One thing I noted is that to ensure interoperability of the SHOULD- for the
DH ephemeral-static requirement we need to pick a MUST key wrap algorithm
(note that E-S DH was a SHOULD in RFC 3851 but RFC 3851 did not include
requirements for a key wrap algorithm). The text should not only indicate
which key wrap algorithms to use but what kind of content encryption keys
the algorithm is "good" for. I suggest adding the following text to Section
2.3 right after the bullets (all of the references were already normative
references):
When DH ephemeral-static is used, a key wrap algorithm is also specified in
the KeyEncryptionAlgorithmIdentifier [CMS]. When DH ephemeral-static is
used with an AES content encryption algorithm (see Section 2.7), the key
wrap algorithm MUST be an AES key wrap algorithm from [CMSAES]. When DH
ephemeral-static is used with the Triple DES content encryption algorithm
(see Section 2.7), the key wrap algorithm MUST be either Triple DES key wrap
from [CMSALG] or one of the AES key wraps from [CMSAES]. The strength of
the key wrap algorithm MUST be as strong as the content encryption
algorithm:
- The Triple-DES key wrap algorithm can be used with the Triple-DES content
encryption algorithm,
- The AES 128 key wrap algorithm can be used with The Triple-DES and AES 128
content encryption algorithms,
- The AES 192 key wrap algorithm can be used with The Triple-DES, AES 128,
and AES 192 content encryption algorithms,
- The AES 256 key wrap algorithm can be used with The Triple-DES, AES 128,
AES 192, and AES 256 content encryption algorithms.
spt
-----Original Message-----
From: ietf-announce-bounces(_at_)ietf(_dot_)org
[mailto:ietf-announce-bounces(_at_)ietf(_dot_)org] On Behalf Of The IESG
Sent: Thursday, October 30, 2008 12:42 PM
To: IETF-Announce
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Last Call: draft-ietf-smime-3851bis
(Secure/Multipurpose Internet Mail Extensions (S/MIME) Version
3.2 Message Specification) to Proposed Standard
The IESG has received a request from the S/MIME Mail Security
WG (smime) to consider the following document:
- 'Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2
Message Specification '
<draft-ietf-smime-3851bis-08.txt> as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and
solicits final comments on this action.
In particular, the IESG solicits comments on the cryptographic
strength requirements specified in section 4.1 through 4.5,
and the following statement from Section 6, Security Considerations:
"Today, 512-bit RSA, DSA and DH keys are considered by many experts
to be cryptographically insecure."
These sections allow the continued use of RSA, DSA, and DH key
lengths between 512 and 1024 bits. Given that other
organizations are moving to a minimum key length of 2048 bits,
the IESG wishes to verify IETF consensus for the cryptographic
minimums in this document.
Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2008-11-13. Exceptionally,
comments may be sent to iesg(_at_)ietf(_dot_)org instead. In either case,
please retain the beginning of the Subject line to allow
automated sorting.
The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-smime-3851bis-08.txt
IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view
_id&dTag=16577&rfc_flag=0
_______________________________________________
IETF-Announce mailing list
IETF-Announce(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-announce