Re: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification) to Proposed Standard
Tim Hollebeek <tim.hollebeek@digicert.com> Sun, 15 April 2018 15:32 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3EF1270A3; Sun, 15 Apr 2018 08:32:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4UvGNjypMbV1; Sun, 15 Apr 2018 08:32:29 -0700 (PDT)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1717A120454; Sun, 15 Apr 2018 08:32:26 -0700 (PDT)
Received: from [216.82.251.38] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-15.bemta-12.messagelabs.com id E4/81-14918-98073DA5; Sun, 15 Apr 2018 15:32:25 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTWUwTURSGe3un04F0dGhRjlVQGo2IKRGVpEJ cXowkikElGtEEBxxppQvMVAO+SNwiiHEBRFEpCirWJYILiopSQ0A0RsCguEUEtyJxQcUFi0yn bm/fOf9Z/ntzL4XVn0ktxWXaOd7KmnWkP/FgzPlK/db01sRJjZVRhkdfL2NDRfcdpcH9ul1pe Hq7iDS8rHQQhtaDp0hDSVvKLGVsefk3eWx+5xYc63z8SRGPExUma7Itc4XC6DjbitJ7FmQ2dw ygbFQ9Lxf5UQTzTg67LoTkIn9KzeyRw96aNoUUPEMwUHAYi1UkMwnarjbIRQ5k5kLvUTHvT2H mG4LGmu+kGGiYCwiajxQhMQhkqhH0HKvDUstkuFblxtLCcbCpoosUmWaWg+dVrzevZuJg84sz XvZj5sPp9zkKkREzHPqaTnpXYyYIHnY5vAxMIHQ03yIlHgZvOj2++uVwsNfly4+BjZUlSomDo cWxzWsOmHNyOHa/E0uCHt4XFmJJuI5g0+Ydvu5w2OH56CtKg54vTkLiGGgsayekhnIMRc9v+S yNgkPdG3yTTpPwvKSelM62EgqcLlISfiBwXrzmNathtPDkXg7aicKL/zlfsfdqHQjeVP0kir0 XFQA393URUpEeamqvY4lHQ3XPAR/HwN7vdaTEoVCwrUMpcRR0139ApYhyojCB49dyvH7qtIhk 3pRqtFtYk1kfGTk5wsIJApvKmdlkISLFZqlCg49vvUyGLqL2Q8tcaAQl1w2jCy7fTVQPSbatz DKygjGJX2PmBBcaRVE6oPW21kR1AM+lcpmrTObBF/xbBkqlC6RpUaaFdNYimFIlqQlNofrP7c 7D1JmuwjysJqw2K6cNorPEUkYsNa6x/hn0+ze0oGCthkYymUytSud4i8n+v+5GQRTSaehocYr KZLX/2ecetCIftPJ15l3Rip39K2mz0eiGfA/M4xJiMtalORd1fEx4q+k/UTdyu6d5av5C//EP U4YG79mfsDQk5FL0i9KWsAqqdqI9yjWh7lHAnOy5EfHTj+eNrx/aVxsfKjgyiksTSkxEC709b ZXb/tagCcvoVOHZq+OmLSmLq47ml75ceKU8SZX1Oil8sfEqBN84lT92ho4QjGxkOOYF9hdi5e m6CAQAAA==
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-16.tower-163.messagelabs.com!1523806344!158801234!1
X-Originating-IP: [216.32.181.177]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 5778 invoked from network); 15 Apr 2018 15:32:24 -0000
Received: from mail-by2nam01lp0177.outbound.protection.outlook.com (HELO NAM01-BY2-obe.outbound.protection.outlook.com) (216.32.181.177) by server-16.tower-163.messagelabs.com with AES256-GCM-SHA384 encrypted SMTP; 15 Apr 2018 15:32:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sge/+/HMxumeIZK6SsqRq6kZB7r2f9vSbbhR8H0Btcw=; b=RndmYlUkuKOousrbH7MqMS8LCd2FP6U3754C9kskzAcdO/9XkP4/hx1ir3LDuW4J023yIsaC0fBIki1i3eRH6aIiW/gYlDC2oVIxRmFZyhmkhEGmbtmlE0qbJf927bNvku5UQ3i5qKrOhQkoYPYZo+Xjecunok2zMD7nteskirs=
Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1629.namprd14.prod.outlook.com (10.171.146.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.675.11; Sun, 15 Apr 2018 15:32:21 +0000
Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::c033:7973:d34d:e13f]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::c033:7973:d34d:e13f%17]) with mapi id 15.20.0675.015; Sun, 15 Apr 2018 15:32:21 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: "ietf@ietf.org" <ietf@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
CC: "draft-ietf-lamps-rfc5751-bis@ietf.org" <draft-ietf-lamps-rfc5751-bis@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "ekr@rtfm.com" <ekr@rtfm.com>, "housley@vigilsec.com" <housley@vigilsec.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification) to Proposed Standard
Thread-Index: AQHT021jMkqcditBpU2ILo0tpJBKrKQB8+vA
Date: Sun, 15 Apr 2018 15:32:21 +0000
Message-ID: <MWHPR14MB1376C743E760220DEFBF2DCA83B10@MWHPR14MB1376.namprd14.prod.outlook.com>
References: <152365448277.5553.10237322036686012069.idtracker@ietfa.amsl.com>
In-Reply-To: <152365448277.5553.10237322036686012069.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [65.196.126.3]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR14MB1629; 7:kL3r9G1kfz/d0TQuWpfuKMgtJ/z0FQhkI4DAQqZmi4ynfckE3ZIAmLarNqrugzymjU+hpEgeKzvpcbKAMoYf/a9iCdStAxbpvDe5gEjYHfUJTVWfNLJeRqFaJnQiNNcqbWYdKdo5MOwEnoiX8MopSXu1akM4hbgAI2E+xHi6J4Kr7TINJ052rlreAme6dJLyvV44U88iWcc7MABC/6dFboVLtkgV2rh63diGwp/9a9GFox9hpd7RR3hZSVUnjJuC
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1629;
x-ms-traffictypediagnostic: MWHPR14MB1629:
x-microsoft-antispam-prvs: <MWHPR14MB1629147BA884F3E6524255F383B10@MWHPR14MB1629.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231232)(944501327)(52105095)(6041310)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011); SRVR:MWHPR14MB1629; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1629;
