| < draft-schaad-smime-algorithm-attribute-02.txt | draft-schaad-smime-algorithm-attribute-03.txt > | |||
|---|---|---|---|---|
| Network Working Group J. Schaad | Network Working Group J. Schaad | |||
| Internet-Draft Soaring Hawk Consulting | Internet-Draft Soaring Hawk Consulting | |||
| Intended status: Standards Track November 22, 2010 | Intended status: Standards Track November 22, 2010 | |||
| Expires: May 26, 2011 | Expires: May 26, 2011 | |||
| Signer Info Algorithm Protection Attribute | Signer Info Algorithm Protection Attribute | |||
| draft-schaad-smime-algorithm-attribute-02 | draft-schaad-smime-algorithm-attribute-03 | |||
| Abstract | Abstract | |||
| A new attribute is defined that allows for protection of the digest | A new attribute is defined that allows for protection of the digest | |||
| and signature algorithm structures in an authenticated data or a | and signature algorithm structures in an authenticated data or a | |||
| signer info structure. Using the attribute includes the algorithm | signer info structure. Using the attribute includes the algorithm | |||
| definition information in the integrity protection process. | definition information in the integrity protection process. | |||
| Status of this Memo | Status of this Memo | |||
| skipping to change at page 2, line 13 ¶ | skipping to change at page 2, line 13 ¶ | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.1. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Attribute Structure . . . . . . . . . . . . . . . . . . . . . 5 | 2. Attribute Structure . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3. Verification Process . . . . . . . . . . . . . . . . . . . . . 7 | 3. Verification Process . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.1. Signed Data Verification Changes . . . . . . . . . . . . . 7 | 3.1. Signed Data Verification Changes . . . . . . . . . . . . . 7 | |||
| 3.2. Authenticated Data Verification Changes . . . . . . . . . 7 | 3.2. Authenticated Data Verification Changes . . . . . . . . . 7 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 5.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 5.2. Informational References . . . . . . . . . . . . . . . . . 9 | 6.1. Normative References . . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 10 | 6.2. Informational References . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 | Appendix A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 11 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 | ||||
| 1. Introduction | 1. Introduction | |||
| In the current definition of [CMS], there are some fields that are | In the current definition of [CMS], there are some fields that are | |||
| not protected in the process of doing either a signature validation | not protected in the process of doing either a signature validation | |||
| or an authentication validation. In this document a new signed or | or an authentication validation. In this document a new signed or | |||
| authenticated attribute is defined which permits these fields to be | authenticated attribute is defined which permits these fields to be | |||
| validated. | validated. | |||
| Taking the SignerInfo structure from CMS, let's look at each of the | Taking the SignerInfo structure from CMS, let's look at each of the | |||
| skipping to change at page 8, line 5 ¶ | skipping to change at page 8, line 5 ¶ | |||
| verification steps MUST be performed: | verification steps MUST be performed: | |||
| 1. The AuthenticatedData.digestAlgorithm field MUST be compared to | 1. The AuthenticatedData.digestAlgorithm field MUST be compared to | |||
| the digestAlgorithm field in the attribute. If the fields are not | the digestAlgorithm field in the attribute. If the fields are not | |||
| same (modulo encoding) then signature validation MUST fail. | same (modulo encoding) then signature validation MUST fail. | |||
| 2. The AuthenticatedData.macAlgorithm field MUST be compared to the | 2. The AuthenticatedData.macAlgorithm field MUST be compared to the | |||
| macAlgorithm field in the attribute. If the fields are not the same | macAlgorithm field in the attribute. If the fields are not the same | |||
| (modulo encoding) then the signature validation MUST fail. | (modulo encoding) then the signature validation MUST fail. | |||
| 4. Security Considerations | 4. IANA Considerations | |||
| There are no IANA considerations. All identifiers are assigned out | ||||
| of the S/MIME OID arc. | ||||
| 5. Security Considerations | ||||
| This document is designed to address the security issue of algorithm | This document is designed to address the security issue of algorithm | |||
| substitutions of the algorithms used by the validator. At this time | substitutions of the algorithms used by the validator. At this time | |||
| there is no known method to exploit this type of attack. If the | there is no known method to exploit this type of attack. If the | |||
