[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-smime-rcek-01.txt

To: ietf-smime@xxxxxxx
Subject: RE: I-D ACTION:draft-ietf-smime-rcek-01.txt
From: Mike Just <mike.just@xxxxxxxxxxx>
Date: Tue, 13 Feb 2001 17:45:19 -0500
Cc: "'stephen.farrell@xxxxxxxxxxxx'" <stephen.farrell@xxxxxxxxxxxx>, "'turners@xxxxxxxx'" <turners@xxxxxxxx>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

Title: RE: I-D ACTION:draft-ietf-smime-rcek-01.txt

Hi Stephen, Sean,

Possibly another item worth including in the Security Considerations section. Suppose MSG1 is sent to a set S1 of users. In the case where MSG2 is sent to only a subset of users in S1, all users from S1 will still be able to decrypt MSG2 (since MSG2.KEK is computed only from MSG1.CEK). I don't think you intended for your solution to be used for such dynamic recipient sets, but it might be worth explicitly mentioning this unfortunate side-effect of key re-use in any case. (Might be enough to mention that the recipient lists must be the same for each message.)

Mike J.

> -----Original Message-----
> From: Internet-Drafts@xxxxxxxx [mailto:Internet-Drafts@xxxxxxxx]
> Sent: Friday, February 09, 2001 7:27 AM
> Cc: ietf-smime@xxxxxxx
> Subject: I-D ACTION:draft-ietf-smime-rcek-01.txt
>
>
> A New Internet-Draft is available from the on-line
> Internet-Drafts directories.
> This draft is a work item of the S/MIME Mail Security Working
> Group of the IETF.
>
>       Title           : Reuse of CMS Content Encryption Keys
>       Author(s)       : S. Farrell, S. Turner
>       Filename        : draft-ietf-smime-rcek-01.txt
>       Pages           : 7
>       Date            : 08-Feb-01
>
> This note describes a way to include a key identifier in a CMS
> enveloped data structure, so that the content encryption key can be
> re-used for further enveloped data packets.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-smime-rcek-01.txt
>
> Internet-Drafts are also available by anonymous FTP. Login
> with the username
> "anonymous" and a password of your e-mail address. After logging in,
> type "cd internet-drafts" and then
>       "get draft-ietf-smime-rcek-01.txt".
>
> A list of Internet-Drafts directories can be found in
> http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
> Internet-Drafts can also be obtained by e-mail.
>
> Send a message to:
>       mailserv@xxxxxxxxx
> In the body type:
>       "FILE /internet-drafts/draft-ietf-smime-rcek-01.txt".
>
> NOTE: The mail server at ietf.org can return the document in
>       MIME-encoded form by using the "mpack" utility. To use this
>       feature, insert the command "ENCODING mime" before the "FILE"
>       command. To decode the response(s), you will need "munpack" or
>       a MIME-compliant mail reader. Different MIME-compliant
> mail readers
>       exhibit different behavior, especially when dealing with
>       "multipart" MIME messages (i.e. documents which have been split
>       up into multiple messages), so check your local documentation on
>       how to manipulate these messages.
>
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>

Follow-Ups:
- Re: I-D ACTION:draft-ietf-smime-rcek-01.txt
  - From: Stephen Farrell

Prev by Date: S/MIME WG meeting at 50th IETF
Next by Date: Re: I-D ACTION:draft-ietf-smime-rcek-01.txt
Previous by thread: I-D ACTION:draft-ietf-smime-rcek-01.txt
Next by thread: Re: I-D ACTION:draft-ietf-smime-rcek-01.txt
Index(es):
- Date
- Thread