| < draft-turner-additional-smimecaps-01.txt | draft-turner-additional-smimecaps-02.txt > | |||
|---|---|---|---|---|
| NETWORK WG Sean Turner | NETWORK WG Sean Turner | |||
| Internet Draft IECA | Internet Draft IECA | |||
| Intended Status: Informational May 26, 2009 | Intended Status: Informational December 3, 2009 | |||
| Updates: 3370, 3560, 3565, 3657, 4010, | Expires: June 3, 2010 | |||
| 4231, 5084, TBD5 (Once approved) | ||||
| Expires: November 26, 2009 | ||||
| Additional S/MIME Capabilities | Additional S/MIME Capabilities | |||
| draft-turner-additional-smimecaps-01.txt | draft-turner-additional-smimecaps-02.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 33 ¶ | skipping to change at page 1, line 31 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on November 26, 2009. | This Internet-Draft will expire on June 3, 2008. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 29 ¶ | skipping to change at page 2, line 29 ¶ | |||
| algorithm's parameter values. RFCs that define how an algorithm is | algorithm's parameter values. RFCs that define how an algorithm is | |||
| used with CMS also define the algorithm's parameter values, e.g., | used with CMS also define the algorithm's parameter values, e.g., | |||
| [RFC3370]. Additionally, these RFCs should define the | [RFC3370]. Additionally, these RFCs should define the | |||
| SMIMECapabilities attribute values; however, some have failed to do | SMIMECapabilities attribute values; however, some have failed to do | |||
| so and some have failed to do so correctly. Now, the situation may | so and some have failed to do so correctly. Now, the situation may | |||
| exist where implementations emit SMIMECapabilities attribute values | exist where implementations emit SMIMECapabilities attribute values | |||
| that are the same as algorithm's parameters when used in CMS instead | that are the same as algorithm's parameters when used in CMS instead | |||
| of following the SMIMECapablities requirements from [RFCTBD1]: in | of following the SMIMECapablities requirements from [RFCTBD1]: in | |||
| "the event that there are no differentiating parameters for a | "the event that there are no differentiating parameters for a | |||
| particular OID, the parameters MUST be omitted, and MUST NOT be | particular OID, the parameters MUST be omitted, and MUST NOT be | |||
| encoded as NULL." For example, many algorithms' parameter values for | encoded as NULL." For example, ECDSA with SHA-1 from [RFCTBD3] | |||
| use with CMS are NULL and according to [RFCTBD1] their parameters | includes NULL parameters when they should have been omitted. | |||
| should have been omitted but are instead included: ECDSA with SHA-1 | ||||
| from [RFCTBD3]. | //RFC EDITOR: Replace TBD3 with the # assigned to draft-ietf-smime- | |||
| 3278bis-07.txt. | ||||
| This document lists values for the S/MIME Capabilities Attribute. | This document lists values for the S/MIME Capabilities Attribute. | |||
| The attribute itself is defined in [RFCTBD1], but the values for each | The attribute itself is defined in [RFCTBD1], but the values for each | |||
| are defined in separate algorithm documents and in some cases not at | are defined in separate algorithm documents and in some cases not at | |||
| all. Capability values can be included in S/MIME messages as an | all. Capability values can be included in S/MIME messages as an | |||
| attribute and in public key certificates as an extension [RFC4262]. | attribute and in public key certificates as an extension [RFC4262]. | |||
| //RFC EDITOR: Replace TBD1 with the # assigned to draft-ietf-smime- | ||||
| 3851bis-09.txt. | ||||
| The majority of the values in this document are defined in other | The majority of the values in this document are defined in other | |||
| documents, and this document references those documents. Values are | documents, and this document references those documents before the | |||
| encoded using the Distinguished Encoding Rule (DER) [X.690] and are a | SMIME Capability. Values are encoded using the Distinguished | |||
| sequence of algorithm object identifier plus any parameters. The | Encoding Rule (DER) [X.690] and are a sequence of algorithm object | |||
