field name?
> 
> >
> > ** Section 4.3.  As before,
> > s/keyEncryptionAlgorithm/KeyEncryptionAlgorithmIdentifier/
> 
> See above
> 
> >
> > ** Section 4.3.  As before, s/encryptedKey/EncryptedKey/
> 
> See above
> 
> >
> > ** Section 4.4. As before,
> > s/keyDerivationAlgorithm/KeyDerivationAlgorithmIdentifier/
> 
> RFC 5652 Section 6.2.4 defines:
>       PasswordRecipientInfo ::= SEQUENCE {
>         version CMSVersion,   -- Always set to 0
>         keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
>                                      OPTIONAL,
>         keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
>         encryptedKey EncryptedKey }
> 
> Isn't keyDerivationAlgorithm the field name?
> 
> >
> > ** Section 5.  Editorial.  s/Section 7,RFC/Section 7, RFC/
> 
> Yes, thanks
> 
> >
> > ** Section 5.  As before, s/ contentEncryptionAlgorithm
> > /ContentEncryptionAlgorithmIdentifier/
> >
> > ** Section 6. Editorial.  s/Section 7,RFC/Section 7, RFC/
> 
> Yes, thanks
> 
> >
> > ** Section 6.1.1. Editorial. s/andAlgorithm/and Algorithm/
> 
> Yes, thanks

Thanks for those changes above.

Thanks,
Roman

> >
> > ** Section 7.  I would have benefit from a bit more clarity on the
> > direction provided in this section.
> >
> > -- "The following criteria will help implementers choose appropriate
> > algorithms for managing certificates"
> >
> > The bulleted list seems like only part of the criteria.  As a
> > non-exhaustive list, additional considerations might be the
> > capabilities of the end-point (e.g., does the target deployment have
> > hardware acceleration for some, are some algorithms simply out of
> > reach due to available compute or expected software support); or perhaps
> local policy or compliance requirements?
> >
> > -- "The cryptographic strength of the algorithm with the lowest security."
> >
> > It seems like some words are missing here.  Is the intent here to
> > guide the selection towards the algorithm that provides the minimum
> > amount of strength relative to the needed security requirements?
> >
> > ** Section 7.1.  The text in this section seems it should explicit say
> > that it is updating RFC4210.
> >
> > OLD
> > The following table contains definitions of algorithms used within
> >
> > NEW
> > The following table updates the definitions of algorithms used within
> >
> > ** Section 7.1.  If an algorithm is listed in the "Change from 4210"
> > column, should it be considered the equivalent of being added to the
> > "other" column (per Appendix D.2 of RFC4210?  If so, please be explicit about
> that.
> >
> > ** Section 7.1.  Table 1.
> >
> > -- What does it mean for PasswordBasedMac to be in both the Mandatory
> > and
> > Change-from-4210 column for the MSG_MAC_ALG row?  It was already the
> > MTI in RFC4210.  Same question and situation with D-H for the
> PROT_ENC_ALG row.
> >
> > -- Should 3-DES be considered "other" in MSG_MAC_ALG and
> PROT_SYM_ALG?
> >
> > -- Editorial.  In PROT_SYM_ALG and SYM_PENC_ALG, the "3-DES
> > (3-key-EDE), CBC Mode" should read "3-DES (3-key-EDE, CBC mode)" per the
> text in RFC4210.
> >
> > ** Section 9.  Can a reference be added for the theoretical weakness
> > in PasswordBasedMac?
> >
> > ** Section 9.  Editorially, the first paragraph ("RFC 4210 Appendix
> > D.2 ...) and the two paragraphs of "In Section 7 ..." and "To keep the
> > list ...", seem to be saying the same thing.  Recommend a merge.
> >
> > ** Section 9.
> > In such systems the weakened algorithms should
> >    be disabled from further use.
> >
> > Can this document make stronger recommendations about deprecating
> > certain algorithms such as 3-DES SHA-1 with normative language rather
> > than keeping it in the "other" category in the profiles?
> >
> > ** Normative References.  [I-D.ietf-lamps-lightweight-cmp-profile]
> > should be a normative reference given the use of normative language
> > around it in Section 7.2.
> 
> I will move the reference up
> 
> 
> Hendrik

v2.23.0 | Report a Bug | By Email