| < draft-housley-ct-keypackage-receipt-n-error-04.txt | draft-housley-ct-keypackage-receipt-n-error-05.txt > | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) Russ Housley | Internet Engineering Task Force (IETF) R. Housley | |||
| Internet-Draft Vigil Security | Internet-Draft Vigil Security | |||
| Intended Status: Standards Track 22 June 2013 | Intended Status: Standards Track 4 October 2013 | |||
| Expires: 22 December 2013 | Expires: 4 April 2014 | |||
| Cryptographic Message Syntax (CMS) | Cryptographic Message Syntax (CMS) | |||
| Key Package Receipt and Error Content Types | Key Package Receipt and Error Content Types | |||
| draft-housley-ct-keypackage-receipt-n-error-04.txt | draft-housley-ct-keypackage-receipt-n-error-05.txt | |||
| Abstract | Abstract | |||
| This document defines the syntax for two Cryptographic Message Syntax | This document defines the syntax for two Cryptographic Message Syntax | |||
| (CMS) content types, one for key package receipts, and another for | (CMS) content types, one for key package receipts, and another for | |||
| key package errors. The key package receipt content type is used to | key package errors. The key package receipt content type is used to | |||
| confirm receipt of an identified key package or collection of key | confirm receipt of an identified key package or collection of key | |||
| packages. The key package error content type is used to indicate an | packages. The key package error content type is used to indicate an | |||
| error occurred during the processing of a key package. CMS can be | error occurred during the processing of a key package. CMS can be | |||
| used to digitally sign, digest, authenticate, or encrypt these | used to digitally sign, digest, authenticate, or encrypt these | |||
| skipping to change at page 2, line 20 ¶ | skipping to change at page 2, line 20 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Requirements Terminology . . . . . . . . . . . . . . . . . 2 | 1.1. Requirements Terminology . . . . . . . . . . . . . . . . . 2 | |||
| 1.2. ASN.1 Syntax Notation . . . . . . . . . . . . . . . . . . . 3 | 1.2. ASN.1 Syntax Notation . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.3. Processing Key Package Receipt Requests . . . . . . . . . . 3 | 1.3. Processing Key Package Receipt Requests . . . . . . . . . . 3 | |||
| 1.4. Processing Key Packages with Errors . . . . . . . . . . . . 3 | 1.4. Processing Key Packages with Errors . . . . . . . . . . . . 3 | |||
| 2. SIR Entity Name . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. SIR Entity Name . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Key Package Identifier and Receipt Request Attribute . . . . . 4 | 3. Key Package Identifier and Receipt Request Attribute . . . . . 4 | |||
| 4. Key Package Receipt CMS Content Type . . . . . . . . . . . . . 6 | 4. Key Package Receipt CMS Content Type . . . . . . . . . . . . . 6 | |||
| 5. Key Package Error CMS Content Type . . . . . . . . . . . . . . 8 | 5. Key Package Error CMS Content Type . . . . . . . . . . . . . . 8 | |||
| 6. Protecting the KeyPackageReceipt and KeyPackageError . . . . . 18 | 6. Protecting the KeyPackageReceipt and KeyPackageError . . . . . 16 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18 | 7. Using the application/cms media type . . . . . . . . . . . . . 17 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 18 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 17 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . . 19 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . . 20 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 17 | |||
| Appendix A: ASN.1 Module . . . . . . . . . . . . . . . . . . . . . 21 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 19 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25 | Appendix A: ASN.1 Module . . . . . . . . . . . . . . . . . . . . . 19 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 24 | ||||
| 1. Introduction | 1. Introduction | |||
| This document defines the syntax for two Cryptographic Message Syntax | This document defines the syntax for two Cryptographic Message Syntax | |||
| (CMS) [RFC5652] content types, one for key package receipts, and | (CMS) [RFC5652] content types, one for key package receipts, and | |||
| another for key package errors. The key package receipt content type | another for key package errors. The key package receipt content type | |||
| is used to confirm receipt of an identified key package or collection | is used to confirm receipt of an identified key package or collection | |||
| of key packages. The key package error content type is used to | of key packages. The key package error content type is used to | |||
| indicate an error occurred during the processing of a key package. | indicate an error occurred during the processing of a key package. | |||
| CMS can be used to digitally sign, digest, authenticate, or encrypt | CMS can be used to digitally sign, digest, authenticate, or encrypt | |||
| skipping to change at page 17, line 15 ¶ | skipping to change at page 17, line 23 ¶ | |||
| o AuthenticatedData can be used to integrity protect the content | o AuthenticatedData can be used to integrity protect the content | |||
| type with message authentication algorithms that support | type with message authentication algorithms that support | |||
| authenticated encryption, where key management information is | authenticated encryption, where key management information is | |||
| handled in a manner similar to EnvelopedData. | handled in a manner similar to EnvelopedData. | |||
| o AuthEnvelopedData can be used to protect the content types with | o AuthEnvelopedData can be used to protect the content types with | |||
| algorithms that support authenticated encryption, where key | algorithms that support authenticated encryption, where key | |||
| management information is handled in a manner similar to | management information is handled in a manner similar to | |||
| EnvelopedData. | EnvelopedData. | |||
| 7. Security Considerations | 7. Using the application/cms media type | |||
| The media type and parameters for carrying a key package receipt or a | ||||
