Re: More mail madness?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On May 14, 2018, at 1:02 PM, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote:



On May 14, 2018, at 12:35 PM, Paul Wouters <paul@xxxxxxxxx> wrote:


So that’s the bandaid. What and where will work be done on a solution?

A CBC-MAC (or some other suitable ciphertext MAC) would probably help to
defeat tampering with the CBC ciphertext.  As would encrypt-then-sign
(rather than the more typical for S/MIME sign-then-encrypt), but S/MIME
signatures are optional, so a ciphertext MAC seems appropriate.

https://www.ietf.org/id/draft-ietf-lamps-rfc5751-bis-08.txt

This document has already been sent to the IESG.  It says:
Sending and receiving agents:

   -  MUST support encryption and decryption with AES-128 GCM and
      AES-256 GCM [RFC5084].
Russ

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux