Re: [lamps] FW: New Version Notification for draft-ietf-lamps-rfc5751-bis-10.txt

Daniel Migault <daniel.migault@ericsson.com> Mon, 25 June 2018 03:15 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D641277C8 for <spasm@ietfa.amsl.com>; Sun, 24 Jun 2018 20:15:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ae-ZKZ5CVyX1 for <spasm@ietfa.amsl.com>; Sun, 24 Jun 2018 20:15:11 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBBB7124BE5 for <spasm@ietf.org>; Sun, 24 Jun 2018 20:15:10 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id g3-v6so4910834ljk.12 for <spasm@ietf.org>; Sun, 24 Jun 2018 20:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=203szRMlq/Oj4jmI9NXq5AZqF6+3DQLN7x+5+FlqI+s=; b=F6aVFudRf++oYViyrB9eSxeKxOeTl4ttziivVs5q2HBdOuupcKUKx483/72HIev9xO zjEGKSH5ZUW9T3WeVZuIBlC6TPU5W8Pxu6sRSSYXQRLDaxX67u0VE7eDqLaDZM2juW0m o93swS90OhtscYkaN/eSiIrO3/BLcPOZefFEjuVRMMJttCdL0R56nsDKvnCIasnyYa0N m1fO57HXY95TaSUGNmraSJI5Wdudpa4R+9TYb6V4hqhb+nqpn5rdTZ11GHVlR1SHsrVj +R0d1OOHCSnZrMB8x7kutdSYqavVCPFccUNbCNX/QhFq9YXJHhoXKUSjf9HNJhDPbETh MkGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=203szRMlq/Oj4jmI9NXq5AZqF6+3DQLN7x+5+FlqI+s=; b=QfXrgdsnKpH1Un6feTsYNHp2DtVDf7LehWDZEZqqxD4u+xDI0PMJQzEJP4HrnnnRV5 C9gsXm1Lpda1U+jSNqFBfNVBof8Qc1YoNcBTcswtU4HJmcGNcNPhTV9XXofjxwCvzKTK ReBHvI5I92Mvw0cTj6jLmhtHcj68ADv3/ERoe5hv2rpz6fcNUMa/iGRebKQ6RbkH1mYM PD9IO3gQFV24zF1hGdRYyc1bvD5GFPfWaZIh446aZguFJOI+1X4dOlwX62UjWvQpc5Lu qWVeB3oNKl1tmdy3gNHB8cXU3hnuoMQyDakJdKBQF0p0ulsf3yVUmrdyEV7+JsN86r/i hHjQ==
X-Gm-Message-State: APt69E1P6aagKUdzZ984fCgLJ0IUiu496cMvFbd+yTNg/OqKNg3YEuSG bPgad+mfqOFqblnfRxpKFC1e5NPLEEcrrr2ZaaffpQ==
X-Google-Smtp-Source: ADUXVKJ9Swk91gvqInYWKQjPwOBApWYcA9N483Fsz4rvA9XIbqwQp+a1jnhebVwl9Dka//Ekx0C4KYRSbUonR+SHwQQ=
X-Received: by 2002:a2e:8350:: with SMTP id l16-v6mr6019703ljh.7.1529896508981; Sun, 24 Jun 2018 20:15:08 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 2002:a2e:5c41:0:0:0:0:0 with HTTP; Sun, 24 Jun 2018 20:15:08 -0700 (PDT)
In-Reply-To: <47f8e891c8ec48a598d220b675d65691@ericsson.com>
References: <152945807205.32387.6161582871072900032.idtracker@ietfa.amsl.com> <000001d4083b$1f54c990$5dfe5cb0$@augustcellars.com> <CABcZeBPAW=Dq0S7BgwoQA3Ua0NJUmFdj5uJpy2Y-0jC92S_pBg@mail.gmail.com> <a68cb6c62a6a4678a7b379afa0bd29ef@ericsson.com> <B1080EDC-4D49-4B5E-975E-5C39EC25994E@vigilsec.com> <47f8e891c8ec48a598d220b675d65691@ericsson.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Sun, 24 Jun 2018 23:15:08 -0400
X-Google-Sender-Auth: Fv1_4KflTzkbwZo7uYhSM1KQ5kI
Message-ID: <CADZyTkmJU+U2Hk5zzTPHYdasibXUsHpnmZcDrDbev50wG_dgrw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: SPASM <spasm@ietf.org>, Eric Rescorla <ekr@rtfm.com>, Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="000000000000f60d27056f6ec911"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/rOYpZcGWYCeDkDggaolRiX54HlA>
Subject: Re: [lamps] FW: New Version Notification for draft-ietf-lamps-rfc5751-bis-10.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 03:15:14 -0000

Hi,

Thinking of it twice, this is what I really wanted to mean with the
cryptography recommendations. In my view, I would expect the cryptographic
recommendations to indicate at one place the algorithms that must be used,
those that must not be used and the others.

