Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 Algorithms withCryptographic Message Syntax) to Proposed Standard
"Denis Pinkas" <denis.pinkas@bull.net> Thu, 28 February 2008 04:14 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietfarch-ietf-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D950928C8DB; Wed, 27 Feb 2008 20:14:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.097
X-Spam-Level: **
X-Spam-Status: No, score=2.097 tagged_above=-999 required=5 tests=[AWL=-0.653, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_FR=0.35, HELO_MISMATCH_ORG=0.611, RCVD_BAD_ID=2.837, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdkH9O+7Qrr3; Wed, 27 Feb 2008 20:14:24 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E3693A6E6F; Wed, 27 Feb 2008 20:13:39 -0800 (PST)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7BC943A6DE7 for <ietf@core3.amsl.com>; Wed, 27 Feb 2008 06:12:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0pbkJ9njJ+bJ for <ietf@core3.amsl.com>; Wed, 27 Feb 2008 06:11:55 -0800 (PST)
Received: from odin2.bull.net (odin2.bull.net [129.184.85.11]) by core3.amsl.com (Postfix) with ESMTP id 580153A6CF3 for <ietf@ietf.org>; Wed, 27 Feb 2008 06:11:54 -0800 (PST)
Received: from MSGA-001.frcl.bull.fr (msga-001.frcl.bull.fr [129.184.87.31]) by odin2.bull.net (8.9.3/8.9.3) with ESMTP id PAA09766; Wed, 27 Feb 2008 15:21:02 +0100
Received: from frcls4013 ([129.182.108.120]) by MSGA-001.frcl.bull.fr (Lotus Domino Release 5.0.11) with SMTP id 2008022714585498:260710 ; Wed, 27 Feb 2008 14:58:54 +0100
Date: Wed, 27 Feb 2008 14:58:51 +0100
From: Denis Pinkas <denis.pinkas@bull.net>
To: "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 Algorithms withCryptographic Message Syntax) to Proposed Standard
X-mailer: Foxmail 5.0 [-fr-]
Mime-Version: 1.0
X-MIMETrack: Itemize by SMTP Server on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 27/02/2008 14:58:54, Serialize by Router on MSGA-001/FR/BULL(Release 5.0.11 |July 24, 2002) at 27/02/2008 15:11:46, Serialize complete at 27/02/2008 15:11:46
Message-ID: <OF0C6454A1.855F7966-ONC12573FC.004CCE1A@frcl.bull.fr>
X-Mailman-Approved-At: Wed, 27 Feb 2008 20:13:37 -0800
Cc: "ietf-smime@imc.org" <ietf-smime@imc.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
There are obvious errors (intentionnaly left by the editor
in order to know how many people read the document).
On page 1:
The message digest algorithms are defined in and [SHS].
^^^
Also in section 2.4:
2.4. SHA-512
The SHA-256 message digest algorithm is defined in [SHS].
whereas it should be:
2.4. SHA-512
The SHA-512 message digest algorithm is defined in [SHS].
It would be valuable to explain why DSA cannot be used
with SHA-384 and SHA-512.
In addition, it is not acceptable to reference in the *normative*
references "work in progess", i.e.[ECCADD].
The same applies for [SHS]. The text states:
NOTE [to be removed upon publication as an RFC]: NIST has not yet
finalized FIPS 186-3 and there is a chance that the draft may be
changed. This may result in differences between what is documented
in the current version of this document and what is in the FIPS. It
is intended to synchronize the final version of this draft with the
FIPS before publication as an RFC.
There is a more substantive comment on the first paragraph of section 1.
The text states:
If an implementation chooses to support one of the algorithms
discussed in this document, then the implementation MUST do so as
described in this document.
I believe the text should be:
If an implementation chooses to support one of the algorithms
discussed in this document, then the implementation MUST do so as
described in [SHS].
A small discussion in the security considerations section on the advantages
(in particular in terms of performances versus security) of using one or
another function from the SHA2 family would be helpful.
While I welcome this draft, everybody should take into consideration that,
if the SHA2 family happens to be broken then we will be at risk.
This should be mentioned into the security considerations section.
The NESSIE program has evaluated with succces the WHIRLPOOL algorithm.
WHIRLPOOL would be a good substitute to SHA-512 and I would encourage
that "someone" drafts an RFC to specify OIDs for using WHIRLPOOL with CMS.
Denis
>The IESG has received a request from the S/MIME Mail Security WG (smime)
>to consider the following document:
>
>- 'Using SHA2 Algorithms with Cryptographic Message Syntax '
> <draft-ietf-smime-sha2-03.txt> as a Proposed Standard
>
>The IESG plans to make a decision in the next few weeks, and solicits
>final comments on this action. Please send substantive comments to the
>ietf@ietf.org mailing lists by 2008-03-07. Exceptionally,
>comments may be sent to iesg@ietf.org instead. In either case, please
>retain the beginning of the Subject line to allow automated sorting.
>
>The file can be obtained via
>http://www.ietf.org/internet-drafts/draft-ietf-smime-sha2-03.txt
>
>
>IESG discussion can be tracked via
>https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16033&rfc_flag=0
>
>
Regards,
Denis Pinkas
_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
- RE: Last Call: draft-ietf-smime-sha2 (Using SHA2 … Turner, Sean P.
- Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 … Denis Pinkas
- RE: Last Call: draft-ietf-smime-sha2 (Using SHA2 … Paul Hoffman