Hi Russ,
Thank you very much for addressing my comments promptly. I am ok with your proposals.
BR,
Ines
On Fri, Mar 26, 2021 at 9:27 PM Russ Housley <housley@xxxxxxxxxxxx> wrote:
Ines Robles:
Thank you for the careful review and comments.
> Nits/Comments:
>
> 1- Introduction: "however, these algorithms are no longer
> considered the best choices. " => It would be nice to add 1 or more
> sentences explaining why they are no longer the best choices
I suggest:
This document updates the cryptographic algorithm requirements for
the Password-Based Message Authentication Code (MAC) in the Internet
X.509 Public Key Infrastructure Certificate Request Message Format
(CRMF) [RFC4211]. The algorithms specified in [RFC4211] were
appropriate in 2005; however, these algorithms are no longer
considered the best choices:
* HMAC-SHA1 [HMAC][SHS] is not boken yet, but there are much
stronger alternatives [RFC6194].
* DES-MAC [PKCS11] provides 56 bits of security, which is no longer
considered secure [WITHDRAW].
* Triple-DES-MAC [PKCS11] provides 112 bits of security, which is
now deprecated [TRANSIT].
This update specifies algorithms that are more appropriate today.
With these references:
[RFC6194] Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security
Considerations for the SHA-0 and SHA-1 Message-Digest
Algorithms", RFC 6194, DOI 10.17487/RFC6194, March 2011,
<https://www.rfc-editor.org/info/rfc6194>.
[TRANSIT] National Institute of Standards and Technology,
"Transitioning the use of cryptographic algorithms and key
lengths", NIST SP 800-131Ar2, March 2019.
[WITHDRAW] National Institute of Standards and Technology, "NIST
Withdraws Outdated Data Encryption Standard", 2 June 2005.
> 2- Page 3: "id-PasswordBasedMAC as presented in Section 4.4 of this document"
> It should be perhaps be "id-PasswordBasedMAC as presented in Section 4.4 of
> [RFC4211]" ?
I was thinking of the NEW text appearing in the "updated" RFC 4211. Your suggestion is more clear.
> 3- If this document does not present privacy considerations, should it be
> explicitly mentioned in Section 6?
I do not agree. A document that simply modernized the mandatory-to-implement cryptographic algorithm in not the place to introduce the privacy considerations for CRMF.
> 4- Since the new updates include the use of PBMAC1, HMAC-SHA256, AES-GMAC AES.
> Should Section 6 include considerations about them or point to place where to
> find them? e.g. For information on security considerations for PBMAC1 see
> [rfc8018#section-8].
Good idea. I suggest:
Please see [RFC8018] for security considerations related to PBMAC1.
Please see [HMAC] and [SHS] for security considerations related to
HMAC-SHA256.
Please see [AES] and [GMAC] for security considerations related to
AES-GMAC.
Russ
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
