< draft-ietf-curdle-cms-ecdh-new-curves-06.txt		draft-ietf-curdle-cms-ecdh-new-curves-07.txt >
	Internet-Draft R. Housley		Internet-Draft R. Housley
	Intended status: Standards Track Vigil Security		Intended status: Standards Track Vigil Security
	Expires: 10 November 2017 10 May 2017		Expires: 11 November 2017 11 May 2017
	Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm		Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm
	with X25519 and X448 in the Cryptographic Message Syntax (CMS)		with X25519 and X448 in the Cryptographic Message Syntax (CMS)
	<draft-ietf-curdle-cms-ecdh-new-curves-06.txt>		<draft-ietf-curdle-cms-ecdh-new-curves-07.txt>
	Abstract		Abstract
	This document describes the conventions for using Elliptic Curve		This document describes the conventions for using Elliptic Curve
	Diffie-Hellman (ECDH) key agreement algorithm using curve25519 and		Diffie-Hellman (ECDH) key agreement algorithm using curve25519 and
	curve448 in the Cryptographic Message Syntax (CMS).		curve448 in the Cryptographic Message Syntax (CMS).
	Status of This Memo		Status of This Memo
	This Internet-Draft is submitted in full conformance with the		This Internet-Draft is submitted in full conformance with the
	skipping to change at page 1, line 33 ¶		skipping to change at page 1, line 33 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on 10 November 2017.		This Internet-Draft will expire on 11 November 2017.
	Copyright Notice		Copyright Notice
	Copyright (c) 2017 IETF Trust and the persons identified as the		Copyright (c) 2017 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 6 ¶		skipping to change at page 3, line 6 ¶
	X448 [CURVES].		X448 [CURVES].
	The originator MUST use an ephemeral public/private key pair that is		The originator MUST use an ephemeral public/private key pair that is
	generated on the same elliptic curve as the public key of the		generated on the same elliptic curve as the public key of the
	recipient. The ephemeral key pair MUST be used for a single CMS		recipient. The ephemeral key pair MUST be used for a single CMS
	protected content type, and then it MUST be discarded. The		protected content type, and then it MUST be discarded. The
	originator obtains the recipient's static public key from the		originator obtains the recipient's static public key from the
	recipient's certificate [PROFILE].		recipient's certificate [PROFILE].
	X25519 is described in Section 6.1 of [CURVES], and X448 is described		X25519 is described in Section 6.1 of [CURVES], and X448 is described
	in Section 6.2 of [CURVES]. As described in Section 7 of [CURVES],		in Section 6.2 of [CURVES]. Conforming implementations MUST check
	curve25519 and curve448 have cofactors of 8 and 4, respectively, and		whether the computed Diffie-Hellman shared secret is the all-zero
	so an input point of small order will eliminate any contribution from		value, and abort if so, as described in Section 6 of [CURVES]. If an
	the other party's private key. Conforming implementations MUST check		alternative implementation of these elliptic curves to that
	for the all-zero output to prevent this situation.		documented in Section 6 of [CURVES] is employed, then the additional
			checks specified in Section 7 of [CURVES] SHOULD be performed.
	In [CURVES], the shared secret value that is produced by ECDH is		In [CURVES], the shared secret value that is produced by ECDH is
	called K. (In some other specifications, the shared secret value is		called K. (In some other specifications, the shared secret value is
	called Z.) A key derivation function (KDF) is used to produce a		called Z.) A key derivation function (KDF) is used to produce a
	pairwise key-encryption key (KEK) from the shared secret value (K),		pairwise key-encryption key (KEK) from the shared secret value (K),
	the length of the key-encryption key, and the DER-encoded ECC-CMS-		the length of the key-encryption key, and the DER-encoded ECC-CMS-
	SharedInfo structure [CMSECC].		SharedInfo structure [CMSECC].
	The ECC-CMS-SharedInfo definition from [CMSECC] is repeated here for		The ECC-CMS-SharedInfo definition from [CMSECC] is repeated here for
	convenience.		convenience.
End of changes. 4 change blocks.
	8 lines changed or deleted		9 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/