Here are the draft minutes. Please post any objects.
Agenda: Russ covered the agenda for the meeting. No changes were made.
Working Group Status: Russ covered the current status of the active documents
in the working group. Current statuses are:
- Password, Triple-DES/RC2 Key Wrap, and Preventing the Million Message Attack
on CMS documents are in RFC Editor 48 hour review.
- Security Label Implementation document is on hold by request of working group
chairman, and hold will be released when the Attribute Certificate Profile is
published.
- Compression, ECC, X400 Wrap, X400 Transport, and Symmetric Key Distribution
drafts are currently with the IESG.
- RFC2630bis and cmsalg are in IESG last call.
New versions of these RFC 2632 and RFC 2633 are needed since RFC2630bis has
removed algorithm requirements. Blake Ramsdell, the editor of these documents,
has recently changed jobs so a delay in updating the documents is expected.
The updated documents will reflect the mandatory to implement algorithm
requirements
that were previously debated and accepted:
Signature Verification: DSA and RSA (PKCS#1 v1.5)
Signature Generation: DSA or RSA (PKCS#1 v1.5)
One-way Hash Function: SHA-1
Key Management: RSA (PKCS#1 v1.5)
Encryption: Triple-DES CBC
Interoperability Matrix: Jim Schaad presented a briefing on the current state
of interoperability testing for the RFC2630bis and cmsalg drafts. In the core
of the two documents SignedData has 6 items left, EnvelopedData has 10 items
left, SigningTime has 2 items left and HMAC-SHA-1 has 3 items left.
Jim also presented two issues that had arisen during interoperability testing:
The first issue dealt with the problem of wrapping an HMAC key with a
Triple-DES,
RC2 or AES key. There is currently no defined method for this operation. A
new draft is to be prepared to define a mechanism.
The second issue dealt with DER encoding of SignedAttributes within the
SignerInfo
structure. Three alternatives were presented for a straw poll: 1)
SignedAttributes
must be DER encoded, 2) Attribute must be DER encoded, 3) AttributeValue must
be DER encoded. Option 1 was the unanimous selection of the voters.l
CMS/ESS Examples: Paul Hoffman discussed this document (without slides). He
is ready to request that the working group chair make a last call for the
document
to be published as an Informational RFC. There is an expectation that an update
to the document will be produced in the future to deal with omissions from the
current document and new examples that employ the AES algorithm.
AES/RSA-OAEP: Jim Schaad presented the current status of the AES/RSA-OAEP draft.
AES was became FIPS 198 on 16 November 2001. Additionally the AES key wrap
candidate was released in November. As this is still a draft document, it
cannot
be referenced. An informational track document covering the AES key wrap
algorithm
will be produced by the working group. The authors believe that the
AES/RSA-OAEP
draft should be ready for working group last call before the next IETF meeting.
Symmetric Key Distribution: Sean Turner gave a presentation on the status of
this draft. He has received a few comments, even though the document has
already
passed working group last call. One set was editorial, and the other was a
request for an additional attribute dealing with security policy. The latter
request will probably be handled as a separate Internet-Draft to avoid holding
up the symmetric key distribution draft. So far, an author has not volunteered.
Intended Recipient Attribute: D. Davis (Curl Corp.) has identified a potential
problem. The concern is that a recipient of signed and encrypted message can
decrypt the message, preserving the original signature, and then resend the
message to a new recipient. New recipient may act inappropriately based on
the fact that they received a message signed by the original originator, not
the middleman (for further discussion see draft-ietf-smime-sender-auth-00.txt).
Russ Housley has prepared a potential solution to this problem (see
draft-ietf-smime-ira-00.txt).
Russ presented the problem and his solution to the group, including the
benefits
and some potential drawbacks. Jim Schaad then presented a second view of the
problems, attempting to resolve the issue in an Email environment. In the
discussion
that followed Phillip Hallam-Baker raised the point that while this solution
covered the question of the TO and CC header lines, it did nothing to solve
the problem of preventing the leakage of the SUBJECT line in a message.
Following
the discussion two straw polls were taken.
- Should the sender-auth draft be progressed as an information draft? The vote
was unanimously no.
- Should the ira draft be progressed and if so on what track? The vote was
unanimously for non-progression of this document as well.
Russ Housley took an action item to bring the question of general protection
of the headers to the mail list.
Policy Requirements for TSAs: Denis Pinkas presented the status of the ETSI
document on this topic. The final version of the document has not been
published
yet, but the current document is available at
http://portal.etsi.org/sec/STF178Task1FinalDraft.pdf.
Signature Delegation: Denis Pinkas then presented some thoughts on a mechanism
for a person to delegate their signature authority. A possible mechanism using
the id-aa-ets-signerAttr was presented. Comments on whether the problem should
be addressed by the working group and possible solutions will be discussed
further
on the mail list.