Hi,
At the meeting last week, Russ solicited more comments on a few of the
current drafts, prior to going to Last Call. One of the specifically cited
drafts was "Password-based Encryption for S/MIME". I only have 2 comments
on this draft.
1) "Musts", "shoulds", etc., should be capitalized (this is not absolutely
necessary, but it does help to make conformance requirements clear and
easy-to-find).
2) The Security Considerations section currently contains only the following
sentence: "The security of this recipient information type rests on the
security of the underlying mechanisms employed, for which further
information can be found in CMS and PKCS5v2." I suggest adding a new
paragraph along the following lines.
"More importantly, however, the security of this information type rests on
the entropy of the user-selected password, which is typically quite low.
Pass phrases (as opposed to simple passwords) are STRONGLY RECOMMENDED,
although it should be recognized that even with pass phrases it will be
difficult to use this recipient information type to derive a KEK with
sufficient entropy to properly protect a 128-bit (or higher) CEK."
Carlisle.