| attack could be successful, then either a weaker algorithm could be | attack could be successful, then either a weaker algorithm could be | |||
| substituted for a stronger algorithm or the parameters could be | substituted for a stronger algorithm or the parameters could be | |||
| modified by an attacker to change the behavior of the hashing | modified by an attacker to change the behavior of the hashing | |||
| algorithm used. (One example would be changing the initial parameter | algorithm used. (One example would be changing the initial parameter | |||
| value for [I-D.schaad-smime-hash-experiment].) | value for [I-D.schaad-smime-hash-experiment].) | |||
| The attribute defined in this document is to be placed in a location | The attribute defined in this document is to be placed in a location | |||
| that is protected by the signature or message authentication code. | that is protected by the signature or message authentication code. | |||
| This attribute does not provide any additional security if placed in | This attribute does not provide any additional security if placed in | |||
| an un-signed or un-authenticated location. | an un-signed or un-authenticated location. | |||
| 5. References | 6. References | |||
| 5.1. Normative References | 6.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2634] Hoffman, P., "Enhanced Security Services for S/MIME", | [RFC2634] Hoffman, P., "Enhanced Security Services for S/MIME", | |||
| RFC 2634, June 1999. | RFC 2634, June 1999. | |||
| [RFC5035] Schaad, J., "Enhanced Security Services (ESS) Update: | [RFC5035] Schaad, J., "Enhanced Security Services (ESS) Update: | |||
| Adding CertID Algorithm Agility", RFC 5035, August 2007. | Adding CertID Algorithm Agility", RFC 5035, August 2007. | |||
| [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", | [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", | |||
| RFC 5652, September 2009. | RFC 5652, September 2009. | |||
| [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the | [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the | |||
| Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, | Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, | |||
| June 2010. | June 2010. | |||
| 5.2. Informational References | 6.2. Informational References | |||
| [I-D.schaad-smime-hash-experiment] | [I-D.schaad-smime-hash-experiment] | |||
| Schaad, J., "Experiment: Hash functions with parameters in | Schaad, J., "Experiment: Hash functions with parameters in | |||
| CMS and S/MIME", draft-schaad-smime-hash-experiment-01 | CMS and S/MIME", draft-schaad-smime-hash-experiment-01 | |||
| (work in progress), December 2009. | (work in progress), December 2009. | |||
| Appendix A. ASN.1 Module | Appendix A. ASN.1 Module | |||
| CMSAlgorithmProtectionAttribute | CMSAlgorithmProtectionAttribute | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) | { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) | pkcs(1) pkcs-9(9) smime(16) modules(0) | |||
| id-mod-cms-algorithmProtect(52) } | id-mod-cms-algorithmProtect(52) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| -- Cryptographic Message Syntax (CMS) [RFC5652] | -- Cryptographic Message Syntax (CMS) [CMS] | |||
| DigestAlgorithmIdentifier, MessageAuthenticationCodeAlgorithm, | DigestAlgorithmIdentifier, MessageAuthenticationCodeAlgorithm, | |||
| SignatureAlgorithmIdentifier | SignatureAlgorithmIdentifier | |||
| FROM CryptographicMessageSyntax-2009 | FROM CryptographicMessageSyntax-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) | { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) } | pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) } | |||
| -- Common PKIX structures [RFC5912] | -- Common PKIX structures [RFC5912] | |||
| ATTRIBUTE | ATTRIBUTE | |||
| FROM PKIX-CommonTypes-2009 | FROM PKIX-CommonTypes-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkixCommon-02(57)}; | id-mod-pkixCommon-02(57)}; | |||
| -- | -- | |||
| -- The CMS Algorithm Protection attribute is a Signed Attribute or | -- The CMS Algorithm Protection attribute is a Signed Attribute or | |||
| -- an Authenticated Attribute. | -- an Authenticated Attribute. | |||
| -- | -- | |||
| -- Add this attribute to SignedAttributesSet in [RFC5652] | -- Add this attribute to SignedAttributesSet in [CMS] | |||
| -- Add this attribute to AuthAttriuteSet in [RFC5652] | -- Add this attribute to AuthAttributeSet in [CMS] | |||
| -- | -- | |||
| aa-cmsAlgorithmProtection ATTRIBUTE ::= { | aa-cmsAlgorithmProtection ATTRIBUTE ::= { | |||
| TYPE CMSAlgorithmProtection | TYPE CMSAlgorithmProtection | |||
| IDENTIFIED BY { id-aa-cmsAlgorithmProtect } | IDENTIFIED BY { id-aa-cmsAlgorithmProtect } | |||
| } | } | |||
| id-aa-cmsAlgorithmProtect OBJECT IDENTIFIER ::= { | id-aa-cmsAlgorithmProtect OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | |||
| pkcs9(9) 52 } | pkcs9(9) 52 } | |||
| End of changes. 8 change blocks. | ||||
| 14 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||