Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection
draft-ietf-lamps-cms-update-alg-id-protect-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2024-01-26
|
05 | Gunter Van de Velde | Request closed, assignment withdrawn: Carlos Martínez Last Call OPSDIR review |
2024-01-26
|
05 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'Overtaken by Events': Cleaning up stale OPSDIR queue |
2020-10-06
|
05 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2020-10-05
|
05 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2020-09-04
|
05 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2020-08-31
|
05 | (System) | IANA Action state changed to No IANA Actions from In Progress |
2020-08-31
|
05 | (System) | RFC Editor state changed to EDIT |
2020-08-31
|
05 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2020-08-31
|
05 | (System) | Announcement was received by RFC Editor |
2020-08-31
|
05 | (System) | IANA Action state changed to In Progress |
2020-08-31
|
05 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2020-08-31
|
05 | Amy Vezza | IESG has approved the document |
2020-08-31
|
05 | Amy Vezza | Closed "Approve" ballot |
2020-08-31
|
05 | Amy Vezza | Ballot approval text was generated |
2020-08-31
|
05 | Roman Danyliw | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup |
2020-08-27
|
05 | Russ Housley | New version available: draft-ietf-lamps-cms-update-alg-id-protect-05.txt |
2020-08-27
|
05 | (System) | New version accepted (logged-in submitter: Russ Housley) |
2020-08-27
|
05 | Russ Housley | Uploaded new revision |
2020-08-27
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2020-08-27
|
04 | Russ Housley | New version available: draft-ietf-lamps-cms-update-alg-id-protect-04.txt |
2020-08-27
|
04 | (System) | New version accepted (logged-in submitter: Russ Housley) |
2020-08-27
|
04 | Russ Housley | Uploaded new revision |
2020-08-27
|
03 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from IESG Evaluation |
2020-08-27
|
03 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2020-08-26
|
03 | Warren Kumari | [Ballot Position Update] New position, Yes, has been recorded for Warren Kumari |
2020-08-26
|
03 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2020-08-26
|
03 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2020-08-26
|
03 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2020-08-26
|
03 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2020-08-25
|
03 | Peter Yee | Request for Telechat review by GENART Completed: Ready with Nits. Reviewer: Peter Yee. Sent review to list. |
2020-08-25
|
03 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2020-08-25
|
03 | Benjamin Kaduk | [Ballot comment] Thanks for this; it's perhaps a bit overdue. Section-by-section comments below. Section 1 In an algorithm substitution attack, the attacker looks for … [Ballot comment] Thanks for this; it's perhaps a bit overdue. Section-by-section comments below. Section 1 In an algorithm substitution attack, the attacker looks for a different algorithm that produces the same result as the algorithm used by the originator. As an example, if the signer of a message used SHA-256 [SHS] as the digest algorithm to hash the message content, then the attacker looks for a weaker hash algorithm that produces a result that is of the same length. The attacker's goal is to find a different message that results in the same hash value, which is commonly called a collision. [...] The described scenario seems to be a cross-algorithm collision, which is not, in my experience, the most common usage of the unqualified term "collision". In some sense, it seems that the task for an attacker is to find (within the context of the "weak" algorithm) a first preimage for the digest value that is computed by the honest participant (and is likely to be using a "strong" algorithm). Further, when a digest algorithm produces a larger result than is needed by a digital signature algorithm, the digest value is reduced to the size needed by the signature algorithm. This can be done both by truncation and modulo operations, with the simplest being straightforward truncation. [...] (But which of truncation and modulo is to be used is fixed by the algorithm ID, right? Perhaps a slight rewording to avoid indicating that the attacker has a free choice is in order.) This document makes two updates to CMS to provide similar protection for the algorithm identifier. [...] nit: the discussion of how X.509 protects the algorithm identifier/parameters was four paragraphs ago, already; I'd suggest a bit more exposition about what we're providing "similar protection" as. Section 3.1 The preexisting text allows implementations to fail to validate signatures in some cases (when using a digest algorithm not included in the SignedData digestAlgorithms set); do we want to say anything about allowing (or requiring?) implementations to fail to validate signatures if the two digest algorithms are different? Section 3.2 When the signedAttrs field is present, the same digest algorithm MUST be used to compute the digest of the encapContentInfo eContent OCTET STRING, which is carried in the message-digest attribute, and the collection of attributes that are signed. nit: there may be a grammar nit here, relating to the parallelism of "compute the digest of" -- I think "the collection of attributes that are signed" should also have an "of" or "digest of" prefix. Section 3.5 When producing the TimeStampToken, the TSA MUST use same digest algorithm to compute the digest of the encapContentInfo eContent, which is an OCTET STRING that contains the TSTInfo, and the message- digest attribute within the SignerInfo. (There's an implicit "in order to