Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
draft-ietf-lamps-crmf-update-algs-07

[Ballot comment]
Where is the use of ECC with CRMF specified?  RFC 4211 itself only
covers RSA, (FF)DH, and DSA as the listed private-key options that have
a PrivateKeyInfo structure defined.

Other than that I only have nits and a request to reclassify a
reference.

Section 3

      algId identifies the algorithm used to compute the MAC value.  All
      implementations MUST support id-PasswordBasedMAC as presented in
      Section 4.4 of [RFC4211].  Implementations MAY also support PBMAC1
      presented in Section 7.1 of [RFC8018].

nit: s/PBMAC1 presented/PBMAC1 as presented/

Section 4.4

      mac identifies the algorithm and associated parameters of the MAC
      function to be used.  All implementations MUST support HMAC-SHA256
      [HMAC].  All implementations SHOULD support AES-GMAC AES [GMAC]
      with a 128 bit key.

nit: s/ AES / /
nit: s/128 bit/128-bit/

  When this object identifier is used in the ASN.1 algorithm
  identifier, the parameters SHOULD be present.  When present, the
  parameters MUST contain a type of NULL.

nit: I suggest starting the sentence with "Also per [RFC4231],".

Section 6

  function.  In 2010, researchers showed that about half of the real-
  world passwords can be broken with less than 150 million trials,

nit: s/the real-world passwords/the real-world passwords in a leaked
corpus/ (or similar)

Section 8.2

I tihnk draft-ietf-lamps-cms-aes-gmac-alg needs to be a normative
reference, since we SHOULD support AES128-GMAC.

[Ballot comment]
"HMAC-SHA1 [HMAC][SHS] is not boken yet, but there are much stronger alternatives [RFC6194]."

Yup, it ain't borken yet, but it might be broken soon... I was somewhat conflicted as to if I should point this out or not -- I'd dearly love us to start referring to things as boken (or borken) as it has a nice tie to borked....

[Ballot comment]
"Copyright Notice", paragraph 1, comment:

Shouldn't this document use the pre5378Trust200902 boilerplate, since it quotes
from RFC4211? Or have the authors of RFC4211 given copyright to the Trust?

-------------------------------------------------------------------------------
All comments below are very minor change suggestions that you may choose to
incorporate in some way (or ignore), as you see fit. There is no need to let me
know what you did with these suggestions.

Section 1, paragraph 3, nit:
-    *  HMAC-SHA1 [HMAC][SHS] is not boken yet, but there are much
+    *  HMAC-SHA1 [HMAC][SHS] is not broken yet, but there are much
+                                    +

The following URLs in the document failed to return content:
* http://www.ietf.org/internet-drafts/draft-ietf-lamps-cms-aes-gmac-alg-02.txt

[Ballot comment]
Thank you for the work on this document. I only have one typo and one very minor comment, feel free to take them or leave them.

Francesca

1. -----

  *  HMAC-SHA1 [HMAC][SHS] is not boken yet, but there are much

FP: s/boken/broken

2. -----

  The algorithm identifier for HMAC-SHA256 is defined in [RFC4231]:

  The algorithm identifier for AES-GMAC [AES][GMAC] with a 128-bit key

FP: suggestion to replace "identifier" with "ASN.1 object identifier"

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-ietf-lamps-crmf-update-algs-04, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist

The following Last Call announcement was sent out (ends 2021-03-26):

From: The IESG
To: IETF-Announce
CC: draft-ietf-lamps-crmf-update-algs@ietf.org, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org, tim.hollebeek@digicert.com
Reply-To: last-call@ietf.org
Sender:
Subject: Last Call:  (Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)) to Proposed Standard


The IESG has received a request from the Limited Additional Mechanisms for
PKIX and SMIME WG (lamps) to consider the following document: - 'Algorithm
Requirements Update to the Internet X.509 Public Key
  Infrastructure Certificate Request Message Format (CRMF)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2021-03-26. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document updates the cryptographic algorithm requirements for
  the Password-Based Message Authentication Code in the Internet X.509
  Public Key Infrastructure Certificate Request Message Format (CRMF)
  specified in RFC 4211.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lamps-crmf-update-algs/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc8018: PKCS #5: Password-Based Cryptography Specification Version 2.1 (Informational - Internet Engineering Task Force (IETF))

Shepherd Write-up for draft-ietf-lamps-crmf-update-algs-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)?  Why is this the proper type of RFC?  Is this type of RFC indicated in the title page header?

  Proposed Standard.  Yes, the title page indicates that type of RFC.
 

(2) The IESG approval announcement includes a Document Announcement Write-Up.  Please provide such a Document Announcement Write-Up.  Recent examples can be found in the "Action" announcements for approved documents.  The approval announcement contains the following sections:

  Technical Summary:

  This document updates the cryptographic algorithm requirements for
  the Password-Based Message Authentication Code in the Internet X.509
  Public Key Infrastructure Certificate Request Message Format (CRMF)
  specified in RFC 4211.

  Working Group Summary:

  There is consensus for this document in the LAMPS WG.

  Document Quality:

  The document is well-written and easy to understand.

  Personnel:

    Tim Hollebeek is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by the Document Shepherd.  If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

  The document shepherd and other LAMPS WG participants reviewed the
  document during WG Last Call.  All issues raised have been resolved.


