Re: [Spasm] WG Last Call for draft-ietf-lamps-rfc5751-bis-03
Russ Housley <housley@vigilsec.com> Tue, 14 March 2017 15:55 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB4CB12EE46 for <spasm@ietfa.amsl.com>; Tue, 14 Mar 2017 08:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Ql0bG1K7PBJ for <spasm@ietfa.amsl.com>; Tue, 14 Mar 2017 08:55:00 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB78D129642 for <spasm@ietf.org>; Tue, 14 Mar 2017 08:55:00 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 1CF1E3004AE for <spasm@ietf.org>; Tue, 14 Mar 2017 11:55:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6TgE3d6RaGVE for <spasm@ietf.org>; Tue, 14 Mar 2017 11:54:58 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id D3BF530009D; Tue, 14 Mar 2017 11:54:58 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <DA197F30-E4C1-4123-9100-09BF9097A708@vigilsec.com>
Date: Tue, 14 Mar 2017 11:55:01 -0400
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <38473133-587B-47FB-9B47-D79F456B966A@vigilsec.com>
References: <2AFA0160-B45D-456E-A642-41863274A7EE@vigilsec.com> <95D2BAF0-EC51-4EFB-889C-C782C4A8FD3E@vigilsec.com> <0a1601d29970$f9d5a200$ed80e600$@augustcellars.com> <DA197F30-E4C1-4123-9100-09BF9097A708@vigilsec.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jYfeh4XCtBQNcuSdF8zmYNTUEAA>
Subject: Re: [Spasm] WG Last Call for draft-ietf-lamps-rfc5751-bis-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 15:55:02 -0000
i want to confirm that version -04 resolves all of my comments, except one. That one is being discussed on the thread that Jim started yesterday. Russ > On Mar 10, 2017, at 9:48 AM, Russ Housley <housley@vigilsec.com> wrote: > > >>> I have some WG Last Call comments on draft-ietf-lamps-rfc5751-bis-03. I >>> have divided my comments into MAJOR and MINOR. >>> >>> >>> MAJOR >>> >>> Do we need to define a way for smimeCapabilities to state support for >>> AuthEnveloped? I’m trying to avoid interoperability failures. >> >> We have that. If you support an AEAD algorithm then you must support AuthEnveloped by definition. > > Sure. I think the document needs to be explicit on this point. > >>> Section 2.1: I see no need to include the MUST for SHA-512 here since none >>> of the algorithms in Section 2.2 use it. >> >> This is to get a match for EdDSA w/ curve 25519. That uses SHA-512 internally so that the correct match would be to use SHA-512 for the external as well. > > Okay. This one is resolved. > >>> Section 2.7.1.2: I worry about backward compatibility here. This requires a >>> capability that has never been used in S/MIME before, so it seems premature >>> to use AES-GCM when the capabilities of the recipient are unknown. Instead, >>> I would argue that AES-256 CBC offers implementers so time to deploy >>> authenticated encryption. This looks like a fine thing for S/MIME 4.1 in a >>> couple of years. >> >> This has been the traditional wording over the last three versions of the document. Only for 3851 was it clear that the algorithm existed as a possibility prior to the version being released. The group has normally recommended using the best algorithm here but permitted to use of a different algorithm. I think there is sufficient guidance in the text about why GCM was chosen and it allows for either it or AES-128 CBC to be used. > > Since a new content type is involved, not just a new algorithm, I am advocating a slower transition. I’d love to hear from others. Am I being too conservative? > >>> Section 5.1: The S/MIME WG is closed. Would it be better to change the >>> contact to the IESG? >> >> I thought about this and did not do it, but yes it makes sense. I wonder how many people have used the contact, but as I am not on this alias I would not know. > > Let’ make it the IESG. > > Russ >
- [Spasm] WG Last Call for draft-ietf-lamps-rfc5751… Russ Housley
- Re: [Spasm] WG Last Call for draft-ietf-lamps-rfc… Russ Housley
- Re: [Spasm] WG Last Call for draft-ietf-lamps-rfc… Jim Schaad
- Re: [Spasm] WG Last Call for draft-ietf-lamps-rfc… Russ Housley
- Re: [Spasm] WG Last Call for draft-ietf-lamps-rfc… Russ Housley