| values provided in this document are values for one algorithm | identifier plus any parameters. The values provided in this document | |||
| parameter pair. The syntax for the attribute is as follows and is | are values for one algorithm parameter pair. The syntax for the | |||
| included for convenience: | attribute is as follows and is included for convenience: | |||
| SMIMECapabilities ::= SEQUENCE OF SMIMECapability | SMIMECapabilities ::= SEQUENCE OF SMIMECapability | |||
| SMIMECapability ::= SEQUENCE { | SMIMECapability ::= SEQUENCE { | |||
| capabilityID OBJECT IDENTIFIER, | capabilityID OBJECT IDENTIFIER, | |||
| parameters ANY DEFINED BY capabilityID OPTIONAL } | parameters ANY DEFINED BY capabilityID OPTIONAL } | |||
| As specified in [RFCTBD1]: "the object identifiers (OIDs) are listed | As specified in [RFCTBD1]: "the object identifiers (OIDs) are listed | |||
| in order of their preference, but SHOULD be separated logically along | in order of their preference, but SHOULD be separated logically along | |||
| the lines of their categories (signature algorithms, symmetric | the lines of their categories (signature algorithms, symmetric | |||
| algorithms, key encipherment algorithms, etc.)" As the "structure of | algorithms, key encipherment algorithms, etc.)" As the "structure of | |||
| skipping to change at page 3, line 31 ¶ | skipping to change at page 3, line 31 ¶ | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. Message Digest Algorithms | 2. Message Digest Algorithms | |||
| [RFC3370] and [RFCTBD2] define the following message digest | [RFC3370] and [RFCTBD2] define the following message digest | |||
| algorithms for use with CMS: | algorithms for use with CMS: | |||
| NOTE: Though [RFC3370] requires NULL parameters for MD5, parameters | ||||
| MUST NOT be included as per [RFCTBD1] because there is no | ||||
| differentiating parameters for MD5 (e.g., output length). | ||||
| NOTE: MD5 does not include NULL parameters (05 00 at the end). This | ||||
| ought to be verified against existing implementations, which will | ||||
| help us figure out whether we should include the NULL. | ||||
| MD5: 300a 0608 2a86 4886 f70d 0205 | MD5: 300a 0608 2a86 4886 f70d 0205 | |||
| NOTE: Though [RFC3370] allows NULL parameters for SHA-1, SHA-224, | NOTE: Though [RFC3370] allows NULL parameters for SHA-1, SHA-224, | |||
| SHA-256, SHA-384, SHA-512, parameters MUST NOT be included as per | SHA-256, SHA-384, SHA-512, parameters MUST NOT be included as per | |||
| [RFCTBD1] because there is no differentiating parameters for SHA-1 | [RFCTBD1] because there is no differentiating parameters for SHA-1 | |||
| (e.g., output length). | (e.g., output length). | |||
| NOTE: SHA-1 does not include NULL parameters (05 00 at the end). This | ||||
| ought to be verified against existing implementations, which will | ||||
| help us figure out whether we should include the NULL. | ||||
| SHA-1: 3007 0605 290e 0302 1a | SHA-1: 3007 0605 290e 0302 1a | |||
| [RFCTBD2] SHA-224: 300b 0609 6086 4801 6503 0402 04 | [RFCTBD2] SHA-224: 300b 0609 6086 4801 6503 0402 04 | |||
| [RFCTBD2] SHA-256: 300b 0609 6086 4801 6503 0402 01 | [RFCTBD2] SHA-256: 300b 0609 6086 4801 6503 0402 01 | |||
| [RFCTBD2] SHA-384: 300b 0609 6086 4801 6503 0402 02 | [RFCTBD2] SHA-384: 300b 0609 6086 4801 6503 0402 02 | |||
| [RFCTBD2] SHA-512: 300b 0609 6086 4801 6503 0402 03 | [RFCTBD2] SHA-512: 300b 0609 6086 4801 6503 0402 03 | |||
| 3. Digital Signature Algorithms | 3. Digital Signature Algorithms | |||
| [RFC3370], [RFC4056], [RFCTBD2], and [RFCTBD3] define the following | [RFC3370], [RFC4056], [RFCTBD2], and [RFCTBD3] define the following | |||
| digital signature algorithms for use with CMS: | digital signature algorithms for use with CMS: | |||
| NOTE: Though [RFC3370] and [RFCTBD2] require NULL parameters for RSA | ||||
| algorithms, parameters MUST NOT be included as per [RFCTBD1] because | ||||
| there is no differentiating parameters for RSA with * (e.g., output | ||||
| length). | ||||
| NOTE: These RSA algs do not include NULL parameters (05 00 at the | ||||
