idnits 2.17.1 draft-housley-hkdf-oids-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (11 January 2019) is 1932 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5869' is mentioned on line 86, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS' Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Proposed Standard Vigil Security 4 Expires: 11 July 2019 11 January 2019 6 Algorithm Identifiers for the 7 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) 8 10 Abstract 12 RFC 5869 specifies the HMAC-based Extract-and-Expand Key Derivation 13 Function (HKDF) algorithm. This document assigns algorithm 14 identifiers to the HKDF algorithm when used with three common one-way 15 hash functions. 17 Status of this Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 Copyright Notice 34 Copyright (c) 2019 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 50 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. HKDF Algorithm Identifiers . . . . . . . . . . . . . . . . . . 2 53 3. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 55 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 56 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 58 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 59 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 1. Introduction 63 The HKDF algorithm [RFC5869] is a key derivation function based on 64 the Hashed Message Authentication Code (HMAC). This document assigns 65 algorithm identifiers to the HKDF algorithm when used with three 66 common one-way hash functions. These algorithm identifiers are 67 needed to make use of the HKDF in some security protocols, such as 68 the The Cryptographic Message Syntax (CMS) [RFC5652]. 70 1.1. Terminology 72 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 73 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 74 "OPTIONAL" in this document are to be interpreted as described in BCP 75 14 [RFC2119] [RFC8174] when, and only when, they appear in all 76 capitals, as shown here. 78 1.2. ASN.1 80 CMS values are generated using ASN.1 [X.680], which uses the Basic 81 Encoding Rules (BER) and the Distinguished Encoding Rules (DER) 82 [X.690]. 84 2. HKDF Algorithm Identifiers 86 This section assigns algorithm identifier to HKDF [RFC5869] used with 87 three common one-way hash functions that are specified in [SHS], 88 SHA-256, SHA-384, and SHA-512. When any of these three object 89 identifiers appears within the ASN.1 type AlgorithmIdentifier, the 90 parameters component of that type SHALL be absent. 92 The specification of AlgorithmIdentifier is available in [RFC5911], 93 which is an evolution from the original definition in X.509 94 [X.509-88]. 96 The assigned object identifiers are: 98 id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 99 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD1 } 101 id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 102 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD2 } 104 id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 105 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD3 } 107 3. ASN.1 Module 109 This section contains the ASN.1 module for the HKDF algorithm 110 identifiers. This module imports types from other ASN.1 modules that 111 are defined in [RFC5912]. 113 HKDF-OID-2019 114 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 115 smime(16) modules(0) id-mod-hkdf-oid-2019(TBD0) } 117 DEFINITIONS IMPLICIT TAGS ::= 118 BEGIN 120 -- EXPORTS All 122 IMPORTS 124 AlgorithmIdentifier{}, KEY-DERIVATION 125 FROM AlgorithmInformation-2009 -- [RFC5912] 126 { iso(1) identified-organization(3) dod(6) internet(1) 127 security(5) mechanisms(5) pkix(7) id-mod(0) 128 id-mod-algorithmInformation-02(58) } ; 130 -- 131 -- Object Identifiers 132 -- 134 id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 135 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD1 } 137 id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 138 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD2 } 140 id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 141 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD3 } 143 -- 144 -- Key Derivation Algorithm Identifiers 145 -- 147 KeyDevAlgs KEY-DERIVATION ::= { 148 kda-hkdf-with-sha256 | 149 kda-hkdf-with-sha384 | 150 kda-hkdf-with-sha512, 151 ... } 153 kda-hkdf-with-sha256 KEY-DERIVATION ::= { 154 IDENTIFIER id-alg-hkdf-with-sha256 155 PARAMS ARE absent 156 SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha256 } } 158 kda-hkdf-with-sha384 KEY-DERIVATION ::= { 159 IDENTIFIER id-alg-hkdf-with-sha384 160 PARAMS ARE absent 161 SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha384 } } 163 kda-hkdf-with-sha512 KEY-DERIVATION ::= { 164 IDENTIFIER id-alg-hkdf-with-sha512 165 PARAMS ARE absent 166 SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha512 } } 168 END 170 4. Security Considerations 172 In spite of the simplicity of HKDF, there are many security 173 considerations that have been taken into account in the design and 174 analysis of this construction. An exposition of all of these aspects 175 is well beyond the scope of this document. Please refer to [EPRINT] 176 for detailed information, including rationale for the HKDF design. 178 5. IANA Considerations 180 One object identifier for the ASN.1 module in the Section ??? was 181 assigned in the SMI Security for S/MIME Module Identifiers 182 (1.2.840.113549.1.9.16.0) [IANA-MOD] registry: 184 id-mod-hkdf-oid-2019 OBJECT IDENTIFIER ::= { 185 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 186 pkcs-9(9) smime(16) mod(0) TBD0 } 188 Three object identifiers for the HKDF algorithm identifiers were 189 assigned in the SMI Security for S/MIME Mail Security Algorithms 190 (1.2.840.113549.1.9.16.3) [IANA-ALG] registry: 192 id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 193 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD1 } 195 id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 196 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD2 } 198 id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 199 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD3 } 201 6. References 203 6.1. Normative References 205 [SHS] National Institute of Standards and Technology, "Secure 206 Hash Standard (SHS)", FIPS PUB 180-4, August 2015. 208 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 209 Requirement Levels", BCP 14, RFC 2119, March 1997. 211 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 212 5652, September 2009. 214 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 215 2119 Key Words", BCP 14, RFC 8174, May 2017. 217 [X.680] ITU-T, "Information technology -- Abstract Syntax Notation 218 One (ASN.1): Specification of basic notation", ITU-T 219 Recommendation X.680, 2015. 221 [X.690] ITU-T, "Information technology -- ASN.1 encoding rules: 222 Specification of Basic Encoding Rules (BER), Canonical 223 Encoding Rules (CER) and Distinguished Encoding Rules 224 (DER)", ITU-T Recommendation X.690, 2015. 226 6.2. Informative References 228 [EPRINT] Krawczyk, H., "Cryptographic Extraction and Key 229 Derivation: The HKDF Scheme", Proceedings of CRYPTO 2010, 230 2010, . 232 [IANA-ALG] https://www.iana.org/assignments/smi-numbers/smi- 233 numbers.xhtml#security-smime-3. 235 [IANA-MOD] https://www.iana.org/assignments/smi-numbers/smi- 236 numbers.xhtml#security-smime-0. 238 [RFC5911] Hoffman, P., and J. Schaad, "New ASN.1 Modules for 239 Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, 240 June 2010. 242 [RFC5912] Hoffman, P., and J. Schaad, "New ASN.1 Modules for the 243 Public Key Infrastructure Using X.509 (PKIX)" RFC 5912, 244 June 2010. 246 [X.509-88] CCITT. Recommendation X.509: The Directory - 247 Authentication Framework, 1988. 249 Author's Address 251 Russell Housley 252 Vigil Security, LLC 253 515 Dranesville Road 254 Herndon, VA 20170 255 USA 256 EMail: housley@vigilsec.com