Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS)
RFC 9044

Received changes through RFC Editor sync (created alias RFC 9044, changed abstract to 'This document specifies the conventions for using the AES-GMAC Message Authentication Code algorithm with the Cryptographic Message Syntax (CMS) as specified in RFC 5652.', changed pages to 9, changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2021-06-08, changed IESG state to RFC Published)

[Ballot comment]
Should there be any comments in the security consideration section about the security implications of using 96-bit truncated tags?

I know that shorter tags have significant vulnerabilities against forgery attempts where successful forgery can be detected. John Mattsson and I wrote a paper identifying why shorter tags would be very bad in SRTP in 2015. https://eprint.iacr.org/2015/477.pdf

I guess the possibility to figure out if CMS forgery attempts are successful depends on what the CMS is used for.

[Ballot comment]
Section 7

  Implementers should be aware that cryptographic algorithms become
  weaker with time.  As new cryptanalysis techniques are developed and
  computing performance improves, the work factor to break a particular
  cryptographic algorithm will reduce.  Therefore, cryptographic
  algorithm implementations should be modular allowing new algorithms
  to be readily inserted.  That is, implementers should be prepared to
  regularly update the set of algorithms in their implementations.

I think that BCP 201 is a good reference for further reading here.

Section 8.2

If we're importing ASN.1 bits from RFC 5912, doesn't that make it a
normative reference?

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-lamps-cms-aes-gmac-alg-03. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete.

In the SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) registry on the Structure of Management Information (SMI) Numbers (MIB Module Registrations) registry page located at:

https://www.iana.org/assignments/smi-numbers/

a single, new registration is to be made as follows:

Decimal: [ TBD-at-Registration ]
Description: id-mod-aes-gmac-alg-2020
Reference: [ RFC-to-be ]

As this document requests registrations in a Specification Required (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. This review must be completed before the document's IANA state can be changed to "IANA OK."

The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2021-02-19):

From: The IESG
To: IETF-Announce
CC: draft-ietf-lamps-cms-aes-gmac-alg@ietf.org, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org, tim.hollebeek@digicert.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS)) to Proposed Standard


The IESG has received a request from the Limited Additional Mechanisms for
PKIX and SMIME WG (lamps) to consider the following document: - 'Using the
AES-GMAC Algorithm with the Cryptographic Message Syntax
  (CMS)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2021-02-19. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document specifies the conventions for using the AES-GMAC
  Message Authentication Code algorithms with the Cryptographic Message
  Syntax (CMS) as specified in RFC 5652.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-aes-gmac-alg/



No IPR declarations have been submitted directly on this I-D.

Shepherd Write-up for draft-ietf-lamps-cms-aes-mac-alg-02


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)?  Why is this the proper type of RFC?  Is this type of RFC indicated in the title page header?

  Proposed Standard.  Yes, the title page indicates that type of RFC.
 

(2) The IESG approval announcement includes a Document Announcement Write-Up.  Please provide such a Document Announcement Write-Up.  Recent examples can be found in the "Action" announcements for approved documents.  The approval announcement contains the following sections:

  Technical Summary:

  This document specifies the conventions for using the AES-GMAC
  Message Authentication Code algorithms with the Cryptographic Message
  Syntax (CMS) as specified in RFC 5652.

  Working Group Summary:

  There is consensus for this document in the LAMPS WG.

  Document Quality:

  The document is well-written and easy to understand.

  Personnel:

    Tim Hollebeek is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by the Document Shepherd.  If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

  The document shepherd and other LAMPS WG participants reviewed the
  document during WG Last Call.  All issues raised have been resolved.


(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization?  If so, describe the review that took place.

  No special review needed.


(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of?  For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it.  In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed.  If not, explain why?

  The author explicitly stated that he is unaware of any IPR related to this document.


(8) Has an IPR disclosure been filed that references this document?  If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

  No IPR disclosures have been submitted against this Internet-Draft.


(9) How solid is the WG consensus behind this document?  Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?  If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director.  (It should be in a separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this document.  (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist).  Boilerplate checks are not enough; this check needs to be thorough.

IDNits review reports no errors or warnings.  The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

  None needed.


(13) Have all references within this document been identified as either normative or informative?

  Yes, the references are divided into normative and informative.


(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state?  If such normative references exist, what is the plan for their completion?

  All references are already published.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the Last Call procedure.

  There are no downward references.


(16) Will publication of this document change the status of any existing RFCs?  Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction?  If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed.  If this information is not in the document, explain why the WG considers it unnecessary.

  It will not.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document.  Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

  The document registers one new OID in an existing registry.  The registry is unambigiously identified by full title and OID.
  Addition of this OID to this registry is appropriate and necessary.

(18) List any new IANA registries that require Expert Review for future allocations.  Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.
 
  Section 5 contains an ASN.1 module.  The document shepherd reviewed it line by line, and then compiled it with no errors.

Shepherd Write-up for draft-ietf-lamps-cms-aes-mac-alg-02


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)?  Why is this the proper type of RFC?  Is this type of RFC indicated in the title page header?

  Proposed Standard.  Yes, the title page indicates that type of RFC.
 

(2) The IESG approval announcement includes a Document Announcement Write-Up.  Please provide such a Document Announcement Write-Up.  Recent examples can be found in the "Action" announcements for approved documents.  The approval announcement contains the following sections:

  Technical Summary:

  This document specifies the conventions for using the AES-GMAC
  Message Authentication Code algorithms with the Cryptographic Message
  Syntax (CMS) as specified in RFC 5652.

  Working Group Summary:

  There is consensus for this document in the LAMPS WG.

  Document Quality:

  The document is well-written and easy to understand.

  Personnel:

    Tim Hollebeek is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by the Document Shepherd.  If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

  The document shepherd and other LAMPS WG participants reviewed the
  document during WG Last Call.  All issues raised have been resolved.


(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization?  If so, describe the review that took place.

  No special review needed.


(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of?  For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it.  In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed.  If not, explain why?

  The author explicitly stated that he is unaware of any IPR related to this document.


(8) Has an IPR disclosure been filed that references this document?  If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

  No IPR disclosures have been submitted against this Internet-Draft.


(9) How solid is the WG consensus behind this document?  Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?  If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director.  (It should be in a separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this document.  (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist).  Boilerplate checks are not enough; this check needs to be thorough.

IDNits review reports no errors or warnings.  The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

  None needed.


(13) Have all references within this document been identified as either normative or informative?

  Yes, the references are divided into normative and informative.


(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state?  If such normative references exist, what is the plan for their completion?

  All references are already published.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the Last Call procedure.

  There are no downward references.


(16) Will publication of this document change the status of any existing RFCs?  Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction?  If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed.  If this information is not in the document, explain why the WG considers it unnecessary.

  It will not.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document.  Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

  The document registers one new OID in an existing registry.  The registry is unambigiously identified by full title and OID.
  Addition of this OID to this registry is appropriate and necessary.

(18) List any new IANA registries that require Expert Review for future allocations.  Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.
 
  Section 5 contains an ASN.1 module.  The document shepherd reviewed it line by line, and then compiled it with no errors.