idnits 2.17.1 draft-birrane-dtn-bpsec-interop-cs-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 5, 2018) is 2237 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'AES-GCM' == Outdated reference: A later version (-31) exists of draft-ietf-dtn-bpbis-10 == Outdated reference: A later version (-27) exists of draft-ietf-dtn-bpsec-06 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Obsolete normative reference: RFC 4634 (Obsoleted by RFC 6234) Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Delay-Tolerant Networking E. Birrane 3 Internet-Draft JHU/APL 4 Intended status: Standards Track March 5, 2018 5 Expires: September 6, 2018 7 BPSec Interoperability Cipher Suites 8 draft-birrane-dtn-bpsec-interop-cs-01 10 Abstract 12 This document defines a set of integrity and confidentiality cipher 13 suites suitable for testing the interoperability of Bundle Protocol 14 Security (BPSec) implementations. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 6, 2018. 33 Copyright Notice 35 Copyright (c) 2018 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (https://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 52 3. Cipher Suite BIB-HMAC256-SHA256 . . . . . . . . . . . . . . . 3 53 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 54 3.2. Key Considerations . . . . . . . . . . . . . . . . . . . 3 55 3.3. Canonicalization Algorithms . . . . . . . . . . . . . . . 3 56 3.4. Cipher Suite Parameter Definitions . . . . . . . . . . . 3 57 3.5. Security Result Definitions . . . . . . . . . . . . . . . 4 58 4. Cipher Suite BCB-AES-GCM-128 . . . . . . . . . . . . . . . . 4 59 4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4.2. Key Considerations . . . . . . . . . . . . . . . . . . . 4 61 4.3. Canonicalization Algorithms . . . . . . . . . . . . . . . 5 62 4.4. Cipher Suite Parameter Definitions . . . . . . . . . . . 5 63 4.5. Security Result Definitions . . . . . . . . . . . . . . . 5 64 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 65 5.1. Bundle Block Types . . . . . . . . . . . . . . . . . . . 6 66 6. Normative References . . . . . . . . . . . . . . . . . . . . 6 67 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 69 1. Introduction 71 The Bundle Protocol Security (BPSec) [I-D.ietf-dtn-bpsec] 72 specification provides inter-bundle integrity and confidentiality 73 features for networks deploying the Bundle Protocol (BP) 74 [I-D.ietf-dtn-bpbis]. BPSec defines a set of BP extension blocks to 75 carry cipher suite results and associated meta-data, but does not 76 define a common set of supported cipher suites. 78 This document defines an integrity cipher suite and a confidentiality 79 cipher suite suitable for populating BPSec Block Integrity Blocks 80 (BIBs) and Block Confidentiality Blocks (BCBs), respectively. 82 This purpose of the cipher suites described in this document is 83 twofold. First, these suites should be used to test the 84 interoperability of BPSec implementations. Second, this 85 specification can serve as a template to be followed by other BPSec 86 cipher suite authors. 88 The intent of these cipher suite definitions is to provide a 89 mechanism for interoperability testing. There is no claim that these 90 cipher suites are suitable for operational deployment in any 91 particular networking scenario. Further, there is no requirement 92 that these cipher suites be used in any operational network 93 deployments. 95 2. Requirements Language 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 99 "OPTIONAL" in this document are to be interpreted as described in 100 [RFC2119]. 102 3. Cipher Suite BIB-HMAC256-SHA256 104 3.1. Overview 106 This integrity cipher suite provides a signed hash over the security 107 target based on the use of the SHA-256 message digest algorithm 108 [RFC4634] combined with HMAC [RFC2104] with a 256 bit truncation 109 length. This formulation is based on the HMAC 256/256 algorithm 110 defined in [COSE] Table 7: HMAC Algorithm Values. 112 The BIB-HMAC256-SHA256 ciphersuite has ciphersuite ID value 0x01. 114 3.2. Key Considerations 116 Keys used with this specification MUST be symmetric and 256 bits in 117 length. 119 This cipher suite provides no requirements on the configuration or 120 management of keys. 122 3.3. Canonicalization Algorithms 124 BIB-HMAC256-SHA256 uses the standard canonicalization algorithms 125 defined in BPSec and operates over the entire contents of the 126 security target data block. This cipher suite does not include 127 hashing over other parts of the target block header, such as the 128 block type and block length. 130 3.4. Cipher Suite Parameter Definitions 132 BIB-HMAC256-SHA256 defines the following cipher suite parameters. 134 BIB-HMAC256-SHA256 Parameters 136 +------+------+-----------+-----------------------------------------+ 137 | Parm | Parm | CBOR Type | Description | 138 | Id | Name | | | 139 +------+------+-----------+-----------------------------------------+ 140 | 1 | Key | byte | Material encoded or protected by the | 141 | | | string | key management system and used to | 142 | | | (major | transport an ephemeral key protected by | 143 | | | type 2) | a long-term key. | 144 +------+------+-----------+-----------------------------------------+ 146 Table 1 148 3.5. Security Result Definitions 150 BIB-HMAC256-SHA256 defines the following security results. 152 BIB-HMAC256-SHA256 Security Results 154 +----------+-----------+---------------------+----------------------+ 155 | Result | Result | CBOR Type | Description | 156 | Id | Name | | | 157 +----------+-----------+---------------------+----------------------+ 158 | 1 | Tag | byte string (major | The tag produced by | 159 | | | type 2) | HMAC. | 160 +----------+-----------+---------------------+----------------------+ 162 Table 2 164 4. Cipher Suite BCB-AES-GCM-128 166 4.1. Overview 168 This confidentiality cipher suite provides cipher text to replace the 169 data contents of the target block using the AES cipher operating in 170 GCM mode [AES-GCM]. This formulation is based on the A128GCM 171 algorithm defined in [COSE] Table 9: Algorithm Value for AES-GCM. 173 The BCB-AES-GCM-128 ciphersuite has ciphersuite ID value 0x02. 175 4.2. Key Considerations 177 Keys used with this specification MUST be symmetric and 128 bits in 178 length. 180 This cipher suite provides no requirements on the configuration or 181 management of keys. 183 4.3. Canonicalization Algorithms 185 BCB-AES-GCM-128 uses the standard canonicalization algorithms defined 186 in BPSec and operates over the entire contents of the security target 187 data block. This cipher suite does not include encryption over other 188 parts of the target block header, such as the block type and block 189 length. 191 4.4. Cipher Suite Parameter Definitions 193 BCB-AES-GCM-128 defines the following cipher suite parameters. It 194 should be noted in this specification there is no additional 195 authenticated data passed in to the AES-GCM cipher. The plaintext is 196 the only data input and MUST be the entire data contents of the 197 target block. 199 BCB-AES-GCM-128 Parameters 201 +------+----------------+---------+---------------------------------+ 202 | Parm | Parm Name | CBOR | Description | 203 | Id | | Type | | 204 +------+----------------+---------+---------------------------------+ 205 | 1 | Key | byte | Material encoded or proteted by | 206 | | | string | the key management system and | 207 | | | (major | used to transport an ephemeral | 208 | | | type 2) | key protected by a long-term | 209 | | | | key. | 210 | 2 | Initialization | byte | The initialization vector. A | 211 | | Vector | string | random value between 8-16 | 212 | | | (major | bytes. 12 bytes is recommended. | 213 | | | type 2) | | 214 +------+----------------+---------+---------------------------------+ 216 Table 3 218 4.5. Security Result Definitions 220 BCB-AES-GCM-128 defines the following security results. It should be 221 noted that cipher text is not a security result as the resultant 222 cipher text is stored in the target block. When operating in GCM 223 mode, AES produces cipher text of the same size as its plain text 224 and, therefore, no security results are necessary to capture padding 225 information. 227 BCB-AES-GCM-128 Security Results 229 +--------+----------------+-------------+---------------------------+ 230 | Result | Result Name | CBOR Type | Description | 231 | Id | | | | 232 +--------+----------------+-------------+---------------------------+ 233 | 1 | Authentication | byte string | Output from the AES-GCM | 234 | | Tag | (major type | cipher. This value MUST | 235 | | | 2) | be 16 bytes long. | 236 +--------+----------------+-------------+---------------------------+ 238 Table 4 240 5. IANA Considerations 242 5.1. Bundle Block Types 244 This specification allocates two block types from the "BPSec Cipher 245 Suite IDs" registry defined in [I-D.ietf-dtn-bpsec]. 247 Additional BPSec Cipher Suite IDs: 249 +-------+--------------------+---------------+ 250 | Value | Description | Reference | 251 +-------+--------------------+---------------+ 252 | 1 | BIB-HMAC256-SHA256 | This document | 253 | 2 | BCB-AES-GCM-128 | This document | 254 +-------+--------------------+---------------+ 256 Table 5 258 6. Normative References 260 [AES-GCM] Dworkin, M., "NIST Special Publication 800-38D: 261 Recommendation for Block Cipher Modes of Operation: 262 Galois/Counter Mode (GCM) and GMAC.", November 2007. 264 [COSE] Schaad, J., "CBOR Object Signing and Encryption (COSE)", 265 draft-ietf-cose-msg-24 (work in progress), November 2016. 267 [I-D.ietf-dtn-bpbis] 268 Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol 269 Version 7", draft-ietf-dtn-bpbis-10 (work in progress), 270 November 2017. 272 [I-D.ietf-dtn-bpsec] 273 Birrane, E. and K. McKeever, "Bundle Protocol Security 274 Specification", draft-ietf-dtn-bpsec-06 (work in 275 progress), October 2017. 277 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 278 Hashing for Message Authentication", RFC 2104, 279 DOI 10.17487/RFC2104, February 1997, 280 . 282 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 283 Requirement Levels", BCP 14, RFC 2119, 284 DOI 10.17487/RFC2119, March 1997, 285 . 287 [RFC4634] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms 288 (SHA and HMAC-SHA)", RFC 4634, DOI 10.17487/RFC4634, July 289 2006, . 291 Author's Address 293 Edward J. Birrane, III 294 The Johns Hopkins University Applied Physics Laboratory 295 11100 Johns Hopkins Rd. 296 Laurel, MD 20723 297 US 299 Phone: +1 443 778 7423 300 Email: Edward.Birrane@jhuapl.edu