| end). These ought to be verified against existing implementations, | ||||
| which will help us figure out whether we should include the NULL. | ||||
| RSA Encryption: 3009 0608 2a86 4886 f70d 0101 01 | RSA Encryption: 3009 0608 2a86 4886 f70d 0101 01 | |||
| RSA With MD5: 3009 0608 2a86 4886 f70d 0101 04 | RSA With MD5: 3009 0608 2a86 4886 f70d 0101 04 | |||
| RSA With SHA-1: 3009 0608 2a86 4886 f70d 0101 05 | RSA With SHA-1: 3009 0608 2a86 4886 f70d 0101 05 | |||
| RSA With SHA-224: 3009 0608 2a86 4886 f70d 0101 0e | RSA With SHA-224: 3009 0608 2a86 4886 f70d 0101 0e | |||
| RSA With SHA-256: 3009 0608 2a86 4886 f70d 0101 0b | RSA With SHA-256: 3009 0608 2a86 4886 f70d 0101 0b | |||
| skipping to change at page 4, line 49 ¶ | skipping to change at page 4, line 32 ¶ | |||
| RSA With SHA-512: 3009 0608 2a86 4886 f70d 0101 0d | RSA With SHA-512: 3009 0608 2a86 4886 f70d 0101 0d | |||
| RSASSA-PSS: Add values here. | RSASSA-PSS: Add values here. | |||
| DSA With SHA-1: 3009 0607 2a86 48ce 3804 03 | DSA With SHA-1: 3009 0607 2a86 48ce 3804 03 | |||
| [RFCTBD2] DSA With SHA-224: 300b 0609 6086 4801 6503 0403 01 | [RFCTBD2] DSA With SHA-224: 300b 0609 6086 4801 6503 0403 01 | |||
| [RFCTBD2] DSA With SHA-256: 300b 0609 6086 4801 6503 0403 02 | [RFCTBD2] DSA With SHA-256: 300b 0609 6086 4801 6503 0403 02 | |||
| NOTE: Though [RFCTBD3] allows NULL parameters for ECDSA with SHA-1, | ||||
| parameters MUST NOT be included as per [RFCTBD1] because there are no | ||||
| differentiating parameters for ECDSA with SHA-1 (e.g., output | ||||
| length). | ||||
| NOTE: [RFCTBD3] shows the ECDSA with SHA-1 with NULL parameter | NOTE: [RFCTBD3] shows the ECDSA with SHA-1 with NULL parameter | |||
| values, but the NULL parameters should not have been included | values, but the NULL parameters should not have been included | |||
| according to [RFCTBD1]. This should be checked against existing | according to [RFCTBD1]. The NULL is retained for backwards | |||
| implementations, which will help us determine whether we should we | compatibility. | |||
| include the NULL. | ||||
| [RFCTBD3] ECDSA With SHA-1: 300b 0607 2a86 48ce 3d04 01 05 00 | [RFCTBD3] ECDSA With SHA-1: 300b 0607 2a86 48ce 3d04 01 05 00 | |||
| [RFCTBD3] ECDSA With SHA-224: 300a 0608 2a86 48ce 3d04 0301 | [RFCTBD3] ECDSA With SHA-224: 300a 0608 2a86 48ce 3d04 0301 | |||
| [RFCTBD3] ECDSA With SHA-256: 300a 0608 2a86 48ce 3d04 0302 | [RFCTBD3] ECDSA With SHA-256: 300a 0608 2a86 48ce 3d04 0302 | |||
| [RFCTBD3] ECDSA With SHA-384: 300a 0608 2a86 48ce 3d04 0303 | [RFCTBD3] ECDSA With SHA-384: 300a 0608 2a86 48ce 3d04 0303 | |||
| [RFCTBD3] ECDSA With SHA-512: 300a 0608 2a86 48ce 3d04 0304 | [RFCTBD3] ECDSA With SHA-512: 300a 0608 2a86 48ce 3d04 0304 | |||
| 4. Key Transport Algorithms | 4. Key Transport Algorithms | |||
| [RFC3370], [RFC3560], [RFCTBD4] define the following key transport | [RFC3370], [RFC3560], [RFCTBD4] define the following key transport | |||
| algorithms for use with CMS: | algorithms for use with CMS: | |||
| RSA Encryption: 300d 0608 2a86 4886 f70d 0101 0105 00 | RSA Encryption: 300d 0608 2a86 4886 f70d 0101 01 | |||
| [RFC3560] RSAES-OAEP Default: 300D 0609 2a86 4886 f70d 0101 0730 00 | [RFC3560] RSAES-OAEP Default: 300D 0609 2a86 4886 f70d 0101 0730 00 | |||
| NOTE: [RFCTBD3] shows the RSAES-OAEP with SHA-256, 384, and 512 with | NOTE: [RFC3560] shows the RSAES-OAEP with SHA-224, SHA-256, 384, and | |||
| NULL parameter values for the SHA algs, but the NULL parameters | 512 with NULL parameter values for the SHA algorithms, but the NULL | |||
| should not have been included according to [RFCTBD1]. This should be | parameters should not have been included according to [RFCTBD1]. | |||
| checked against existing implementations, which will help us | ||||
| determine whether we should we include the NULL. | ||||
| [RFC3560] RSAES-OAEP SHA-224: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | [RFC3560] RSAES-OAEP SHA-224: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | |||
| 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d | 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d | |||
