Re: Last Call: draft-ietf-smime-sha2 (Using SHA2 Algorithms withCryptographic Message Syntax) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There are obvious errors (intentionnaly left by the editor 
in order to know how many people read the document).

On page 1:

The message digest algorithms are defined in and [SHS].  
                                             ^^^
Also in section 2.4:

2.4. SHA-512 

   The SHA-256 message digest algorithm is defined in [SHS].

whereas it should be:

2.4. SHA-512 

   The SHA-512 message digest algorithm is defined in [SHS].

It would be valuable to explain why DSA cannot be used 
with SHA-384 and SHA-512.

In addition, it is not acceptable to reference in the *normative* 
references "work in progess", i.e.[ECCADD].

The same applies for [SHS]. The text states:

   NOTE [to be removed upon publication as an RFC]: NIST has not yet 
   finalized FIPS 186-3 and there is a chance that the draft may be 
   changed.  This may result in differences between what is documented 
   in the current version of this document and what is in the FIPS.  It 
   is intended to synchronize the final version of this draft with the 
   FIPS before publication as an RFC. 

There is a more substantive comment on the first paragraph of section 1. 
The text states:

   If an implementation chooses to support one of the algorithms 
   discussed in this document, then the implementation MUST do so as 
   described in this document. 

I believe the text should be:

   If an implementation chooses to support one of the algorithms 
   discussed in this document, then the implementation MUST do so as 
   described in [SHS]. 

A small discussion in the security considerations section on the advantages
(in particular in terms of performances versus security) of using one or 
another function from the SHA2 family would be helpful.

While I welcome this draft, everybody should take into consideration that, 
if the SHA2 family happens to be broken then we will be at risk. 
This should be mentioned into the security considerations section.

The NESSIE program has evaluated with succces the WHIRLPOOL algorithm. 
WHIRLPOOL would be a good substitute to SHA-512 and I would encourage 
that "someone" drafts an RFC to specify OIDs for using WHIRLPOOL with CMS.

Denis

>The IESG has received a request from the S/MIME Mail Security WG (smime)
>to consider the following document:
>
>- 'Using SHA2 Algorithms with Cryptographic Message Syntax '
>   <draft-ietf-smime-sha2-03.txt> as a Proposed Standard
>
>The IESG plans to make a decision in the next few weeks, and solicits
>final comments on this action.  Please send substantive comments to the
>ietf@xxxxxxxx mailing lists by 2008-03-07. Exceptionally, 
>comments may be sent to iesg@xxxxxxxx instead. In either case, please 
>retain the beginning of the Subject line to allow automated sorting.
>
>The file can be obtained via
>http://www.ietf.org/internet-drafts/draft-ietf-smime-sha2-03.txt
>
>
>IESG discussion can be tracked via
>https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16033&rfc_flag=0
>
>

Regards,

Denis Pinkas



_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]