It is true that sections 2.1, 2.2, 2.3 provides cryptographic
recommendations. However I believe these recommendations omits the status
of the algorithms that are either no longer supported compared to the
previous version of S/MIME or that are not specified in any S/MIME
specifications. In this specification RC2, TripleDES, DSA, SHA1 may be
associated with a status in these sections as well. The default rule could
be MAY for unspecified algorithms. Note that it may also be needed to catch
up with all previous version to avoid that an algorithm previously rolled
to historic happen to become a MAY in this specification.

One of the difficulty of deprecating an algorithm is that old encrypted
message remain. It might  help to specify that status are provided for
message being received or sent and not for old messages.

Note that the status of RC2, TripleDES, DSA, SHA1 can be found in the
specification, but it seems to me clearer to have them at one place, but
again that is only my opinion.

As I have been requested by the security directorate to review the version
10, I will provide some additional comments in another email.


Yours,
Daniel

On Wed, Jun 20, 2018 at 11:51 AM, Daniel Migault <
daniel.migault@ericsson.com> wrote:

> Thanks for the clarification. I did not saw them in the diff of version 10
> because they were on version 7.  Then this confuses me as well, and I do
> not know why I had the impression it was missing. This addresses my concern
> and I apology for raising it then.
>
>
>
> Yours,
>
> Daniel
>
>
>
> *From:* Russ Housley <housley@vigilsec.com>
> *Sent:* Wednesday, June 20, 2018 10:41 AM
> *To:* Daniel Migault <daniel.migault@ericsson.com>
> *Cc:* Eric Rescorla <ekr@rtfm.com>; Jim Schaad <ietf@augustcellars.com>;
> SPASM <spasm@ietf.org>
> *Subject:* Re: [lamps] FW: New Version Notification for
> draft-ietf-lamps-rfc5751-bis-10.txt
>
>
>
> Daniel:
>
>
>
> I am confused by your comment. Section 2.1 lists the
> mandatory-to-implement hash functions, Section 2.2 lists the
> mandatory-to-implement signature algorithms, Section 2.3 lists the
> mandatory-to-implement key establishment algorithms, and Section 2.7 lists
> the mandatory-to-implement encryption algorithms.
>
>
>
> Russ
>
>
>
>
>
> On Jun 20, 2018, at 9:58 AM, Daniel Migault <daniel.migault@ericsson.com>
> wrote:
>
>
>
> Hi,
>
>
>
> I am fine with the update and appreciated the response to my comments.
> Though this might be done elsewhere, I believe it would be good to have a
> companion document with cryptographic recommendation and mandatory to
> implement algorithms.
>
> Yours,
>
> Daniel
>
>
>
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Sent:* Wednesday, June 20, 2018 12:11 AM
> *To:* Jim Schaad <ietf@augustcellars.com>
> *Cc:* SPASM <spasm@ietf.org>; Daniel Migault <daniel.migault@ericsson.com
> <daniel.migault@ericsson..com>>
> *Subject:* Re: FW: New Version Notification for
> draft-ietf-lamps-rfc5751-bis-10.txt
>
>
>
> Thanks. I will take a look this week.
>
>
>
> On Tue, Jun 19, 2018 at 7:05 PM, Jim Schaad <ietf@augustcellars.com>
> wrote:
>
> EKR,
>
> This should address the last comment that you pointed out from Daniel.  I
> used his suggested language so I doubt he is going to object.
>
> I believe that you should be able to advance to ballot now
>
> Jim
>
>
> -----Original Message-----
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: Tuesday, June 19, 2018 6:28 PM
> To: Jim Schaad <ietf@augustcellars.com>; Blake Ramsdell <blaker@gmail..com
> <blaker@gmail.com>>; Sean Turner <sean@sn3rd.com>
> Subject: New Version Notification for draft-ietf-lamps-rfc5751-bis-10.txt
>
>
> A new version of I-D, draft-ietf-lamps-rfc5751-bis-10.txt
> has been successfully submitted by Jim Schaad and posted to the IETF
> repository.
>
> Name:           draft-ietf-lamps-rfc5751-bis
> Revision:       10
> Title:          Secure/Multipurpose Internet Mail Extensions (S/MIME)
> Version 4.0 Message Specification
> Document date:  2018-06-19
> Group:          lamps
> Pages:          58
> URL:            https://www.ietf.org/internet-drafts/draft-ietf-
> lamps-rfc5751-bis-10.txt
> Status:         https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5751-
> bis/
> Htmlized:       https://tools.ietf.org/html/draft-ietf-lamps-rfc5751-bis-
> 10
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-lamps-
> rfc5751-bis
> Diff:           https://www.ietf.org/rfcdiff?
> url2=draft-ietf-lamps-rfc5751-bis-10
>
> Abstract:
>    This document defines Secure/Multipurpose Internet Mail Extensions
>    (S/MIME) version 4.0.  S/MIME provides a consistent way to send and
>    receive secure MIME data.  Digital signatures provide authentication,
>    message integrity, and non-repudiation with proof of origin.
>    Encryption provides data confidentiality.  Compression can be used to
>    reduce data size.  This document obsoletes RFC 5751.
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
>
> The IETF Secretariat
>
>
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>
>