(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization?  If so, describe the review that took place.

  No special review needed.


(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of?  For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it.  In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed.  If not, explain why?

  The author has explicitly stated that he is unaware of any additional
  IP that was introduced in the updates to the document.

  The author has explicitly stated that he does not hold any IPR
  related to the document.

  RFC 4211, which is updated by this document, was published before
  the rules in RFC 5378 can into existence.  As a result, the RFC 4211
  text is considered pre-5378.  However, all of the NEW text in this
  document is contributed in accordance with RFC 5378.  The author
  believes that the disclaimer for pre-5378 work is not needed for
  this document.


(8) Has an IPR disclosure been filed that references this document?  If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

  No IPR disclosures have been submitted against this Internet-Draft.


(9) How solid is the WG consensus behind this document?  Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?  If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director.  (It should be in a separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this document.  (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist).  Boilerplate checks are not enough; this check needs to be thorough.

IDNits review reports no errors or warnings.  The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

  None needed.


(13) Have all references within this document been identified as either normative or informative?

  Yes, the references are divided into normative and informative.


(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state?  If such normative references exist, what is the plan for their completion?

  All references are already published.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the Last Call procedure.

  Yes, there is a downref to RFC 8018 that needs to be called out in the IETF
  Last Call.  After a successful IETF Last Call, please add RFC 8018 to the
  downref registry in the datatracker.

(16) Will publication of this document change the status of any existing RFCs?  Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction?  If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed.  If this information is not in the document, explain why the WG considers it unnecessary.

  It will not.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document.  Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

  The document does not require any work from IANA.

(18) List any new IANA registries that require Expert Review for future allocations.  Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.
 
  The only formal language in the document is a few lines of ASN.1, which were reviewed by the document shepherd.

Shepherd Write-up for draft-ietf-lamps-crmf-update-algs-04


(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)?  Why is this the proper type of RFC?  Is this type of RFC indicated in the title page header?

  Proposed Standard.  Yes, the title page indicates that type of RFC.
 

(2) The IESG approval announcement includes a Document Announcement Write-Up.  Please provide such a Document Announcement Write-Up.  Recent examples can be found in the "Action" announcements for approved documents.  The approval announcement contains the following sections:

  Technical Summary:

  This document updates the cryptographic algorithm requirements for
  the Password-Based Message Authentication Code in the Internet X.509
  Public Key Infrastructure Certificate Request Message Format (CRMF)
  specified in RFC 4211.

  Working Group Summary:

  There is consensus for this document in the LAMPS WG.

  Document Quality:

  The document is well-written and easy to understand.

  Personnel:

    Tim Hollebeek is the document shepherd.
    Roman Danyliw is the responsible area director.


(3) Briefly describe the review of this document that was performed by the Document Shepherd.  If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

  The document shepherd and other LAMPS WG participants reviewed the
  document during WG Last Call.  All issues raised have been resolved.


(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

  No concerns.


(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization?  If so, describe the review that took place.

  No special review needed.


(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of?  For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it.  In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

  No concerns.


(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed.  If not, explain why?

  The author has explicitly stated that he is unaware of any additional
  IP that was introduced in the updates to the document.

  The author has explicitly stated that he does not hold any IPR
  related to the document.

  RFC 4211, which is updated by this document, was published before
  the rules in RFC 5378 can into existence.  As a result, the RFC 4211
  text is considered pre-5378.  However, all of the NEW text in this
  document is contributed in accordance with RFC 5378.  The author
  believes that the disclaimer for pre-5378 work is not needed for
  this document.


(8) Has an IPR disclosure been filed that references this document?  If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

  No IPR disclosures have been submitted against this Internet-Draft.


(9) How solid is the WG consensus behind this document?  Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

  There is consensus for this document in the LAMPS WG.


(10) Has anyone threatened an appeal or otherwise indicated extreme discontent?  If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director.  (It should be in a separate email because this questionnaire is publicly available.)

  No one has threatened an appeal.


(11) Identify any ID nits the Document Shepherd has found in this document.  (See http://www.ietf.org/tools/idnits and the Internet-Drafts Checklist).  Boilerplate checks are not enough; this check needs to be thorough.

IDNits review reports no errors or warnings.  The document shepherd reviewed the Internet-Drafts checklist with respect to this draft and found no issues.

(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

  None needed.


(13) Have all references within this document been identified as either normative or informative?

  Yes, the references are divided into normative and informative.


(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state?  If such normative references exist, what is the plan for their completion?

  All references are already published.


(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in the Last Call procedure.

  Yes, there is a downref to RFC 8018 that needs to be called out in the IETF
  Last Call.  After a successful IETF Last Call, please add RFC 8018 to the
  downref registry in the datatracker.

(16) Will publication of this document change the status of any existing RFCs?  Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction?  If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed.  If this information is not in the document, explain why the WG considers it unnecessary.

  It will not.

(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document.  Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly identified.
Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

  The document does not require any work from IANA.

(18) List any new IANA registries that require Expert Review for future allocations.  Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

  No new IANA registries are needed.


(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.
 
  The only formal language in the document is a few lines of ASN.1, which were reviewed by the document shepherd.