[Smcwg-public] IETF LAMPS discussion re SMIME sample certs

Tim Hollebeek tim.hollebeek at digicert.com
Thu Jun 3 19:08:27 UTC 2021


Yup, I also think 25519 should be allowed by the S/MIME BRs, more or less for the reasons Dimitris stated.

 

-Tim

 

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Smcwg-public
Sent: Thursday, June 3, 2021 3:04 AM
To: Corey Bonnell <Corey.Bonnell at digicert.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] IETF LAMPS discussion re SMIME sample certs

 

 

On 3/6/2021 12:40 π.μ., Corey Bonnell wrote:

Do we know which mail clients support EdDSA? Fleshing out the SBRs with the relevant bits from RFC 8410 seems straightforward enough, but I’m wondering if it won’t be used in practice due to lack of client application support.


Section 2.2 of RFC8551 (S/MIME 4.0) states that receiving agents MUST support EdDSA with curve25519 using PureEdDSA mode and sending agents MUST support at least one of the following algorithms: ECDSA with curve P-256 and SHA-256, or EdDSA with curve25519 using PureEdDSA mode. 

Additionally, section 2.3 states that both sending and receiving clients MUST support ECDH ephemeral-static mode for X25519 using HKDF-256 for the KDF.

Therefore, we (HARICA) believe that the BRs should not be a blocking factor for innovation by prohibiting the use of a modern, secure cryptographic algorithm. I guess it's a chicken-egg problem. If there are blocking factors, nobody will attempt to implement. Obviously I don't have any strong feelings at this time, just thought to share HARICA's thoughts with the larger group.


Dimitris.





 

Thanks,

Corey

 

From: Smcwg-public  <mailto:smcwg-public-bounces at cabforum.org> <smcwg-public-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Smcwg-public
Sent: Wednesday, June 2, 2021 5:36 AM
To: smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> 
Subject: Re: [Smcwg-public] IETF LAMPS discussion re SMIME sample certs

 


I would recommend allowing EdDSA in the S/MIME BRs.

Dimitris.

On 18/5/2021 4:12 μ.μ., Stephen Davidson via Smcwg-public wrote:

FYI – a selection of text SMIME certs, and related discussion.

 

https://mailarchive.ietf.org/arch/msg/spasm/ZJi4W5vYuOf-pzL-TBGUV419yM4/

This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF.

 

Title              : S/MIME Example Keys and Certificates

Author          : Daniel Kahn Gillmor

Filename      : draft-ietf-lamps-samples-03.txt

Pages            : 36

Date              : 2021-05-14

 

Abstract:

   The S/MIME development community benefits from sharing samples of

   signed or encrypted data.  This document facilitates such

   collaboration by defining a small set of X.509v3 certificates and

   keys for use when generating such samples.

 

The IETF datatracker status page for this draft is:

https://datatracker.ietf.org/doc/draft-ietf-lamps-samples/

 






_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/smcwg-public

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210603/a93d0c48/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210603/a93d0c48/attachment.p7s>


More information about the Smcwg-public mailing list