| 0101 0830 0d06 0960 8648 0165 0304 0204 0500 | 0101 0830 0d06 0960 8648 0165 0304 0204 0500 | |||
| [RFC3560] RSAES-OAEP SHA-256: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | [RFC3560] RSAES-OAEP SHA-256: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | |||
| 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d | 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d | |||
| 0101 0830 0d06 0960 8648 0165 0304 0201 0500 | 0101 0830 0d06 0960 8648 0165 0304 0201 0500 | |||
| [RFC3560] RSAES-OAEP SHA-384: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | [RFC3560] RSAES-OAEP SHA-384: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | |||
| 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d | 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d | |||
| 0101 0830 0d06 0960 8648 0165 0304 0202 0500 | 0101 0830 0d06 0960 8648 0165 0304 0202 0500 | |||
| [RFC3560] RSAES-OAEP SHA-512: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | [RFC3560] RSAES-OAEP SHA-512: 3038 0609 2a86 4886 f70d 0101 0730 2b30 | |||
| 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d | 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d | |||
| 0101 0830 0d06 0960 8648 0165 0304 0203 0500 | 0101 0830 0d06 0960 8648 0165 0304 0203 0500 | |||
| Editor's note: Add RSA-KEM. | [RFCTBD4] RSA-KEM: | |||
| 5. Key Agreement Algorithms | 5. Key Agreement Algorithms | |||
| [RFC2876], [RFC3370], and [RFCTBD3] define the following key | [RFC2876], [RFC3370], and [RFCTBD3] define the following key | |||
| agreement algorithms for use with CMS: | agreement algorithms for use with CMS: | |||
| NOTE: The parameters for key agreement algorithms are the key wrap | NOTE: The parameters for key agreement algorithms are the key wrap | |||
| algorithm (see Section 6). | algorithm (see Section 6). | |||
| [RFC2876] KEA: 3018 0609 6086 4801 6502 0101 1830 0b06 0960 8648 | [RFC2876] KEA: 3018 0609 6086 4801 6502 0101 1830 0b06 0960 8648 | |||
| 0165 0201 0117 | 0165 0201 0117 | |||
| NOTE: According to [RFCTBD1], the NULL (05 00) parameters are not | ||||
| needed with the DH SS with 3 DES wrap because there is no need to | ||||
| differentiate between algs (i.e., no difference in output lengths). | ||||
| This should be checked against existing implementations, which will | ||||
| help us determine whether we should we include the NULL. | ||||
| KA=DH S-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0a30 | KA=DH S-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0a30 | |||
| 0d06 0d2a 8648 86f7 0d01 0910 0306 | 0d06 0d2a 8648 86f7 0d01 0910 0306 | |||
| KA=DH S-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 | KA=DH S-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 | |||
| 0a30 1106 0d2a 8648 86f7 0d01 0910 0306 0202 00a0 | 0a30 1106 0d2a 8648 86f7 0d01 0910 0306 0202 00a0 | |||
| KA=DH S-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 | KA=DH S-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 | |||
| 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 78 | 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 78 | |||
| KA=DH S-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 | KA=DH S-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 | |||
| 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 3a | 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 3a | |||
| NOTE: According to [RFCTBD1], the NULL (05 00) parameters are not | ||||
| needed with the DH ES with 3 DES wrap because there is no need to | ||||
| differentiate between algs (i.e., no difference in output lengths). | ||||
| This should be checked against existing implementations, which will | ||||
| help us determine whether we should we include the NULL. | ||||
| KA=DH E-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0530 | KA=DH E-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0530 | |||
| 0d06 0d2a 8648 86f7 0d01 0910 0306 | 0d06 0d2a 8648 86f7 0d01 0910 0306 | |||
| KA=DH E-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 | KA=DH E-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 | |||
| 0530 1106 0d2a 8648 86f7 0d01 0910 030a 0202 00a0 | 0530 1106 0d2a 8648 86f7 0d01 0910 030a 0202 00a0 | |||
