Kathleen: Thanks for working to transfer change control to the IETF. Once this happens, the community can work to resolve any shortcomings in the specification in an open and transparent manner.
Once the specification is done, hopefully all of the implementers will quickly incorporate the improvements. Russ On Oct 10, 2013, at 5:27 PM, Moriarty, Kathleen wrote: > Hello, > > I should have a new version of the draft out soon, hopefully before the next > meeting. My working version has incorporated most of the adjustments > requested by the sponsoring AD and the document shepherd. I am just waiting > on some language on transferring change control to ensure this is done > properly. We will get this version transferred and then updates can be made > in a new document to revise as needed. > > It does have a high priority, but we need to do this correctly so that there > are no issues with the transfer. I chose to let it expire rather than > provide an update without the right language in the document for the > transfer, since this would happen soon. > > Thank you, > Kathleen > > From: [email protected] [mailto:[email protected]] On Behalf Of > Phillip Hallam-Baker > Sent: Thursday, October 10, 2013 5:20 PM > To: perpass > Subject: [perpass] PKCS#12 needs fix'n > > Looking at some comments from Peter Guttman from way back he reports having a > large collection of PKCS#12 files with private keys and no password. > > Ooops > > So I am wondering if this might be one of the holes being exploited? It would > be consistent with a lot of what we have heard. > > There seem to be several issues > > 1) Chronic usability issues on Windows re PFX PKCS#12 which leads users to > export without a password > > 2) Weak cipher suites. The strongest seems to be 3DES, I suspect the default > is RC4 which is one of the ciphers I trust least right now. > > > The ciphersuites issue seems to be a real problem. PKCS#12 does not use > standard identifiers so a new one has to be cut each time and because it is a > low priority it tends to lag. It is also unnecessarily captive to the legacy > base. > > There is a draft to update PKCS#12 and to put it under IETF control. I think > it needs to be given a higher priority (the draft has expired BTW). > > It could also do to have some examples. I am finding the draft very opaque > without. > > http://tools.ietf.org/html/draft-moriarty-pkcs12v1-1-01 > > > -- > Website: http://hallambaker.com/ > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
