idnits 2.17.1 draft-housley-hkdf-oids-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (5 February 2019) is 1906 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS' ** Downref: Normative reference to an Informational RFC: RFC 5869 Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Proposed Standard Vigil Security 4 Expires: 5 August 2019 5 February 2019 6 Algorithm Identifiers for the 7 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) 8 10 Abstract 12 RFC 5869 specifies the HMAC-based Extract-and-Expand Key Derivation 13 Function (HKDF) algorithm. This document assigns algorithm 14 identifiers to the HKDF algorithm when used with three common one-way 15 hash functions. 17 Status of this Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 Copyright Notice 34 Copyright (c) 2019 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with respect 42 to this document. Code Components extracted from this document must 43 include Simplified BSD License text as described in Section 4.e of 44 the Trust Legal Provisions and are provided without warranty as 45 described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 50 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.2. ASN.1 . . . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. HKDF Algorithm Identifiers . . . . . . . . . . . . . . . . . . 2 53 3. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 55 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 56 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 58 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 59 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 1. Introduction 63 The HKDF algorithm [RFC5869] is a key derivation function based on 64 the Hashed Message Authentication Code (HMAC). This document assigns 65 algorithm identifiers to the HKDF algorithm when used with three 66 common one-way hash functions. These algorithm identifiers are 67 needed to make use of the HKDF in some security protocols, such as 68 the The Cryptographic Message Syntax (CMS) [RFC5652]. 70 1.1. Terminology 72 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 73 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 74 "OPTIONAL" in this document are to be interpreted as described in BCP 75 14 [RFC2119] [RFC8174] when, and only when, they appear in all 76 capitals, as shown here. 78 1.2. ASN.1 80 In this specification, values are generated using ASN.1 [X.680] using 81 the Basic Encoding Rules (BER) and the Distinguished Encoding Rules 82 (DER) [X.690]. 84 2. HKDF Algorithm Identifiers 86 This section assigns algorithm identifier to HKDF [RFC5869] used with 87 three common one-way hash functions that are specified in [SHS], 88 SHA-256, SHA-384, and SHA-512. When any of these three object 89 identifiers appears within the ASN.1 type AlgorithmIdentifier, the 90 parameters component of that type SHALL be absent. 92 The specification of AlgorithmIdentifier is available in [RFC5911], 93 which is an evolution from the original definition in X.509 94 [X.509-88]. 96 The assigned object identifiers are: 98 id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 99 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD1 } 101 id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 102 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD2 } 104 id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 105 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD3 } 107 3. ASN.1 Module 109 This section contains the ASN.1 module for the HKDF algorithm 110 identifiers. This module imports types from other ASN.1 modules that 111 are defined in [RFC5912]. 113 HKDF-OID-2019 114 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 115 smime(16) modules(0) id-mod-hkdf-oid-2019(TBD0) } 117 DEFINITIONS IMPLICIT TAGS ::= 118 BEGIN 120 -- EXPORTS All 122 IMPORTS 124 AlgorithmIdentifier{}, KEY-DERIVATION 125 FROM AlgorithmInformation-2009 -- [RFC5912] 126 { iso(1) identified-organization(3) dod(6) internet(1) 127 security(5) mechanisms(5) pkix(7) id-mod(0) 128 id-mod-algorithmInformation-02(58) } ; 130 -- 131 -- Object Identifiers 132 -- 134 id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 135 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD1 } 137 id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 138 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD2 } 140 id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 141 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD3 } 143 -- 144 -- Key Derivation Algorithm Identifiers 145 -- 147 KeyDevAlgs KEY-DERIVATION ::= { 148 kda-hkdf-with-sha256 | 149 kda-hkdf-with-sha384 | 150 kda-hkdf-with-sha512, 151 ... } 153 kda-hkdf-with-sha256 KEY-DERIVATION ::= { 154 IDENTIFIER id-alg-hkdf-with-sha256 155 PARAMS ARE absent 156 SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha256 } } 158 kda-hkdf-with-sha384 KEY-DERIVATION ::= { 159 IDENTIFIER id-alg-hkdf-with-sha384 160 PARAMS ARE absent 161 SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha384 } } 163 kda-hkdf-with-sha512 KEY-DERIVATION ::= { 164 IDENTIFIER id-alg-hkdf-with-sha512 165 PARAMS ARE absent 166 SMIME-CAPS { IDENTIFIED BY id-alg-hkdf-with-sha512 } } 168 END 170 4. Security Considerations 172 In spite of the simplicity of HKDF, there are many security 173 considerations that have been taken into account in the design and 174 analysis of this construction. An exposition of all of these aspects 175 is well beyond the scope of this document. Please refer to [EPRINT] 176 for detailed information, including rationale for the HKDF design. 178 5. IANA Considerations 180 One object identifier for the ASN.1 module in the Section 3 was 181 assigned in the SMI Security for S/MIME Module Identifiers 182 (1.2.840.113549.1.9.16.0) [IANA-MOD] registry: 184 id-mod-hkdf-oid-2019 OBJECT IDENTIFIER ::= { 185 iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 186 pkcs-9(9) smime(16) mod(0) TBD0 } 188 Three object identifiers for the HKDF algorithm identifiers were 189 assigned in the SMI Security for S/MIME Mail Security Algorithms 190 (1.2.840.113549.1.9.16.3) [IANA-ALG] registry: 192 id-alg-hkdf-with-sha256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 193 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD1 } 195 id-alg-hkdf-with-sha384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 196 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD2 } 198 id-alg-hkdf-with-sha512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 199 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) TBD3 } 201 6. References 203 6.1. Normative References 205 [SHS] National Institute of Standards and Technology, "Secure 206 Hash Standard (SHS)", FIPS PUB 180-4, August 2015. 208 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 209 Requirement Levels", BCP 14, RFC 2119, March 1997. 211 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 212 5652, September 2009. 214 [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand 215 Key Derivation Function (HKDF)", RFC 5869, May 2010. 217 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 218 2119 Key Words", BCP 14, RFC 8174, May 2017. 220 [X.680] ITU-T, "Information technology -- Abstract Syntax Notation 221 One (ASN.1): Specification of basic notation", ITU-T 222 Recommendation X.680, 2015. 224 [X.690] ITU-T, "Information technology -- ASN.1 encoding rules: 225 Specification of Basic Encoding Rules (BER), Canonical 226 Encoding Rules (CER) and Distinguished Encoding Rules 227 (DER)", ITU-T Recommendation X.690, 2015. 229 6.2. Informative References 231 [EPRINT] Krawczyk, H., "Cryptographic Extraction and Key 232 Derivation: The HKDF Scheme", Proceedings of CRYPTO 2010, 233 2010, . 235 [IANA-ALG] https://www.iana.org/assignments/smi-numbers/smi- 236 numbers.xhtml#security-smime-3. 238 [IANA-MOD] https://www.iana.org/assignments/smi-numbers/smi- 239 numbers.xhtml#security-smime-0. 241 [RFC5911] Hoffman, P., and J. Schaad, "New ASN.1 Modules for 242 Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, 243 June 2010. 245 [RFC5912] Hoffman, P., and J. Schaad, "New ASN.1 Modules for the 246 Public Key Infrastructure Using X.509 (PKIX)" RFC 5912, 247 June 2010. 249 [X.509-88] CCITT. Recommendation X.509: The Directory - 250 Authentication Framework, 1988. 252 Author's Address 254 Russell Housley 255 Vigil Security, LLC 256 515 Dranesville Road 257 Herndon, VA 20170 258 USA 259 EMail: housley@vigilsec.com