[Top] [All Lists]

Re: [smime] Message takeover attacks against S/MIME

2016-04-04 10:07:50
Regarding item 2, we already have RFC 5084 that specifies the use of AES-CCM 
and AES-GCM with CMS.  I have just posted an I-D that specifies the use of 
ChaCha20 with Poly1305 with CMS:

Please read and review.


On Mar 8, 2016, at 1:58 AM, Russ Housley <housley(_at_)vigilsec(_dot_)com> 

I am hearing interest in these topics (a combination of things on this list 
and side conversations).

(1) Specify the way to use authenticated encryption in S/MIME.  Note that it 
is already done for CMS.

(2) Specify conventions for AES-CCM, AES-GCM, and ChaCha20 with Poly1305 
authenticated encryption algorithms.

(3) Specify conventions for using Curve25519 and Curve448 for key agreement.

(4) Specify conventions for using the CFRG chosen curves for elliptic curve 
digital signature.

(5) Specify a way to use PGP public keys in addition to PKIX certificates.

Anything else?

Is this enough to re-charter the S/MIME WG?


smime mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [smime] Message takeover attacks against S/MIME, Russ Housley <=