idnits 2.17.1 draft-ietf-cat-kerb-des3-hmac-sha1-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-26) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 2 longer pages, the longest (page 1) being 63 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC1510], [Krawczyk96], [Horowitz96]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- No information found for draft-horowitz-kerb-key-derivation - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'Horowitz96' -- Unexpected draft version: The latest known version of draft-ietf-ipsec-hmac-md5 is -00, but you're referring to -01. (However, the state information for draft-horowitz-kerb-key-derivation is not up-to-date. The last update was unsuccessful) ** Downref: Normative reference to an Informational draft: draft-ietf-ipsec-hmac-md5 (ref. 'Krawczyk96') ** Obsolete normative reference: RFC 1510 (Obsoleted by RFC 4120, RFC 6649) Summary: 12 errors (**), 0 flaws (~~), 2 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Horowitz 3 Cygnus Solutions 4 Internet-Draft November, 1996 6 Triple DES with HMAC-SHA1 Kerberos Encryption Type 8 Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, 12 and its working groups. Note that other groups may also distribute 13 working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference 18 material or to cite them other than as ``work in progress.'' 20 To learn the current status of any Internet-Draft, please check the 21 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 22 Directories on ds.internic.net (US East Coast), nic.nordu.net 23 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 24 Rim). 26 Distribution of this memo is unlimited. Please send comments to the 27 mailing list. 29 Abstract 31 This document defines a new encryption type and a new checksum type 32 for use with Kerberos V5 [RFC1510]. This encryption type is based on 33 the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message 34 authentication algorithm. 36 The des3-cbc-hmac-sha1 encryption type has been assigned the value 7. 37 The hmac-sha1-des3 checksum type has been assigned the value 12. 39 Encryption Type des3-cbc-hmac-sha1 41 EncryptedData using this type must be generated as described in 42 [Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC 43 mode. The keyed hash algorithm is HMAC-SHA1. Unless otherwise 44 specified, a zero IV must be used. If the length of the input data 45 is not a multiple of the block size, zero octets must be used to pad 46 the plaintext to the next eight-octet boundary. The counfounder must 47 be eight random octets (one block). 49 Checksum Type hmac-sha1-des3 51 Checksums using this type must be generated as described in 52 [Horowitz96]. The keyed hash algorithm is HMAC-SHA1. 54 Common Requirements 56 Where the Triple DES key is represented as an EncryptionKey, it shall 57 be represented as three DES keys, with parity bits, concatenated 58 together. The key shall be represented with the most significant bit 59 first. 61 When keys are generated by the derivation function, a key length of 62 168 bits shall be used. The output bit string will be converted to a 63 valid Triple DES key by inserting DES parity bits after every seventh 64 bit. 66 Any implementation which implements either of the encryption or 67 checksum types in this document must support both. 69 Security Considerations 71 This entire document defines encryption and checksum types for use 72 with Kerberos V5. 74 References 76 [Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft- 77 horowitz-kerb-key-derivation-00.txt, November 1996. 78 [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC: 79 Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac- 80 md5-01.txt, August, 1996. 81 [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network 82 Authentication Service (V5)", RFC 1510, September 1993. 84 Author's Address 86 Marc Horowitz 87 Cygnus Solutions 88 955 Massachusetts Avenue 89 Cambridge, MA 02139 91 Phone: +1 617 354 7688 92 Email: marc@cygnus.com