idnits 2.17.1 draft-ietf-ipsec-skip-udh-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-19) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 5 longer pages, the longest (page 2) being 64 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 6 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack an Authors' Addresses Section. ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 126: '...ate verification MUST be done by perfo...' RFC 2119 keyword, line 133: '...gned DH public values MUST NOT be used...' Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 1, 1996) is 10123 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '2' is defined on line 156, but no explicit reference was found in the text -- Possible downref: Normative reference to a draft: ref. '1' ** Downref: Normative reference to an Informational RFC: RFC 1321 (ref. '2') ** Obsolete normative reference: RFC 1305 (ref. '3') (Obsoleted by RFC 5905) Summary: 13 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 - 1 - 3 IPSEC Working Group Ashar Aziz 4 INTERNET-DRAFT Tom Markson 5 Hemma Prafullchandra 6 Sun Microsystems, Inc. 8 Expires in six months August 1, 1996 10 Encoding of an Unsigned Diffie-Hellman Public Value 11 13 Status of this Memo 15 This document is a submission to the IETF Internet Protocol Security 16 (IPSEC) Working Group. Comments are solicited and should be addressed to 17 to the working group mailing list (ipsec@ans.net) or to the authors. 19 This document is an Internet-Draft. Internet Drafts are working 20 documents of the Internet Engineering Task Force (IETF), its areas, and 21 its working Groups. Note that other groups may also distribute working 22 documents as Internet Drafts. 24 Internet-Drafts draft documents are valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference material 27 or to cite them other than as "work in progress." 29 To learn the current status of any Internet-Draft, please check the 30 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 31 Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), 32 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 33 ftp.isi.edu (US West Coast). 35 Distribution of this memo is unlimited. 37 Abstract 39 It is useful to be able to communicate public keys in the absence of a 40 certificate hierarchy and a signature infrastructure. This document 41 describes a method by which certificates which communicate Diffie- 42 Hellman public values and parameters may be encoded and securely named. 44 1. Unsigned Public Keys 46 In public key cryptography, certificates provide a binding between an 47 entity's name and their public key. The signature on the certificate 48 provides this binding. However, certificates tend to be difficult to 49 implement and usually require infrastructure to verify signatures. This 50 infrastructure and certificates, in general, are not in wide use on the 51 Internet. Instead of explicitly binding a name to a public value using 52 a signature, the name may be derived directly from the public key. This 53 can be done by defining the name of the certificate to be the message 54 digest of the public key. 56 Although the public value is distributed in an unsigned manner, there is 57 still a strong binding between a name and the public value, given the 58 collision resistance properties of a message digest. The entity's names 59 need to be securely distributed out of band. 61 This distribution of keys has a number of advantages over conventional 62 signed certificates: no infrastructure is required to use Unsigned 63 Public Keys. No signature algorithm needs to be supported. No complex 64 encoding of certificates is required. 66 A disadvantage of this method is that the name must be securely (but not 67 secretly) communicated to anyone using the key. Since the name is the 68 hash value of the public key, it is a cryptic string of hexadecimal 69 digits which is not user-friendly. 71 The encoding does not specify the hash algorithm used to generate the 72 name. The hash algorithm must be transferred out of band. This may be 73 done by creating a "certificate type" that includes this information. 74 One valid certificate type is "MD5 of Hashed DH Public Key". 76 2. Encoding of an Unsigned DH public value 78 This encoding scheme is used to authenticate/distribute a DH public 79 value, for cases where the entity's name is the message digest of the 80 public value. 82 The following is how the public value is encoded for purposes 83 of message digest computation and distribution in the network. 84 All values are in network order. All variable-length fields 85 must begin with a non-zero byte. 87 0 1 2 3 88 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 89 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 90 | Not Valid Before | 91 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 92 | Not Valid After | 93 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 94 | PrimeLen | Prime (p) (variable length) ~ 95 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 96 ~ Prime (p) (variable length) | GenLen | 97 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 98 | Generator (g) (variable length) | 99 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 100 | PublicValueLen | Public Value (variable length)~ 101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 102 ~ Public Value (g^i mod p) (variable length) | 103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 105 "Not Valid Before" is the time at which the public value becomes valid. 106 It is in NTP time format [3] (the Integer portion). "Not Valid After" is 107 the time at which the public value expires. It is in NTP [3] time format 108 (the Integer portion). 110 PrimeLen is Length of the DH Prime (p) in bytes. Prime contains the 111 binary representation of the DH prime with most significant byte first. 112 GenLen is the length of the Generator (g) in bytes. Generator is the 113 binary representation of generator with most significant byte first. 114 PublicValueLen is the Length of the Public Value (g^i mod p) in bytes. 115 PublicValue is the binary representation of the DH public value with 116 most significant byte first. 118 The Name associated with the public key and parameters is the 119 cryptographic hash of the above encoding. 121 3. Verification of the Unsigned Public Value 123 Verification of the Encoding in this instance means verifying that the 124 message digest of the entire encoding (as specified above) is the same 125 as the (securely known) name of the entity. When using this instead of 126 signed certificates, certificate verification MUST be done by performing 127 the message digest computation. 129 4. Security Considerations 131 The unsigned DH public value can ONLY be used when entities are named 132 using the message digest of their DH public value, AND these names are 133 securely communicated. Unsigned DH public values MUST NOT be used 134 instead of signed DH certificates when entities are named using 135 something other than the message digest of their public value, since 136 this opens up the possibility of an intruder-in-the-middle attack 137 described in [1]. In order to use other naming schemes, signed 138 certificates such as X.509, Secure DNS, PGP, etc. should be used. 140 Acknowledgements 142 We would like to thank all of the people who helped make this draft 143 possible. 145 Jeff Schiller originally suggested using the hash of the public key as 146 the Entity's name. 148 Bill Danielson, Marc Dye, Colin Plumb, Rich Skrenta and Ben Stoltz for 149 reviewing this draft and providing constructive suggestions. 151 References 153 [1] Aziz, A., "Simple Key Management for Internet Protocols", (I-D 154 draft-ietf-ipsec-skip-06.txt), Work in Progress 156 [2] Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321, April 1992 158 [3] Mills, D.,"Network Time Protocol", RFC 1305, March 1992 159 Author's Address(es) 161 Ashar Aziz 162 Sun Microsystems, Inc. 163 M/S PAL1-550 164 2550 Garcia Avenue 165 Mountain View, CA 94043 167 Email: ashar.aziz@eng.sun.com 168 Alternate email address: ashar@incog.com 170 Tom Markson 171 Sun Microsystems, Inc. 172 M/S PAL1-550 173 2550 Garcia Avenue 174 Mountain View, CA 94043 176 Email: markson@incog.com 177 Alternate email address: markson@eng.sun.com 179 Hemma Prafullchandra 180 Sun Microsystems, Inc. 181 M/S PAL1-550 182 2550 Garcia Avenue 183 Mountain View, CA 94043 185 Email: hemma@eng.sun.com 186 Alternate email address: hemma@incog.com 188 CONTENTS 190 Status of this Memo.................................. 1 192 Abstract............................................. 2 194 1. Unsigned Public Keys................................. 3 196 2. Encoding of an Unsigned DH public value.............. 3 198 3. Verification of the Unsigned Public Value............ 5 200 4. Security Considerations.............................. 5 202 Acknowledgements..................................... 5 204 References........................................... 5 206 Author's Address(es)................................. 6 208 - i -