comply with the requirement introduced above" in here, right?) To ensure that TimeStampToken values that were generated before this update remain valid, no requirement is placed on a TSA to ensure that the digest algorithm for the TimeStampToken matches the digest algorithm for the MessageImprint embedded within the TSTTokenInfo. I assume that "TSTTokenInfo" is a typo for "TSTInfo"? Section 4 I like this quote from RFC 6211: % There is a convention, undocumented as far as I % can tell, that the same hash algorithm should be used for both the % content digest and the signature digest. [...] It seems we are now documenting this as more than just convention :) This section updates [RFC5652] to recommend that the originator include the CMSAlgorithmProtection attribute [RFC6211] whenever signed attributes or authenticated attributes are present. Why is the recommendation scoped to only the case when protected attributes are already present? Is the recommendation not generically applicable even when this would be the only protected attribute? Section 6 The security properties of the CMS [RFC5652] signed-data and authenticated-data content types are updated to ensure that algorithm identifiers are adequately protected, which makes algorithm substitution attacks significantly more difficult. Is "ensure" the right word when we only recommend (not require) the use of the CMSAlgorithmProtection attribute? Therefore, it remains important that a signer have a way to signal to a recipient which digest algorithms are allowed to be used in conjunction with the verification of an overall signature. This signalling can be done as part of the specification of the signature algorithm in an X.509v3 certificate extension [RFC5280], or some I'm not entirely sure I'm picturing what is intended by "part of the specification of the signature algorithm in an X.509v3 certificate extension" -- how is the signature algorithm relying on an X.509v3 extension? The CMSAlgorithmProtection attribute [RFC6211] offers protection for the algorithm identifiers used in the signed-data and authenticated- data content types. However, no protection is provided for the algorithm identifiers in the enveloped-data, digested-data, or encrypted-data content types. Likewise, The CMSAlgorithmProtection attribute provides no protection for the algorithm identifiers used in the authenticated-enveloped-data content type defined in [RFC5083]. I feel like we should say something about why we do not provide protection for those content types (e.g., why it is believed to be safe to not have such protection). Section 8.2 The reference to RFC 3161 in Section 3.5 is facially adding a new MUST-level requirement for processing of the structures from RFC 3161, which would qualify as a normative reference in my interpretation of https://www.ietf.org/about/groups/iesg/statements/normative-informative-references/ . (However, I believe that the "MUST" in that section is just repeating the requirement from a previous section in the more-specific context, so could safely be rewritten to not have the appearance of a new normative requirement, in which case RFC 3161 could properly remain as an informative reference.) |
2020-08-25
|
03 | Benjamin Kaduk | [Ballot Position Update] New position, No Objection, has been recorded for Benjamin Kaduk |
2020-08-25
|
03 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2020-08-24
|
03 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2020-08-20
|
03 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2020-08-20
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Peter Yee |
2020-08-20
|
03 | Jean Mahoney | Request for Telechat review by GENART is assigned to Peter Yee |
2020-08-20
|
03 | Jean Mahoney | Closed request for Last Call review by GENART with state 'Overtaken by Events' |
2020-08-20
|
03 | Jean Mahoney | Assignment of request for Last Call review by GENART to Jouni Korhonen was marked no-response |
2020-08-20
|
03 | Roman Danyliw | IESG state changed to IESG Evaluation from Waiting for Writeup |
2020-08-19
|
03 | Erik Kline | [Ballot comment] [ section 1 ] * "the associate parameters" -> "the associated parameters" perhaps [ section 3.5 ] * "the TSA MUST use same … [Ballot comment] [ section 1 ] * "the associate parameters" -> "the associated parameters" perhaps [ section 3.5 ] * "the TSA MUST use same digest" -> "the TSA MUST use the same digest" I think |
2020-08-19
|
03 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2020-08-19
|
03 | Amy Vezza | Placed on agenda for telechat - 2020-08-27 |
2020-08-19
|
03 | Roman Danyliw | Ballot has been issued |
2020-08-19
|
03 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2020-08-19
|
03 | Roman Danyliw | Created "Approve" ballot |
2020-08-19
|
03 | Roman Danyliw | Ballot writeup was changed |
2020-08-10
|
03 | Robert Sparks | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Robert Sparks. Sent review to list. |
2020-08-10
|
03 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2020-08-10
|
03 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-lamps-cms-update-alg-id-protect-02, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has reviewed draft-ietf-lamps-cms-update-alg-id-protect-02, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2020-08-10
|
03 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2020-08-07
|
03 | Russ Housley | New version available: draft-ietf-lamps-cms-update-alg-id-protect-03.txt |
2020-08-07
|
03 | (System) | New version accepted (logged-in submitter: Russ Housley) |
2020-08-07
|
03 | Russ Housley | Uploaded new revision |
2020-08-06
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Robert Sparks |
2020-08-06
