Folks,
after a couple of draft revisions, I have undertaken a new
review the latest S/MIME v3.2 Cert Handling draft,
draft-ietf-smime-3850bis-06.
The (very few) editorial issues I found have been communicated
off-list to the authors.
The single technical issue I found concerns Section 4.3
(and the related security considerations):
The last lines in 4.3 , ...
+ The following are the DSA key size requirements for S/MIME receiving
+ agents during certificate and CRL signature verification:
+
+ 512 <= key size <= 1024 : MAY (see Section 6)
... are not reasonable, since in the first part of the section,
'DSA with SHA-256' is listed as SHOULD+, and 'DSA with SHA-1'
is listed as SHOULD- .
If there are SHOULD requirements for DSA, then at least one
key size for DSA needs to have at least the same requirements
level, isn't it?
This topic has a related discussion in the Security
Considerations of the draft, the penultimate paragraph of Sec 6,
which seems to be outdated by FIPS 186-3.
It looks like the shift in the Ref. from 186-2 to 186-3 has
introduced inconsistencies into the draft.
So what are the proper requirements to be posed for supported
DSA key size? (That's 'L' in FIPS 186-3, isn't it?)
Please take Section 4.2 of FIPS 186-3 into consideration;
there, key sizes L of 1024, 2048, and 3072 are specified.
Kind regards,
Alfred.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ah(_at_)TR-Sys(_dot_)de
|
+------------------------+--------------------------------------------+