Sean,
My comments are embedded in the text.
Denis
=============================================
Denis,
Thanks for your comments.
spt
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Denis
Pinkas
Sent: Monday, September 08, 2008 10:19 AM
To: ietf-smime
Cc: owner-ietf-smime; Sean Turner
Subject: Re: WG Last Call: draft-ietf-smime-rfc3850bis-05.txt
Russ,
Since you asked ..
Comment 3. Section 4.3. The text states :
The following are the RSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification:
0 < key size < 512 : MAY (see Section 6 [SMIME-MSG])
512 <= key size <= 4096 : MUST (see Section 6 [SMIME-MSG])
4096 < key size : MAY (see Section 6 [SMIME-MSG])
The following are the RSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification:
512 <= key size <= 1024 : MAY (see Section 6 [SMIME-MSG])
Section 6 from [SMIME-MSG] does not explain why these key sizes have been
chosen.
So the reference to that section from that document is not appropriate and
should be deleted.
The 1024 text in draft-ietf-smime-3851bis addresses the 1024 size for
DSA/DH. I'll add something for 2048 RSA. Something along the lines of (I
won't try to change what's in RFC3766 to be todays equipment):
The choice of 2048 bits as the RSA asymmetric key size in this specification
is based on the desire to provide 100 bits of security. The choice of 1024
bits as the DSA, and DH asymmetric key size in this specification is based
on the desire to provide 80 bits of security.
Furthermore, this is inconsistent: if the key size is 900
bits, should we apply a MUST or a MAY ?
Don't understand this one. If the key is 900-bits then it MUST be supported.
DP: Let me try again. The text states:
The following are the RSA key size requirements for S/MIME receiving
agents during certificate and CRL signature verification:
(snip)
512 <= key size <= 4096 : MUST (see Section 6 [SMIME-MSG])
(snip)
512 <= key size <= 1024 : MAY (see Section 6 [SMIME-MSG])
If the key size is between 512 and 1024 two lines of requirements apply.
It is unclear which line should be taken into consideration and thus whether a
MUST or a MAY applies.
(snip)
Comment 4. Section 4.2. The text states:
Certificate, CRL, and path
validation MUST be performed as per [KEYM] when validating a
correspondent's public key. This is necessary before using
a public
key to provide security services such as: verifying a signature;
encrypting a content-encryption key (ex: RSA); or forming a
pairwise
symmetric key (ex: Diffie-Hellman) to be used to encrypt or
decrypt a
content-encryption key.
The text is silent on the way to identify the right
certificate to be used as the input certificate for the path
validation. I have focussed my efforts to provide some
additional text when verifying a signature. Additional efforts
should be done on decrypting a content-encryption key or
forming a pairwise symmetric key.
Additional text proposal:
When verifying a signature, if a signingCertificate or a
signingCertificateV2 attribute is found in an S/MIME message,
it SHALL be used to identify the signer's certificate.
Otherwise, the certificate is identified in an S/MIME message,
either using the issuerAndSerialNumber which identifies the
signer's certificate by the issuer's distinguished name and
the certificate serial number, or the subjectKeyIdentifier
which identifies the signer's certificate by a key identifier.
Okay.
DP: This is fine. However, my comment also said: "Additional efforts
should be done on decrypting a content-encryption key or
forming a pairwise symmetric key. Would you be able to provide
some text to cover these aspects ?
Denis