| KA=DH E-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 | KA=DH E-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 | |||
| 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 78 | 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 78 | |||
| KA=DH E-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 | KA=DH E-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 | |||
| 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 3a | 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 3a | |||
| NOTE: [RFCTBD3] shows the ECDH with SHA-1|3 DES wrap capabilities | NOTE: [RFCTBD3] shows the ECDH with SHA-1|3 DES wrap capabilities | |||
| with NULL parameter values, but the NULL parameters should not have | with NULL parameter values, but the NULL parameters should not have | |||
| been included according to [RFCTBD1]. This should be checked against | been included according to [RFCTBD1]. The NULL is retained for | |||
| existing implementations, which will help us determine whether we | backwards compatibility. | |||
| should we include the NULL. | ||||
| [RFCTBD3] KA=ECDH standard KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 | [RFCTBD3] KA=ECDH standard KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 | |||
| 0510 8648 3f00 0230 0f06 0b2a 8648 86f7 0d01 0910 0306 | 0510 8648 3f00 0230 0f06 0b2a 8648 86f7 0d01 0910 0306 | |||
| 0500 | 0500 | |||
| [RFCTBD3] KA=ECDH standard KDF=SHA-224 Wrap=Triple-DES: 3017 0606 | [RFCTBD3] KA=ECDH standard KDF=SHA-224 Wrap=Triple-DES: 3017 0606 | |||
| 2b81 0401 0b00 300e 060b 2a86 4886 f70d 0109 1003 06 | 2b81 0401 0b00 300e 060b 2a86 4886 f70d 0109 1003 06 | |||
| [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=Triple-DES: 3017 0606 | [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=Triple-DES: 3017 0606 | |||
| 2b81 0401 0b01 300e 060b 2a86 4886 f70d 0109 1003 06 | 2b81 0401 0b01 300e 060b 2a86 4886 f70d 0109 1003 06 | |||
| skipping to change at page 8, line 32 ¶ | skipping to change at page 7, line 38 ¶ | |||
| [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0b01 300b 0609 6086 4801 6503 0401 2d | 0401 0b01 300b 0609 6086 4801 6503 0401 2d | |||
| [RFCTBD3] KA=ECDH standard KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECDH standard KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0b02 300b 0609 6086 4801 6503 0401 2d | 0401 0b02 300b 0609 6086 4801 6503 0401 2d | |||
| [RFCTBD3] KA=ECDH standard KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECDH standard KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0B03 300b 0609 6086 4801 6503 0401 2d | 0401 0B03 300b 0609 6086 4801 6503 0401 2d | |||
| NOTE: [RFCTBD3] shows the ECMQV with SHA-1|3 DES wrap capabilities | NOTE: [RFCTBD3] shows the ECMQV with SHA-1 and 3 DES wrap | |||
| with NULL parameter values, but the NULL parameters should not have | capabilities with NULL parameter values, but the NULL parameters | |||
| been included according to [RFCTBD1]. This should be checked against | should not have been included according to [RFCTBD1]. The NULL is | |||
| existing implementations, which will help us determine whether we | retained for backwards compatibility. | |||
| should we include the NULL. | ||||
| [RFCTBD3] KA=ECDH cofactor KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 | [RFCTBD3] KA=ECDH cofactor KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 | |||
| 0510 8648 3f00 0330 0f06 0b2a 8648 86f7 0d01 0910 0306 | 0510 8648 3f00 0330 0f06 0b2a 8648 86f7 0d01 0910 0306 | |||
| 0500 | 0500 | |||
| [RFCTBD3] KA=ECDH cofactor KDF=SHA-224 Wrap=Triple-DES: 3017 0606 | [RFCTBD3] KA=ECDH cofactor KDF=SHA-224 Wrap=Triple-DES: 3017 0606 | |||
| 2b81 0401 0e00 300d 060b 2a86 4886 f70d 0109 1003 06 | 2b81 0401 0e00 300d 060b 2a86 4886 f70d 0109 1003 06 | |||
| [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=Triple-DES: 3017 0606 | [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=Triple-DES: 3017 0606 | |||
| 2b81 0401 0e01 300d 060b 2a86 4886 f70d 0109 1003 06 | 2b81 0401 0e01 300d 060b 2a86 4886 f70d 0109 1003 06 | |||
| skipping to change at page 10, line 5 ¶ | skipping to change at page 9, line 8 ¶ | |||
