ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt

2008-08-08 15:10:40
from [Tony Capel] [Permanent Link] 

My problems with the proposed text are:

1) I would prefer the security consideration apply to encryption as well as
signature checking.  Although less likely, it could be a sending agent who uses
an intended receiver's unvalidated encryption certificate to get the "big" key.
I would not want the text to imply that this is ONLY a receiver signature issue.
We should probably not make assumptions about how the certificates are
distributed and we need to address dual keypair use (the signing certificate
could be ok, but the encryption cert could be bad - a "time-bomb"?).  I agree
that implementers have more options to address the encryption case (not
beginning encryption until cert validation is done) but many implementers allow
encryption certificates to be manually marked as "trusted" - and it is not clear
that everyone only starts the encryption operations after successful cert
validation.  So my preference is to be generic: "be careful about using big keys
from unvalidated end user certs to validate signatures or encrypt".

2) The swamping is specifically related to the crypto element not necessarily
the CPU (i.e. it may be the h/w token that is swamped).


As per my post earlier today to the 3850bis list, the CERT security
considerations may be a bit more complex so having a separate discussion there
might be a good idea.

Tony

| -----Original Message-----
| From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org 
| [mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Turner, 
Sean P.
| Sent: August 8, 2008 4:09 PM
| To: 'Paul Hoffman'; 'Jim Schaad'; 'Blake Ramsdell'
| Cc: ietf-smime(_at_)imc(_dot_)org
| Subject: RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt
| 
| 
| 
| >-----Original Message-----
| >From: Paul Hoffman [mailto:phoffman(_at_)imc(_dot_)org]
| >Sent: Thursday, August 07, 2008 6:51 PM
| >To: Turner, Sean P.; 'Jim Schaad'; 'Blake Ramsdell'
| >Cc: ietf-smime(_at_)imc(_dot_)org
| >Subject: RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt
| >
| >At 1:42 PM -0400 8/7/08, Turner, Sean P. wrote:
| >>  >Proposed wording:
| >>>
| >>>Receiving agents that validate signatures need to be 
| cautious of CPU
| >>>usage when validating signatures larger than those 
| mandated in this 
| >>>specification. An attacker can send very large, bogus 
| signatures in 
| >>>order to swamp the CPU of the receiving party. Receiving 
| >parties that
| >>>verify large signatures are advised to have some sort of resource
| >>>management system to prevent such an attack.
| >>
| >>Is this in addition to or to replace the para that starts
| >"Larger keys
| >>are not" in 3851bis Sec 5?
| >
| >Replace.
| 
| I'm happy with replace, as long as we move the certificate 
| path validation stuff to [CERT].  Russ, Steve, and Tony all 
| suggested something about making sure the keys are validated 
| prior to use.
| 
| spt
|
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt, Turner, Sean P.
Next by Date:  RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt, Paul Hoffman
Previous by Thread:  RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt, Turner, Sean P.
Next by Thread:  RE: I-D ACTION:draft-ietf-smime-3851bis-04.txt, Paul Hoffman
Indexes:  [Date] [Thread] [Top] [All Lists]