RE: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It was spelled correctly – yes done locally.

 

From: Eric Rescorla <ekr@xxxxxxxx>
Sent: Thursday, May 3, 2018 1:10 PM
To: Jim Schaad <ietf@xxxxxxxxxxxxxxxxx>
Cc: Matthew Miller <linuxwolf+ietf@xxxxxxxxxxxxxxxx>; secdir@xxxxxxxx; SPASM <spasm@xxxxxxxx>; draft-ietf-lamps-rfc5750-bis.all@xxxxxxxx; IETF discussion list <ietf@xxxxxxxx>
Subject: Re: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05

 

probably "parse" not "parser"

 

 

On Wed, May 2, 2018 at 5:01 PM, Jim Schaad <ietf@xxxxxxxxxxxxxxxxx> wrote:



> -----Original Message-----
> From: Matthew Miller <linuxwolf+ietf@xxxxxxxxxxxxxxxx>
> Sent: Saturday, April 21, 2018 8:30 AM
> To: secdir@xxxxxxxx
> Cc: spasm@xxxxxxxx; draft-ietf-lamps-rfc5750-bis.all@xxxxxxxx; ietf@xxxxxxxx
> Subject: Secdir last call review of draft-ietf-lamps-rfc5750-bis-05
>

> Reviewer: Matthew Miller
> Review result: Has Nits
>
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments
> just like any other last call comments.
>
> Document: draft-ietf-lamps-rfc5750-bis-05
> Reviewer: Matthew A. Miller
> Review Date: 2018-04-21
> IETF LC End Date: 2018-04-27
> IESG Telechat date: N/A
>
> Summary:
>
> This document is ready, but there is one nit around PKCS #6 handling that
> might benefit from explanation.
>
> This document describes the certificate handling expectations for senders
> and receivers of S/MIME 4.0.  It obsoletes RFC 5750, adding requirements to
> support internationalized email addresses, increase RSA minimum key sizes,
> and support ECDSA using P-256 and Ed25519; older algorithms such as DSA,
> MD5, and SHA-1 are relegated to historical.
>
> Major Issues: N/A
>
> Minor Issues: N/A
>
> Nits:
>
> Section 2.2.1. "Historical Note about CMS Certificates" is almost entired
> unchanged, but added a requirement that receivers MUST be able to process
> PCKS #6 extended certificates.  This almost seems at odds with the rest of
> the paragraph that precedes this MUST, noting PKCS #6 has little use and
> PKIX is functionally equivalent.
> A short explanation of why this additional handling requirement would seem
> helpful.

How about the following which is just a description of what we are looking for in terms of behavior.

   Receiving agents MUST be able to parser and process a message containing PKCS #6 extended certificates although ignoring those certificates is expected behavior.


 


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux