Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt
Laetitia Baudoin <lbaudoin@google.com> Mon, 02 May 2016 15:07 UTC
Return-Path: <lbaudoin@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BCBB12D559 for <spasm@ietfa.amsl.com>; Mon, 2 May 2016 08:07:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.697
X-Spam-Level:
X-Spam-Status: No, score=-3.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSuSPAACIz7s for <spasm@ietfa.amsl.com>; Mon, 2 May 2016 08:07:35 -0700 (PDT)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 860D112D103 for <spasm@ietf.org>; Mon, 2 May 2016 08:07:35 -0700 (PDT)
Received: by mail-qk0-x22f.google.com with SMTP id x7so75250313qkd.3 for <spasm@ietf.org>; Mon, 02 May 2016 08:07:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-transfer-encoding; bh=w9Q1DJQlfMKvUz8IzYxmJTeUTdomNsqUGyHyCsY27Ak=; b=ghpjmyJuFo9hnpu0gZdsqK89CfUQPPDtMG6GzNITGAjcmd/SJkgzDENoY/NztMsF+z s2MGlcm7qjIZdRQ0gDulLSjKoVdRuPAyY01zeJIacIu1g25U+QJhzHlN4BrgbDsxjPhl GKJTYdh0QaK0kwmF1mciOXHyzXNCSlB14E0OV7Cylhq7w8ayp3AnRQ4Hptie5FdPwA3S szJiOHNlg0ueQJuEB5G/uI/sl8vsyylsBgg+43VKt64kUR2vVrWPyieNGa7IP2XJsV90 KDsSq/X0qPFkWRe+MgRmu9PUAXM+OadKEcKBfrZmdn5dBYZEvDZQ/bF7i6yN7+dMFVay l0/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=w9Q1DJQlfMKvUz8IzYxmJTeUTdomNsqUGyHyCsY27Ak=; b=d/2hupNZjxXst9abxQa0DtIJiCvmwr2PXy823ueIVaHlw/WLIqS4ijVeJJmQeyJOn6 TfdpCGQCRPqn2KDTiMJ+pcIXM4AqNDyS+aPVWO7B0gD1iqQG+Yc/7bPNS62jmXlAScAM Ft9GZpoti16N1P2mMvI2GWUUR99JsxwItH92sh7k/JM8hROLndSWjOZUwcP0x0u0AoFp WOkYy4PtTqpyFZmjBWppqsl7ZTPiXCOxbhuPsT+Ixyumc55I3CKt/y/OAiXRK26bQE/Z FbZqp73S5vqKdoFwVvKqXX7N6mJklKeaioTvy5LGHvU074HIBgUT7DcSyv+1A5JOunei n+Fg==
X-Gm-Message-State: AOPr4FX6fEpdD63JNN08BE/fUjecRFoySIvtWE2gIZDWbU7tba522XKm5qoqfp+GLlOyZsiB6OVS+cQcMvhRa7DY
MIME-Version: 1.0
X-Received: by 10.176.1.79 with SMTP id 73mr20254371uak.123.1462201654374; Mon, 02 May 2016 08:07:34 -0700 (PDT)
Received: by 10.31.108.84 with HTTP; Mon, 2 May 2016 08:07:34 -0700 (PDT)
In-Reply-To: <0afb01d1a355$d064a720$712df560$@augustcellars.com>
References: <CAFTDvC5g5CeY0V4xO3NahYc226BMOF5QCCK41_admqiz88ZZ3Q@mail.gmail.com> <0afb01d1a355$d064a720$712df560$@augustcellars.com>
Date: Mon, 02 May 2016 08:07:34 -0700
Message-ID: <CAFTDvC51e2ku8f1P+9=U7de792vzYcaL0YrbRgEbM3k3eNf6ag@mail.gmail.com>
From: Laetitia Baudoin <lbaudoin@google.com>
To: Jim Schaad <ietf@augustcellars.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/tlAZRj2wM4bU4wL-t3GheYSur-Y>
Cc: spasm@ietf.org
Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2016 15:07:37 -0000
On Sat, Apr 30, 2016 at 8:01 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > > -----Original Message----- > From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Laetitia Baudoin > Sent: Friday, April 29, 2016 12:44 PM > To: spasm@ietf.org > Subject: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt > > Hi, > > Could we update the text in section 3.4 [Creating an Authenticated > Enveloped-Only Message]? > > Currently it states: > ----- > > This section describes the format for enveloping a MIME entity > without signing it. It is important to note that sending > authenticated enveloped but not signed messages does not provide for > authentication or non-repudiation. It is possible to replace > ciphertext in such a way that the processed message will still be > valid, but the meaning can be altered. > > ----- > > Which is incorrect: alterations to the encrypted part of the message would > be detected. > The problem is that authenticated encryption alone does not prove anything > about the sender. > > [JLS] It is not totally incorrect, but I would agree that it is misleading. > The odds of being able change the message are approximately 1 in 2^128 > (assuming a 128-bit authentication tag). This is much better than the CBC > world where the odds would be roughly 1 in 256. > > An alternative to the last sentence could be something like "It is possible > to change the sender without altering the validity of the processed > message". > > [JLS] I find this to be a very misleading statement. I find that the term > authenticated encryption to be very misleading. An AE algorithm only gives > authentication about the sender under some very specific conditions, and > those conditions are not generally found for many S/MIME messages. If it > had been up to me, I would have called this class of algorithms integrity > protected encryption rather than authenticated encryption. > > Just to be clear, the following conditions would be required to have an > authenticated encryption in terms of knowing who the sender is. 1) You > would need to use an authenticated encryption algorithm, 2) One would need > to have exactly one recipient information structure (otherwise any other > recipient can change the message or forge a future message), and 3) the CEK > would need to be a key directly derived from information about both the > sender and the recipient. This would require the use of static-static DH > which is not generally considered to be an option for S/MIME. > > Given these conditions, I believe that it would be very unwise to say that > one is going to get authentication from an S/MIME message. One will get > integrity protection but that is a different service. Jim, we agree that authenticated encryption doesn't provide authentication. My point was that the reason given in the draft is misleading. > > Jim > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >
- [Spasm] Suggestions for draft-schaad-rfc5751-bis-… Laetitia Baudoin
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Wei Chuang
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Russ Housley
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Jim Schaad
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Jim Schaad
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Russ Housley
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Laetitia Baudoin
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Russ Housley
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Laetitia Baudoin
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Wei Chuang
- Re: [Spasm] Suggestions for draft-schaad-rfc5751-… Wei Chuang