Re: [lamps] AD Review of draft-ietf-lamps-cms-update-alg-id-protect-02

Russ Housley <housley@vigilsec.com> Mon, 27 July 2020 20:18 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B06E3A0BE7 for <spasm@ietfa.amsl.com>; Mon, 27 Jul 2020 13:18:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pYPO_DyvfE7t for <spasm@ietfa.amsl.com>; Mon, 27 Jul 2020 13:18:32 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F17123A0BA1 for <spasm@ietf.org>; Mon, 27 Jul 2020 13:18:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 92268300B59 for <spasm@ietf.org>; Mon, 27 Jul 2020 16:18:29 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id e8n0HeTSctHd for <spasm@ietf.org>; Mon, 27 Jul 2020 16:18:27 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 8CB8E30009A; Mon, 27 Jul 2020 16:18:27 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <a71b205936bc43b3ad0b8d78b15a3093@cert.org>
Date: Mon, 27 Jul 2020 16:18:28 -0400
Cc: LAMPS WG <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D73DAEE9-DB6E-4197-913C-F01AC817A56C@vigilsec.com>
References: <a71b205936bc43b3ad0b8d78b15a3093@cert.org>
To: "Roman D. Danyliw" <rdd@cert.org>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/w4ETw-pFqqiR4ItuoUcic3FClW4>
Subject: Re: [lamps] AD Review of draft-ietf-lamps-cms-update-alg-id-protect-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 20:18:40 -0000

Roman:

Thanks for the careful review and editorial suggestions.  I have taken acre of all of these in my edit buffer.

In your final comment (below), I came up with a slightly different wording.

> On Jul 27, 2020, at 3:03 PM, Roman Danyliw <rdd@cert.org> wrote:
> 
> Hi!
> 
> I conducted an AD review of draft-ietf-lamps-cms-update-alg-id-protect-02.  Thanks for the work on this document to harden CMS.  Below is my feedback.  As it is editorial in nature, it can be handled with any other IETF LC feedback.
> 
> ** Section 3.  Section title. Editorial. s/Require use the same hash algorithm/Required use of the same hash algorithm/
> 
> ** Section 3.  Editorial.  Recommend consistent use of either signedAttrs or signedAttributes (i.e., choose either the data structure name or the variable name)
> -- Section 3.1 says "If signedAttrs are present in SignerInfo ..."
> 
> -- Section 3.2 says "When the signedAttrs field is present ..."
> 
> -- Section 3.3.says "If the SignedData signerInfo includes signedAttributes ..." and "... included in the signedAttributes of the SignedData signerInfo"
> 
> ** Section 3.1.  Editorial.  Simplify the guidance.
> 
> OLD
> If signedAttrs are present in the SignerInfo, then the same digest
>      algorithm MUST be used to compute the digest of the SignedData
>      encapContentInfo eContent, which is carried in the message-digest
>      attribute, and to compute the digest of the DER-encoded SET OF
>      signed attributes, which is passed to the signature algorithm.
> NEW
> If signedAttrs are present in the SignerInfo, then the same digest algorithm MUST be used to compute both the digest of the SignedData encapContentInfo eContent, which is carried in the message-digest attribute, and the digest of the DER-encoded SET OF signed attributes, which is passed to the signature algorithm.
> 
> ** Section 3.2. Typo. s/the the/the/
> 
> ** Section 3.3.  Typo. s/the the/the/
> 
> ** Section 3.4.  Significant editorial.  s/might lead to compatibility/might lead to incompatibility/
> 
> ** Section 6.  Per "There is not currently protection mechanism ..." and "Likewise there is not currently a protection mechanism ...", it's true that these are a gap, but would that age well?  Perhaps just say:
> 
> OLD
> There is not currently protection mechanism for
>   the algorithm identifiers used in the enveloped-data, digested-data,
>   or encrypted-data content types.  Likewise there is not currently a
>   protection mechanism for the algorithm identifiers used in the
>   authenticated-enveloped-data content type defined in [RFC5083].
> 
> NEW
> 
> It provides no protection mechanism for the algorithm identifiers used in the enveloped-data, digested-data, or encrypted-data content types.  Likewise, The CMSAlgorithmProtection attribute provides no protection for the algorithm identifiers used in the authenticated-enveloped-data content type defined in [RFC5083].

The paragraph now reads:

   The CMSAlgorithmProtection attribute [RFC6211] offers protection for
   the algorithm identifiers used in the signed-data and authenticated-
   data content types.  However, no protection is provided for the
   algorithm identifiers in the enveloped-data, digested-data, or
   encrypted-data content types.  Likewise, The CMSAlgorithmProtection
   attribute provides no protection for the algorithm identifiers used
   in the authenticated-enveloped-data content type defined in
   [RFC5083].

Russ