| [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0e01 300b 0609 6086 4801 6503 0401 2d | 0401 0e01 300b 0609 6086 4801 6503 0401 2d | |||
| [RFCTBD3] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0e02 300b 0609 6086 4801 6503 0401 2d | 0401 0e02 300b 0609 6086 4801 6503 0401 2d | |||
| [RFCTBD3] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0e03 300b 0609 6086 4801 6503 0401 2d | 0401 0e03 300b 0609 6086 4801 6503 0401 2d | |||
| NOTE: [RFCTBD3] shows the ECMQV with SHA-1|3 DES wrap capabilities | NOTE: [RFCTBD3] shows the ECMQV with SHA-1 and 3 DES wrap | |||
| with NULL parameter values, but the NULL parameters should not have | capabilities with NULL parameter values, but the NULL parameters | |||
| been included according to [RFCTBD1]. This should be checked against | should not have been included according to [RFCTBD1]. The NULL is | |||
| existing implementations. Should we remove the NULL? | retained for backwards compatibility. | |||
| [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 | [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 | |||
| 0510 8648 3f00 1030 0f06 0b2a 8648 86f7 0d01 0910 0306 | 0510 8648 3f00 1030 0f06 0b2a 8648 86f7 0d01 0910 0306 | |||
| 0500 | 0500 | |||
| [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=Triple-DES: 3017 0606 | [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=Triple-DES: 3017 0606 | |||
| 2b81 0401 0f00 300d 060b 2a86 4886 f70d 0109 1003 06 | 2b81 0401 0f00 300d 060b 2a86 4886 f70d 0109 1003 06 | |||
| [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=Triple-DES: 3017 0606 | [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=Triple-DES: 3017 0606 | |||
| 2b81 0401 0f01 300d 060b 2a86 4886 f70d 0109 1003 06 | 2b81 0401 0f01 300d 060b 2a86 4886 f70d 0109 1003 06 | |||
| skipping to change at page 11, line 26 ¶ | skipping to change at page 10, line 29 ¶ | |||
| [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 | [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 | |||
| 0401 0f02 300b 0609 6086 4801 6503 0401 2d | 0401 0f02 300b 0609 6086 4801 6503 0401 2d | |||
| [RFCTBD3] ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 0401 | [RFCTBD3] ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 0401 | |||
| 0f03 300b 0609 6086 4801 6503 0401 2d | 0f03 300b 0609 6086 4801 6503 0401 2d | |||
| 6. Key Wrap Algorithms | 6. Key Wrap Algorithms | |||
| [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC4010], | [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC4010], | |||
| [RFCTBD5] define the following key agreement algorithms for use with | [RFC5649] define the following key agreement algorithms for use with | |||
| CMS: | CMS: | |||
| NOTE: In most instances, the key wrap algorithm is included in the | NOTE: In most instances, the key wrap algorithm is included in the | |||
| capabilities set as part of the key agreement algorithm. | capabilities set as part of the key agreement algorithm. | |||
| [RFC2876] FORTEZZA Wrap 80: 300b 0609 6086 4801 6502 0101 17 | [RFC2876] FORTEZZA Wrap 80: 300b 0609 6086 4801 6502 0101 17 | |||
| [RFC3058] IDEA: 300D 060B 2B06 0104 0181 3C07 0101 02 | [RFC3058] IDEA: 300D 060B 2B06 0104 0181 3C07 0101 02 | |||
| 3-DES Wrap: 300e 060b 2a86 4886 f70d 0109 1003 06 | 3-DES Wrap: 300e 060b 2a86 4886 f70d 0109 1003 06 | |||
| skipping to change at page 11, line 49 ¶ | skipping to change at page 11, line 4 ¶ | |||
| RC2 64-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 0178 | RC2 64-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 0178 | |||
| RC2 128-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 013a | RC2 128-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 013a | |||
| AES-128 Key Wrap: 300b 0609 6086 4801 6503 0401 05 | AES-128 Key Wrap: 300b 0609 6086 4801 6503 0401 05 | |||
| AES-196 Key Wrap: 300b 0609 6086 4801 6503 0401 19 | AES-196 Key Wrap: 300b 0609 6086 4801 6503 0401 19 | |||
| AES-256 Key Wrap: 300b 0609 6086 4801 6503 0401 2d | AES-256 Key Wrap: 300b 0609 6086 4801 6503 0401 2d | |||
| AES-128 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 08 | ||||
| AES-128 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 08 | AES-196 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 1c | |||
| AES-196 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 1c | ||||
| AES-256 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 30 | AES-256 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 30 | |||
| Camellia 128-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 02 | Camellia 128-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 02 | |||
| Camellia 196-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 | Camellia 196-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 | |||
| Camellia 256-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 | Camellia 256-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 | |||
| SEED Wrap: 300c 060a 2a83 1a8c 9a44 0701 0101 | SEED Wrap: 300c 060a 2a83 1a8c 9a44 0701 0101 | |||
| 7. Content Encryption Algorithms | 7. Content Encryption Algorithms | |||
| [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC5084], and | [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC5084], and | |||
| [RFCTBD5] define the following content encryption algorithms for use | [RFC5649] define the following content encryption algorithms for use | |||
| with CMS: | with CMS: | |||
| RC2-CBC 40-bit: 300d 0608 2a86 4886 f70d 0302 0201 28 | RC2-CBC 40-bit: 300d 0608 2a86 4886 f70d 0302 0201 28 | |||
| RC2-CBC 64-bit: 300d 0608 2a86 4886 f70d 0302 0201 40 | RC2-CBC 64-bit: 300d 0608 2a86 4886 f70d 0302 0201 40 | |||
| RC2-CBC 128-bit: 300e 0608 2a86 4886 f70d 0302 0202 0080 | RC2-CBC 128-bit: 300e 0608 2a86 4886 f70d 0302 0202 0080 | |||
| 3-DES-CBC: 300a 0608 2a86 4886 f70d 0307 | 3-DES-CBC: 300a 0608 2a86 4886 f70d 0307 | |||
| NOTE: What is the last 00 for? The OID ends (4). If it's wrong then | NOTE: [RFC2876] incorrectly included 00 at the end of the | |||
| we're also updating 2876. | SMIMECapability. | |||
| [RFC2876] SKIPJACK: 300b 0609 6086 4801 6502 0101 0400 | [RFC2876] SKIPJACK: 300b 0609 6086 4801 6502 0101 04 | |||
| [RFC3058] IDEA-CBC: 300d 060b 2b06 0104 0181 3c07 0101 02 | [RFC3058] IDEA-CBC: 300d 060b 2b06 0104 0181 3c07 0101 02 | |||
| [RFC3565] AES-CBC-128: 300b 0609 6086 4801 6503 0401 02 | [RFC3565] AES-CBC-128: 300b 0609 6086 4801 6503 0401 02 | |||
| [RFC3565] AES-CBC-196: 300b 0609 6086 4801 6503 0401 16 | [RFC3565] AES-CBC-196: 300b 0609 6086 4801 6503 0401 16 | |||
| [RFC3565] AES-CBC-256: 300b 0609 6086 4801 6503 0401 2a | [RFC3565] AES-CBC-256: 300b 0609 6086 4801 6503 0401 2a | |||
| AES-CCM-128: 300b 0609 6086 4801 6503 0401 07 | AES-CCM-128: 300b 0609 6086 4801 6503 0401 07 | |||
| skipping to change at page 15, line 15 ¶ | skipping to change at page 14, line 15 ¶ | |||
| [RFC3274] Gutmann, P., "CompressedData Content Type for | [RFC3274] Gutmann, P., "CompressedData Content Type for | |||
| Cryptographic Message Syntax", RFC3274, June 2002. | Cryptographic Message Syntax", RFC3274, June 2002. | |||
| [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) | [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) | |||
| Algorithms", RFC 3370, August 2002. | Algorithms", RFC 3370, August 2002. | |||
| [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport | [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport | |||
| Algorithm in the Cryptographic Message Syntax (CMS)", | Algorithm in the Cryptographic Message Syntax (CMS)", | |||
| RFC 3560, July 2003. | RFC 3560, July 2003. | |||
| [RFC3565] Schaad, J., " Use of the Advanced Encryption Standard | [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard | |||
| (AES) Encryption Algorithm in Cryptographic Message | (AES) Encryption Algorithm in Cryptographic Message | |||
| Syntax (CMS)", RFC 3565, July 2003. | Syntax (CMS)", RFC 3565, July 2003. | |||
| [RFC3657] Moriai, S, Kato, A., "Use of the Camellia Encryption | [RFC3657] Moriai, S, Kato, A., "Use of the Camellia Encryption | |||
| Algorithm", RFC 3657, January 2004. | Algorithm", RFC 3657, January 2004. | |||
| [RFC4010] Park, J. Lee, S., Kim, J., and J. Lee, "Use of the | [RFC4010] Park, J. Lee, S., Kim, J., and J. Lee, "Use of the | |||
| SEED Encryption Algorithm in Cryptographic Message | SEED Encryption Algorithm in Cryptographic Message | |||