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Robert Sparks |
2020-08-04
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Carlos Martínez |
2020-08-04
|
02 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Carlos Martínez |
2020-07-31
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Jouni Korhonen |
2020-07-31
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Jouni Korhonen |
2020-07-27
|
02 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2020-07-27
|
02 | Amy Vezza | The following Last Call announcement was sent out (ends 2020-08-10): From: The IESG To: IETF-Announce CC: lamps-chairs@ietf.org, tim.hollebeek@digicert.com, draft-ietf-lamps-cms-update-alg-id-protect@ietf.org, Tim Hollebeek , … The following Last Call announcement was sent out (ends 2020-08-10): From: The IESG To: IETF-Announce CC: lamps-chairs@ietf.org, tim.hollebeek@digicert.com, draft-ietf-lamps-cms-update-alg-id-protect@ietf.org, Tim Hollebeek , spasm@ietf.org, rdd@cert.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection) to Proposed Standard The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2020-08-10. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document updates the Cryptographic Message Syntax (CMS) specified in RFC 5652 to ensure that algorithm identifiers in signed- data and authenticated-data content types are adequately protected. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-update-alg-id-protect/ No IPR declarations have been submitted directly on this I-D. |
2020-07-27
|
02 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2020-07-27
|
02 | Roman Danyliw | Last call was requested |
2020-07-27
|
02 | Roman Danyliw | Last call announcement was generated |
2020-07-27
|
02 | Roman Danyliw | Ballot approval text was generated |
2020-07-27
|
02 | Roman Danyliw | Ballot writeup was generated |
2020-07-27
|
02 | Roman Danyliw | IESG state changed to Last Call Requested from Publication Requested |
2020-07-27
|
02 | Roman Danyliw | AD Review: https://mailarchive.ietf.org/arch/msg/spasm/Bz-CNNjnHGmtHOKpMN81uYvwtgA/ |
2020-07-02
|
02 | Tim Hollebeek | Shepherd Write-up for draft-ietf-lamps-cms-update-alg-id-protect-02 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-cms-update-alg-id-protect-02 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the title page indicates that type of RFC. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document updates the Cryptographic Message Syntax as specified in RFC 5652 to ensure that algorithm identifiers in signed-data and authenticated-data content types are adequately protected. It does so by making two changes: requiring that the originator use the same hash algorithm to compute the digest of the message content and the digest of signed attributes, and recommends that the originator use the CMSAlgorithmProtection attribute [RFC6211]. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: The document is well-written and easy to understand. Personnel: Tim Hollebeek is the document shepherd. Roman Danyliw is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd and other LAMPS WG participants reviewed the document during WG Last Call. All issues raised have been resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No special review needed. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The author explicitly stated that he is unaware of any unexpired IPR related to this document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted against this Internet-Draft. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. IDNits review reports no errors or warnings. The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. None needed. (13) Have all references within this document been identified as either normative or informative? Yes, the references are divided into normative and informative. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All references are already published. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. The document updates RFC 5652, and this is listed in the title page header and abstract. The introduction discusses the reasons for updating the document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). The document does not require any action from IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. The document does not contain any sections written in a formal language. |
2020-07-02
|
02 | Tim Hollebeek | Responsible AD changed to Roman Danyliw |
2020-07-02
|
02 | Tim Hollebeek | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2020-07-02
|
02 | Tim Hollebeek | IESG state changed to Publication Requested from I-D Exists |
2020-07-02
|
02 | Tim Hollebeek | IESG process started in state Publication Requested |
2020-06-30
|
02 | Tim Hollebeek | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2020-06-30
|
02 | Tim Hollebeek | IETF WG state changed to In WG Last Call from WG Document |
2020-06-30
|