x-forefront-prvs: 0643BDA83C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(39380400002)(39850400004)(396003)(346002)(199004)(189003)(13464003)(24433001)(5660300001)(14454004)(6436002)(8936002)(4326008)(97736004)(966005)(74316002)(66066001)(478600001)(44832011)(33656002)(305945005)(229853002)(9686003)(6306002)(11346002)(99936001)(486006)(55016002)(53936002)(2906002)(6116002)(3846002)(446003)(476003)(7736002)(54906003)(110136005)(15650500001)(316002)(6246003)(3660700001)(76176011)(7696005)(186003)(68736007)(2501003)(99286004)(5250100002)(86362001)(26005)(6506007)(53546011)(25786009)(2900100001)(81156014)(8676002)(102836004)(105586002)(81166006)(59450400001)(106356001)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1629; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 8bp0sfApunkde7/xFjDjBKW+Pe75bj6cvI05Zyi4m+1LduC7Y2ekXHV8yF9aU7v925gIkE2AzXGk3V98mPOWz6Iyb1AdAZwaJJb4sAHZdDf5iL4Pshh0wWijJBxQf91nI3YtTvQSQ8iPgRfxsNmARBosE8TSEEOgJt5vJ2lIV3f8Y1MvzJW0avkLURjcZMag63+jgbZv/gIgxcvDn0Hx9A==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_041C_01D3D4AD.68AC4F30"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 5e3d610f-5718-455d-1f58-08d5a2e614d4
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5e3d610f-5718-455d-1f58-08d5a2e614d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2018 15:32:21.6073 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1629
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lYnUVcU68O_4l6U1rrIQydaxcFc>
Subject: Re: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification) to Proposed Standard
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2018 15:32:32 -0000
I just read the whole draft and have the following comments. Overall, the draft seems to be in excellent shape. I apologize if any of these were discussed earlier in the process, before I started following this draft. More than happy to create a pull request with the changes once I get some feedback on these. Section 2.1: Is it worth adding "SHOULD support SHA-3" ? Section 2.2: "NIST is unable to provide the seeds that were used to create their standardized curves, this means that there is a section of the community which believes that there might be a back door to these curves." This is a comma splice; recommend changing the comma to semi-colon. "there is only a requirement for curve in the sending agent list" I think "only a requirement for ONE curve in the sending agent list" was meant. Section 2.7.2. "All algorithms that use 112-bit keys are considered by many to be weak encryption." Is the LENGTH of the key, or the STRENGTH of the key intended? If the former, are there other examples of 112-bit keys other than two key 3DES (~80 bits of strength)? If not, why not say two key 3DES to be explicit? If the latter, what's the rationale for considering 112 bits of strength weak for symmetric algorithms in a standard where RSA-2048 is considered strong? I don't find "considered by many" to be a useful statement. After all, the world is considered by many to be flat. -Tim > -----Original Message----- > From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of The IESG > Sent: Friday, April 13, 2018 5:21 PM > To: IETF-Announce <ietf-announce@ietf.org> > Cc: draft-ietf-lamps-rfc5751-bis@ietf.org; lamps-chairs@ietf.org; > ekr@rtfm.com; housley@vigilsec.com; spasm@ietf.org > Subject: [lamps] Last Call: <draft-ietf-lamps-rfc5751-bis-07.txt> > (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message > Specification) to Proposed Standard > > > The IESG has received a request from the Limited Additional Mechanisms for > PKIX and SMIME WG (lamps) to consider the following document: - > 'Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 > Message Specification' > <draft-ietf-lamps-rfc5751-bis-07.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2018-04-27. Exceptionally, comments may be sent > to iesg@ietf.org instead. In either case, please retain the beginning of the > Subject line to allow automated sorting. > > Abstract > > > This document defines Secure/Multipurpose Internet Mail Extensions > (S/MIME) version 4.0. S/MIME provides a consistent way to send and > receive secure MIME data. Digital signatures provide authentication, > message integrity, and non-repudiation with proof of origin. > Encryption provides data confidentiality. Compression can be used to > reduce data size. This document obsoletes RFC 5751. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5751-bis/ > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5751-bis/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm