idnits 2.17.1 draft-birrane-dtn-bpsec-interop-cs-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 1, 2017) is 2484 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'AES-GCM' == Outdated reference: A later version (-31) exists of draft-ietf-dtn-bpbis-06 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Obsolete normative reference: RFC 4634 (Obsoleted by RFC 6234) == Outdated reference: A later version (-27) exists of draft-ietf-dtn-bpsec-05 Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Delay-Tolerant Networking E. Birrane 3 Internet-Draft JHU/APL 4 Intended status: Standards Track July 1, 2017 5 Expires: January 2, 2018 7 BPSec Interoperability Cipher Suites 8 draft-birrane-dtn-bpsec-interop-cs-00 10 Abstract 12 This document defines a set of integrity and confidentiality cipher 13 suites suitable for testing the interoperability of Bundle Protocol 14 Security (BPSec) implementations. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on January 2, 2018. 33 Copyright Notice 35 Copyright (c) 2017 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 52 3. Suite BIB-HMAC256-SHA256 . . . . . . . . . . . . . . . . . . 3 53 3.1. Cipher Suite Overview . . . . . . . . . . . . . . . . . . 3 54 3.2. Key Considerations . . . . . . . . . . . . . . . . . . . 3 55 3.3. Canonicalization Algorithms . . . . . . . . . . . . . . . 3 56 3.4. Cipher Suite Parameter Definitions . . . . . . . . . . . 3 57 3.5. Security Result Definitions . . . . . . . . . . . . . . . 4 58 4. Suite BCB-AES-GCM-128 . . . . . . . . . . . . . . . . . . . . 4 59 4.1. Cipher Suite Overview . . . . . . . . . . . . . . . . . . 4 60 4.2. Key Considerations . . . . . . . . . . . . . . . . . . . 4 61 4.3. Canonicalization Algorithms . . . . . . . . . . . . . . . 5 62 4.4. Cipher Suite Parameter Definitions . . . . . . . . . . . 5 63 4.5. Security Result Definitions . . . . . . . . . . . . . . . 5 64 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 65 5.1. Bundle Block Types . . . . . . . . . . . . . . . . . . . 6 66 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 67 6.1. Normative References . . . . . . . . . . . . . . . . . . 6 68 6.2. Informative References . . . . . . . . . . . . . . . . . 7 69 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 71 1. Introduction 73 The Bundle Protocol Security (BPSec) [BPSEC] specification provides 74 inter-bundle integrity and confidentiality features for networks 75 deploying the Bundle Protocol (BP) [BPBIS]. BPSec defines a set of 76 BP extension blocks to carry cipher suite results and associated 77 meta-data, but does not define a common set of supported cipher 78 suites. 80 This document defines an integrity cipher suite and a confidentiality 81 cipher suite suitable for populating BPSec Block Integrity Blocks 82 (BIBs) and Block Confidentiality Blocks (BCBs), respectively. 84 This purpose of the cipher suites described in this document is 85 twofold. First, these suites should be used to test the 86 interoperability of BPSec implementations. Second, this 87 specification can serve as a template to be followed by other BPSec 88 cipher suite authors. 90 The intent of these cipher suite definitions is to provide a 91 mechanism for interoperability testing. There is no claim that these 92 cipher suites are suitable for operational deployment in any 93 particular networking scenario. 95 2. Requirements Language 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 99 "OPTIONAL" in this document are to be interpreted as described in 100 [RFC2119]. 102 3. Suite BIB-HMAC256-SHA256 104 3.1. Cipher Suite Overview 106 The integrity cipher suite provides a signed hash over the security 107 target based on the use of the SHA-256 message digest algorithm 108 [RFC4634] combined with HMAC [RFC2104] with a 256 bit truncation 109 length. This formulation is based on the HMAC 256/256 algorithm 110 defined in [COSE] Table 7: HMAC Algorithm Values. 112 The BIB-HMAC256-SHA256 ciphersuite has ciphersuite ID value 0x01. 114 3.2. Key Considerations 116 Keys used with this specification MUST be symmetric and 256 bits in 117 length. 119 This cipher suite provides no requirements on the configuration or 120 management of keys. 122 3.3. Canonicalization Algorithms 124 BIB-HMAC256-SHA256 uses the standard canonicalization algorithms 125 defined in BPSec and operates over the entire contents of the 126 security target data block. This ciphersuite does not include 127 hashing over other parts of the target block header, such as the 128 block type and block length. 130 3.4. Cipher Suite Parameter Definitions 132 BIB-HMAC256-SHA256 defines the following cipher suite parameters. 134 BIB-HMAC256-SHA256 Parameters 136 +------+------+-----------+-----------------------------------------+ 137 | Parm | Parm | CBOR Type | Description | 138 | Id | Name | | | 139 +------+------+-----------+-----------------------------------------+ 140 | 1 | Key | byte | Material encoded or proteted by the key | 141 | | | string | management system and used to transport | 142 | | | (major | an ephemeral key protected by a long- | 143 | | | type 2) | term key. | 144 +------+------+-----------+-----------------------------------------+ 146 Table 1 148 3.5. Security Result Definitions 150 BIB-HMAC256-SHA256 defines the following security results. 152 BIB-HMAC256-SHA256 Security Results 154 +----------+-----------+---------------------+----------------------+ 155 | Result | Result | CBOR Type | Description | 156 | Id | Name | | | 157 +----------+-----------+---------------------+----------------------+ 158 | 1 | Tag | byte string (major | The tag produced by | 159 | | | type 2) | HMAC. | 160 +----------+-----------+---------------------+----------------------+ 162 Table 2 164 4. Suite BCB-AES-GCM-128 166 4.1. Cipher Suite Overview 168 The confidentiality cipher suite provides cipher text to replace the 169 data contents of the target block using the AES cipher operating in 170 GCM mode [AES-GCM]. This formulation is based on the A128GCM 171 algorithm defined in [COSE] Table 9: Algorithm Value for AES-GCM. 173 The BCB-AES-GCM-128 ciphersuite has ciphersuite ID value 0x02. 175 4.2. Key Considerations 177 Keys used with this specification MUST be symmetric and 128 bits in 178 length. 180 This cipher suite provides no requirements on the configuration or 181 management of keys. 183 4.3. Canonicalization Algorithms 185 BCB-AES-GCM-128 uses the standard canonicalization algorithms defined 186 in BPSec and operates over the entire contents of the security target 187 data block. This ciphersuite does not include encryption over other 188 parts of the target block header, such as the block type and block 189 length. 191 4.4. Cipher Suite Parameter Definitions 193 BCB-AES-GCM-128 defines the following cipher suite parameters. It 194 should be noted in this specification there is no additional 195 authenticated data passed in to the AES-GCM cipher. The plaintext is 196 the only data input and MUST be the data contents of the target 197 block. 199 BCB-AES-GCM-128 Parameters 201 +------+----------------+---------+---------------------------------+ 202 | Parm | Parm Name | CBOR | Description | 203 | Id | | Type | | 204 +------+----------------+---------+---------------------------------+ 205 | 1 | Key | byte | Material encoded or proteted by | 206 | | | string | the key management system and | 207 | | | (major | used to transport an ephemeral | 208 | | | type 2) | key protected by a long-term | 209 | | | | key. | 210 | 2 | Initialization | byte | The initialization vector. A | 211 | | Vector | string | random value between 8-16 | 212 | | | (major | bytes. 12 bytes is recommended. | 213 | | | type 2) | | 214 +------+----------------+---------+---------------------------------+ 216 Table 3 218 4.5. Security Result Definitions 220 BCB-AES-GCM-128 defines the following security results. It should be 221 noted that cipher-text is not a security result as the resultant 222 cipher text is stored in the target block. When operating in GCM 223 mode, AES produces cipher-text of the same size as its plain-text 224 and, therefore, no security results are necessary to capture padding 225 information. 227 BCB-AES-GCM-128 Security Results 229 +--------+----------------+-------------+---------------------------+ 230 | Result | Result Name | CBOR Type | Description | 231 | Id | | | | 232 +--------+----------------+-------------+---------------------------+ 233 | 1 | Authentication | byte string | Output from the AES-GCM | 234 | | Tag | (major type | cipher. This value MUST | 235 | | | 2) | be 16 bytes long. | 236 +--------+----------------+-------------+---------------------------+ 238 Table 4 240 5. IANA Considerations 242 5.1. Bundle Block Types 244 This specification allocates two block types from the existing "BPSec 245 Cipher Suite IDs" registry defined in [BPSEC]. 247 Additional BPSec Cipher Suite IDs: 249 +-------+--------------------+---------------+ 250 | Value | Description | Reference | 251 +-------+--------------------+---------------+ 252 | 1 | BIB-HMAC256-SHA256 | This document | 253 | 2 | BCB-AES-GCM-128 | This document | 254 +-------+--------------------+---------------+ 256 Table 5 258 6. References 260 6.1. Normative References 262 [AES-GCM] Dworkin, M., "NIST Special Publication 800-38D: 263 Recommendation for Block Cipher Modes of Operation: 264 Galois/Counter Mode (GCM) and GMAC.", November 2007. 266 [BPBIS] Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol", 267 draft-ietf-dtn-bpbis-06 (work in progress), July 2016. 269 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 270 Hashing for Message Authentication", RFC 2104, 271 DOI 10.17487/RFC2104, February 1997, 272 . 274 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 275 Requirement Levels", BCP 14, RFC 2119, 276 DOI 10.17487/RFC2119, March 1997, 277 . 279 [RFC4634] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms 280 (SHA and HMAC-SHA)", RFC 4634, DOI 10.17487/RFC4634, July 281 2006, . 283 6.2. Informative References 285 [BPSEC] Birrane, E. and K. McKeever, "Bundle Security Protocol", 286 draft-ietf-dtn-bpsec-05 (work in progress), October 2015. 288 [COSE] Schaad, J., "CBOR Object Signing and Encryption (COSE)", 289 draft-ietf-cose-msg-24 (work in progress), November 2016. 291 Author's Address 293 Edward J. Birrane, III 294 The Johns Hopkins University Applied Physics Laboratory 295 11100 Johns Hopkins Rd. 296 Laurel, MD 20723 297 US 299 Phone: +1 443 778 7423 300 Email: Edward.Birrane@jhuapl.edu