ietf-smime
[Top] [All Lists]

Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 Algorithms withCryptographic Message Syntax) to Proposed Standard

2008-02-27 07:45:06

There are obvious errors (intentionnaly left by the editor 
in order to know how many people read the document).

On page 1:

The message digest algorithms are defined in and [SHS].  
                                             ^^^
Also in section 2.4:

2.4. SHA-512 

   The SHA-256 message digest algorithm is defined in [SHS].

whereas it should be:

2.4. SHA-512 

   The SHA-512 message digest algorithm is defined in [SHS].

It would be valuable to explain why DSA cannot be used 
with SHA-384 and SHA-512.

In addition, it is not acceptable to reference in the *normative* 
references "work in progess", i.e.[ECCADD].

The same applies for [SHS]. The text states:

   NOTE [to be removed upon publication as an RFC]: NIST has not yet 
   finalized FIPS 186-3 and there is a chance that the draft may be 
   changed.  This may result in differences between what is documented 
   in the current version of this document and what is in the FIPS.  It 
   is intended to synchronize the final version of this draft with the 
   FIPS before publication as an RFC. 

There is a more substantive comment on the first paragraph of section 1. 
The text states:

   If an implementation chooses to support one of the algorithms 
   discussed in this document, then the implementation MUST do so as 
   described in this document. 

I believe the text should be:

   If an implementation chooses to support one of the algorithms 
   discussed in this document, then the implementation MUST do so as 
   described in [SHS]. 

A small discussion in the security considerations section on the advantages
(in particular in terms of performances versus security) of using one or 
another function from the SHA2 family would be helpful.

While I welcome this draft, everybody should take into consideration that, 
if the SHA2 family happens to be broken then we will be at risk. 
This should be mentioned into the security considerations section.

The NESSIE program has evaluated with succces the WHIRLPOOL algorithm. 
WHIRLPOOL would be a good substitute to SHA-512 and I would encourage 
that "someone" drafts an RFC to specify OIDs for using WHIRLPOOL with CMS.

Denis

The IESG has received a request from the S/MIME Mail Security WG (smime)
to consider the following document:

- 'Using SHA2 Algorithms with Cryptographic Message Syntax '
  <draft-ietf-smime-sha2-03.txt> as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2008-03-07. Exceptionally, 
comments may be sent to iesg(_at_)ietf(_dot_)org instead. In either case, 
please 
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-smime-sha2-03.txt


IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16033&rfc_flag=0



Regards,

Denis Pinkas


<Prev in Thread] Current Thread [Next in Thread>