Hi, Alexey,
Just a follow-up note - I'm good with the proposed text as you describe it
("Gen-ART reviewer is happy").
I'm still somewhat confused about "unpredictable" mailbox access keys, but I
better understand your point ("128 bits of entropy" is the important part).
Thanks for working with me on this one.
since I don't worry about threat models for a living, and with the current
IESG your document is being reviewed by two SEC ADs, one retired SEC AD, AND
SEC-DIR, I'll leave "unpredictable" for the professionals... if they are OK,
I'll be more than OK.
Thanks,
Spencer
6.1.1.2. Mailbox Access Key
The mailbox access key is a random string with at least 128 bits of
entropy. It is generated by software (not by the human user), and
MUST be unpredictable.
Spencer: is "MUST be unpredictable" sufficiently defined? And I'm not
sure this is a 2119 MUST - it would be a bad idea to generate keys by
adding one to the previous key,
It is a MUST on server implementations due to a security consideration.
Ah, perfect. Then the text could be something like
Servers MUST generate the mailbox access key cryptographically,
with at least 128 bits of entropy.
I think "cryptographically" is not important. A monkey that can produce
128 bits of entropy by throwing bananas will work too :-).
I think the important part is "unpredictable".
Either way, neither "cryptographically" nor "unpredictable" is externally
observable.
Are you Ok with leaving these 2 sentences as is? (They are exactly the
same as in RFC 4467.)
_______________________________________________
Gen-art mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/gen-art
