[Smcwg-public] IETF LAMPS discussion re SMIME sample certs

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Jun 3 07:03:35 UTC 2021 


On 3/6/2021 12:40 π.μ., Corey Bonnell wrote:
>
> Do we know which mail clients support EdDSA? Fleshing out the SBRs 
> with the relevant bits from RFC 8410 seems straightforward enough, but 
> I’m wondering if it won’t be used in practice due to lack of client 
> application support.
>

Section 2.2 of RFC8551 (S/MIME 4.0) states that receiving agents MUST 
support EdDSA with curve25519 using PureEdDSA mode and sending agents 
MUST support at least one of the following algorithms: ECDSA with curve 
P-256 and SHA-256, or EdDSA with curve25519 using PureEdDSA mode.

Additionally, section 2.3 states that both sending and receiving clients 
MUST support ECDH ephemeral-static mode for X25519 using HKDF-256 for 
the KDF.

Therefore, we (HARICA) believe that the BRs should not be a blocking 
factor for innovation by prohibiting the use of a modern, secure 
cryptographic algorithm. I guess it's a chicken-egg problem. If there 
are blocking factors, nobody will attempt to implement. Obviously I 
don't have any strong feelings at this time, just thought to share 
HARICA's thoughts with the larger group.


Dimitris.


> Thanks,
>
> Corey
>
> *From:* Smcwg-public <smcwg-public-bounces at cabforum.org> *On Behalf Of 
> *Dimitris Zacharopoulos (HARICA) via Smcwg-public
> *Sent:* Wednesday, June 2, 2021 5:36 AM
> *To:* smcwg-public at cabforum.org
> *Subject:* Re: [Smcwg-public] IETF LAMPS discussion re SMIME sample certs
>
>
> I would recommend allowing EdDSA in the S/MIME BRs.
>
> Dimitris.
>
> On 18/5/2021 4:12 μ.μ., Stephen Davidson via Smcwg-public wrote:
>
>     FYI – a selection of text SMIME certs, and related discussion.
>
>     https://mailarchive.ietf.org/arch/msg/spasm/ZJi4W5vYuOf-pzL-TBGUV419yM4/
>     <https://mailarchive.ietf.org/arch/msg/spasm/ZJi4W5vYuOf-pzL-TBGUV419yM4/>
>
>     This draft is a work item of the Limited Additional Mechanisms for
>     PKIX and SMIME WG of the IETF.
>
>     Title     : S/MIME Example Keys and Certificates
>
>     Author : Daniel Kahn Gillmor
>
>     Filename      : draft-ietf-lamps-samples-03.txt
>
>     Pages     : 36
>
>     Date         : 2021-05-14
>
>     Abstract:
>
>        The S/MIME development community benefits from sharing samples of
>
>        signed or encrypted data.  This document facilitates such
>
>        collaboration by defining a small set of X.509v3 certificates and
>
>        keys for use when generating such samples.
>
>     The IETF datatracker status page for this draft is:
>
>     https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/
>     <https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/>
>
>
>
>     _______________________________________________
>
>     Smcwg-public mailing list
>
>     Smcwg-public at cabforum.org  <mailto:Smcwg-public at cabforum.org>
>
>     https://lists.cabforum.org/mailman/listinfo/smcwg-public  <https://lists.cabforum.org/mailman/listinfo/smcwg-public>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210603/c160581e/attachment-0001.html>

More information about the Smcwg-public mailing list