Ballot for draft-ietf-lamps-cms-aes-gmac-alg
Yes
No Objection
Note: This ballot was opened for revision 03 and is now closed.
Thank you - even I understood some of it :-)
Section 7 Implementers should be aware that cryptographic algorithms become weaker with time. As new cryptanalysis techniques are developed and computing performance improves, the work factor to break a particular cryptographic algorithm will reduce. Therefore, cryptographic algorithm implementations should be modular allowing new algorithms to be readily inserted. That is, implementers should be prepared to regularly update the set of algorithms in their implementations. I think that BCP 201 is a good reference for further reading here. Section 8.2 If we're importing ASN.1 bits from RFC 5912, doesn't that make it a normative reference?
Should there be any comments in the security consideration section about the security implications of using 96-bit truncated tags? I know that shorter tags have significant vulnerabilities against forgery attempts where successful forgery can be detected. John Mattsson and I wrote a paper identifying why shorter tags would be very bad in SRTP in 2015. https://eprint.iacr.org/2015/477.pdf I guess the possibility to figure out if CMS forgery attempts are successful depends on what the CMS is used for.
Easy to read and understand. Thank you.