02 | Tim Hollebeek | Shepherd Write-up for draft-ietf-lamps-cms-update-alg-id-protect-02 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-cms-update-alg-id-protect-02 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the title page indicates that type of RFC. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document updates the Cryptographic Message Syntax as specified in RFC 5652 to ensure that algorithm identifiers in signed-data and authenticated-data content types are adequately protected. It does so by making two changes: requiring that the originator use the same hash algorithm to compute the digest of the message content and the digest of signed attributes, and recommends that the originator use the CMSAlgorithmProtection attribute [RFC6211]. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: The document is well-written and easy to understand. Personnel: Tim Hollebeek is the document shepherd. Roman Danyliw is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd and other LAMPS WG participants reviewed the document during WG Last Call. All issues raised have been resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No special review needed. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The author explicitly stated that he is unaware of any unexpired IPR related to this document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted against this Internet-Draft. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. IDNits review reports no errors or warnings. The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. None needed. (13) Have all references within this document been identified as either normative or informative? Yes, the references are divided into normative and informative. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All references are already published. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. The document updates RFC 5652, and this is listed in the title page header and abstract. The introduction discusses the reasons for updating the document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). The document does not require any action from IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. The document does not contain any sections written in a formal language. |
2020-06-30
|
02 | Tim Hollebeek | Shepherd Write-up for draft-ietf-lamps-cms-mix-with-psk-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the … Shepherd Write-up for draft-ietf-lamps-cms-mix-with-psk-04 (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Proposed Standard. Yes, the title page indicates that type of RFC. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document updates the Cryptographic Message Syntax as specified in RFC 5652 to ensure that algorithm identifiers in signed-data and authenticated-data content types are adequately protected. It does so by making two changes: requiring that the originator use the same hash algorithm to compute the digest of the message content and the digest of signed attributes, and recommends that the originator use the CMSAlgorithmProtection attribute [RFC6211]. Working Group Summary: There is consensus for this document in the LAMPS WG. Document Quality: The document is well-written and easy to understand. Personnel: Tim Hollebeek is the document shepherd. Roman Danyliw is the responsible area director. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd and other LAMPS WG participants reviewed the document during WG Last Call. All issues raised have been resolved. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No concerns. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No special review needed. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? The author explicitly stated that he is unaware of any unexpired IPR related to this document. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosures have been submitted against this Internet-Draft. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is consensus for this document in the LAMPS WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. IDNits review reports no errors or warnings. The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. None needed. (13) Have all references within this document been identified as either normative or informative? Yes, the references are divided into normative and informative. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All references are already published. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. There are no downward references. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. The document updates RFC 5652, and this is listed in the title page header and abstract. The introduction discusses the reasons for updating the document. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). The document does not require any action from IANA. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries are needed. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. The document does not contain any sections written in a formal language. |
2020-06-30
|
02 | Tim Hollebeek | Changed consensus to Yes from Unknown |
2020-06-30
|
02 | Tim Hollebeek | Intended Status changed to Proposed Standard from None |
2020-06-30
|
02 | Tim Hollebeek | Notification list changed to Tim Hollebeek <tim.hollebeek@digicert.com> |
2020-06-30
|
02 | Tim Hollebeek | Document shepherd changed to Tim Hollebeek |
2020-05-28
|
02 | Russ Housley | New version available: draft-ietf-lamps-cms-update-alg-id-protect-02.txt |
2020-05-28
|
02 | (System) | New version accepted (logged-in submitter: Russ Housley) |
2020-05-28
|
02 | Russ Housley | Uploaded new revision |
2020-03-26
|
01 | Russ Housley | Added to session: interim-2020-lamps-01 |
2020-03-09
|
01 | Russ Housley | New version available: draft-ietf-lamps-cms-update-alg-id-protect-01.txt |
2020-03-09
|
01 | (System) | New version approved |
2020-03-09
|
01 | (System) | Request for posting confirmation emailed to previous authors: Russ Housley |
2020-03-09
|
01 | Russ Housley | Uploaded new revision |
2020-01-22
|
00 | Tim Hollebeek | This document now replaces draft-housley-lamps-cms-update-alg-id-protect instead of None |
2020-01-22
|
00 | Russ Housley | New version available: draft-ietf-lamps-cms-update-alg-id-protect-00.txt |
2020-01-22
|
00 | (System) | WG -00 approved |
2020-01-21
|
00 | Russ Housley | Set submitter to "Russ Housley ", replaces to draft-housley-lamps-cms-update-alg-id-protect and sent approval email to group chairs: lamps-chairs@ietf.org |
2020-01-21
|
00 | Russ Housley | Uploaded new revision |