| Syntax (CMS)", RFC 4010, February 2005. | Syntax (CMS)", RFC 4010, February 2005. | |||
| skipping to change at page 16, line 5 ¶ | skipping to change at page 15, line 5 ¶ | |||
| 2006. | 2006. | |||
| [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated | [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated | |||
| Encryption in the Cryptographic Message Syntax (CMS)", | Encryption in the Cryptographic Message Syntax (CMS)", | |||
| RFC 5084, November 2007. | RFC 5084, November 2007. | |||
| [RFCTBD2] Turners, S., "Using SHA2 Algorithms with Cryptographic | [RFCTBD2] Turners, S., "Using SHA2 Algorithms with Cryptographic | |||
| Message Syntax", draft-ietf-smime-sha2-11.txt, work- | Message Syntax", draft-ietf-smime-sha2-11.txt, work- | |||
| in-progress. | in-progress. | |||
| //RFC EDITOR: Replace TBD12 with the # assigned to draft-ietf-smime- | //RFC EDITOR: Replace TBD2 with the # assigned to draft-ietf-smime- | |||
| sha2-11.txt. | sha2-11.txt. | |||
| [RFCTBD3] Turners, S., and D. Brown, "Use of Elliptic Curve | [RFCTBD3] Turners, S., and D. Brown, "Use of Elliptic Curve | |||
| Cryptography (ECC) Algorithms in Cryptographic Message | Cryptography (ECC) Algorithms in Cryptographic Message | |||
| Syntax (CMS)", draft-ietf-smime-3278bis-07.txt, work- | Syntax (CMS)", draft-ietf-smime-3278bis-09.txt, work- | |||
| in-progress. | in-progress. | |||
| //RFC EDITOR: Replace TBD3 with the # assigned to draft-ietf-smime- | //RFC EDITOR: Replace TBD3 with the # assigned to draft-ietf-smime- | |||
| 3278bis-07.txt. | 3278bis-09.txt. | |||
| [RFCTBD4] Randall, J., and B.Kaliski, "Use of the RSA-KEM Key | [RFCTBD4] Randall, J., and B.Kaliski, "Use of the RSA-KEM Key | |||
| Transport Algorithm in CMS", draft-ietf-smime-cms-rsa- | Transport Algorithm in CMS", draft-ietf-smime-cms-rsa- | |||
| kem-06.txt, work-in-progress. | kem-07.txt, work-in-progress. | |||
| //RFC EDITOR: Replace TBD4 with the # assigned to draft-ietf-smime- | //RFC EDITOR: Replace TBD4 with the # assigned to draft-ietf-smime- | |||
| cms-rsa-kem-06.txt. | cms-rsa-kem-07.txt. | |||
| [RFCTBD5] Housley, R., and M. Dworkin, "Advanced Encryption | ||||
| Standard (AES) Key Wrap with Padding Algorithm", | ||||
| <draft-housley-aes-key-wrap-with-pad-02.txt>, work-in- | ||||
| progress. | ||||
| //RFC EDITOR: Replace TBD5 with the # assigned to draft-housley-aes- | [RFC5649] Housley, R., and M. Dworkin, "Advanced Encryption | |||
| key-wrap-with-pad-02.txt. | Standard (AES) Key Wrap with Padding Algorithm", RFC | |||
| 5649, August 2009. | ||||
| Appendix A Revision History | Appendix A Revision History | |||
| [[ This entire section is to be removed upon publication. ]] | ||||
| A.1 Changes between draft-turner-additional-smimecaps-00 and -01 | A.1 Changes between draft-turner-additional-smimecaps-00 and -01 | |||
| Removed NULL parameters from RSA algorithms in Section 3. | Removed NULL parameters from RSA algorithms in Section 3. | |||
| Corrected length in ECDH cofactor KDF=SHA-224, SHA-256, and SHA-512 | Corrected length in ECDH cofactor KDF=SHA-224, SHA-256, and SHA-512 | |||
| Wrap Triple-DES in Section 5. | Wrap Triple-DES in Section 5. | |||
| Added RC2-CBC 64-bit in Section 7. | Added RC2-CBC 64-bit in Section 7. | |||
| A.2 Changes between draft-turner-additional-smimecaps-01 and -02 | ||||
| Provided a specific example of which algorithms included NULL as | ||||
| parameters when it shouldn't have. | ||||
| Added an introduction paragraph to state which RFCs are being | ||||
| updated. | ||||
| Removed and reworded many of the notes. | ||||
| Added RSA-KEM and RSASSA-PSS capabilities. | ||||
| Removed NULL from SKIPJACK capability. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Sean Turner | Sean Turner | |||
| IECA, Inc. | IECA, Inc. | |||
| 3057 Nutley Street, Suite 106 | 3057 Nutley Street, Suite 106 | |||
| Fairfax, VA 22031 | Fairfax, VA 22031 | |||
| USA | USA | |||
| Email: turners@ieca.com | Email: turners@ieca.com | |||
| End of changes. 37 change blocks. | ||||
| 101 lines changed or deleted | 66 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||