| key package error content type are specified in [MEDIA]. | ||||
| 8. Security Considerations | ||||
| The key package receipt and key package error contents are not | The key package receipt and key package error contents are not | |||
| necessarily protected. These content types can be combined with a | necessarily protected. These content types can be combined with a | |||
| security protocol to protect the contents of the package. | security protocol to protect the contents of the package. | |||
| In some situations, returning very detailed error information can | In some situations, returning very detailed error information can | |||
| provide an attacker with insight into the security processing. Where | provide an attacker with insight into the security processing. Where | |||
| this is a concern, the implementation should return the most generic | this is a concern, the implementation should return the most generic | |||
| error code that is appropriate. However, detailed error codes are | error code that is appropriate. However, detailed error codes are | |||
| very helpful during development, debugging, and interoperability | very helpful during development, debugging, and interoperability | |||
| testing. For this reason, implementations may want to have a way to | testing. For this reason, implementations may want to have a way to | |||
| configure the use of a generic error code or a detailed one. | configure the use of a generic error code or a detailed one. | |||
| 8. IANA Considerations | 9. IANA Considerations | |||
| None. | None. | |||
| {RFC Editor: Please remove this section before publication.} | {RFC Editor: Please remove this section before publication.} | |||
| 9. Acknowledgements | 10. Acknowledgements | |||
| Many thanks to Sean Turner and Jim Schaad for their insightful | Many thanks to Sean Turner, Jim Schaad, and Carl Wallace for their | |||
| review. | insightful review. | |||
| 10. References | 11. References | |||
| 10.1. Normative References | 11.1. Normative References | |||
| [MEDIA] Turner, S., R. Housley, and J. Schaad, "The | ||||
| application/cms media type", Work in progress, September | ||||
| 2013. draft-turner-application-cms-media-type-07. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", | [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", | |||
| RFC 2634, June 1999. | RFC 2634, June 1999. | |||
| [RFC4073] Housley, R., "Protecting Multiple Contents with the | [RFC4073] Housley, R., "Protecting Multiple Contents with the | |||
| Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. | Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. | |||
| skipping to change at page 18, line 36 ¶ | skipping to change at page 19, line 5 ¶ | |||
| 2010. | 2010. | |||
| [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax | [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax | |||
| (CMS) Symmetric Key Package Content Type", RFC 6031, | (CMS) Symmetric Key Package Content Type", RFC 6031, | |||
| December 2010. | December 2010. | |||
| [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax | [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax | |||
| (CMS) Encrypted Key Package Content Type", RFC 6032, | (CMS) Encrypted Key Package Content Type", RFC 6032, | |||
| December 2010. | December 2010. | |||
| [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules | ||||
| for the Cryptographic Message Syntax (CMS) and the Public | ||||
| Key Infrastructure Using X.509 (PKIX)", RFC 6268, July | ||||
| 2011. | ||||
| [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002. | [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002. | |||
| Information Technology - Abstract Syntax Notation One. | Information Technology - Abstract Syntax Notation One. | |||
| [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002. | [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002. | |||
| Information Technology - Abstract Syntax Notation One: | Information Technology - Abstract Syntax Notation One: | |||
| Information Object Specification. | Information Object Specification. | |||
| [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002. | [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002. | |||
| Information Technology - Abstract Syntax Notation One: | Information Technology - Abstract Syntax Notation One: | |||
| Constraint Specification. | Constraint Specification. | |||
| skipping to change at page 19, line 11 ¶ | skipping to change at page 19, line 31 ¶ | |||
| [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002. | [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002. | |||
| Information Technology - Abstract Syntax Notation One: | Information Technology - Abstract Syntax Notation One: | |||
| Parameterization of ASN.1 Specifications. | Parameterization of ASN.1 Specifications. | |||
| [X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825- 1:2002. | [X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825- 1:2002. | |||
| Information Technology - ASN.1 encoding rules: | Information Technology - ASN.1 encoding rules: | |||
| Specification of Basic Encoding Rules (BER), Canonical | Specification of Basic Encoding Rules (BER), Canonical | |||
| Encoding Rules (CER) and Distinguished Encoding Rules | Encoding Rules (CER) and Distinguished Encoding Rules | |||
| (DER). | (DER). | |||
| 10.2. Informative References | 11.2. Informative References | |||
| [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) | [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) | |||
| Authenticated-Enveloped-Data Content Type", RFC 5083, | Authenticated-Enveloped-Data Content Type", RFC 5083, | |||
| November 2007. | November 2007. | |||
| [RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor | [RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor | |||
| Management Protocol (TAMP)", RFC 5934, August 2010. | Management Protocol (TAMP)", RFC 5934, August 2010. | |||
| Appendix A: ASN.1 Module | Appendix A: ASN.1 Module | |||
| End of changes. 12 change blocks. | ||||
| 21 lines changed or deleted | 36 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||