idnits 2.17.1 draft-ietf-keyprov-symmetrickeyformat-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 278. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 289. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 296. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 302. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC3852]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: - sKeyPkgAttrs optionally provides attributes that apply to all of the symmetric keys in the package. If an attribute appears here it MUST not also be included in sKeyAttrs. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: - sKeyAttrs optionally provides attributes that apply to one symmetric key. If an attribute appears here it MUST not also be included in sKeyPkgAttrs. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 31, 2007) is 6083 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 192 -- Obsolete informational reference (is this intentional?): RFC 3852 (Obsoleted by RFC 5652) Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 KEYPROV Working Group Sean Turner, IECA 2 Internet Draft Russ Housley, Vigil Security 3 Intended Status: Standard Track August 31, 2007 4 Expires: February 28, 2008 6 Symmetric Key Package Content Type 7 draft-ietf-keyprov-symmetrickeyformat-00.txt 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html 32 This Internet-Draft will expire on February 28, 2008. 34 Copyright Notice 36 Copyright (C) The IETF Trust (2007). 38 Abstract 40 This document defines the symmetric key format content type. It is 41 transport independent. The Cryptographic Message Syntax [RFC3852] can 42 be used to digitally sign, digest, authenticate, or encrypt this 43 content type. 45 Table of Contents 47 1. Introduction...................................................2 48 1.1. Requirements Terminology..................................2 49 1.2. ASN.1 Syntax Notation.....................................2 50 2. Symmetric Key Package Content Type.............................3 51 3. Security Considerations........................................4 52 4. IANA Considerations............................................4 53 5. References.....................................................4 54 5.1. Normative References......................................4 55 5.2. Non-Normative References..................................4 56 APPENDIX A: ASN.1 Module..........................................5 58 1. Introduction 60 This document defines the symmetric key format content type. It is 61 transport independent. The Cryptographic Message Syntax [RFC3852] can 62 be used to digitally sign, digest, authenticate, or encrypt this 63 content type. 65 1.1. Requirements Terminology 67 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 68 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 69 document are to be interpreted as described in [RFC2119]. 71 1.2. ASN.1 Syntax Notation 73 The key package is defined using the ASN.1 [X.680]. 75 2. Symmetric Key Package Content Type 77 The symmetric key package content type is used to transfer one or 78 more plaintext symmetric keys from one party to another. A symmetric 79 key package MAY be encapsulated in one or more CMS protecting content 80 types. This content type must be DER encoded [X.690]. 82 The symmetric key package content type has the following syntax: 84 PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER 86 symmetric-key-package PKCS7-CONTENT-TYPE ::= 87 { SymmetricKeyPackage IDENTIFIED BY id-ct-KP-sKeyPackage } 89 id-ct-KP-sKeyPackage OBJECT IDENTIFIER ::= | 90 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 91 smime(16) ct(1) 25 } 93 SymmetricKeyPackage ::= SEQUENCE { 94 version KeyPkgVersion DEFAULT v1, 95 sKeyPkgAtts [0] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 96 sKeys SymmetricKeys } 98 SymmetricKeys ::= SEQUENCE SIZE (1..MAX) OF OneSymmetricKey 100 OneSymmetricKey ::= SEQUENCE { 101 sKeyAttrs SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 102 sKey OCTET STRING } 104 KeyPkgVersion ::= INTEGER { v1(1), ... } 106 The SymmetricKeyPackage fields are used as follows: 108 - version identifies version of the symmetric key package content 109 structure. For this version of the specification, the default 110 value, v1, MUST be used. 112 - sKeyPkgAttrs optionally provides attributes that apply to all of 113 the symmetric keys in the package. If an attribute appears here it 114 MUST not also be included in sKeyAttrs. 116 - sKeys contains a sequence of OneSymmetricKey values. This 117 structure is discussed below. 119 The OneSymmetricKey fields are used as follows: 121 - sKeyAttrs optionally provides attributes that apply to one 122 symmetric key. If an attribute appears here it MUST not also be 123 included in sKeyPkgAttrs. 125 - sKey contains the key value encoded as an OCTET STRING. 127 3. Security Considerations 129 The symmetric key package contents are not protected. This content 130 type can be combined with a security protocol to protect the contents 131 of the package. 133 4. IANA Considerations 135 None: All identifiers are already registered. Please remove this 136 section prior to publication as an RFC. 138 5. References 140 5.1. Normative References 142 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 143 Requirement Levels", BCP 14, RFC 2119, March 1997. 145 [X.680] ITU-T Recommendation X.680: Information Technology - Abstract 146 Syntax Notation One, 1997. 148 [X.690] ITU-T Recommendation X.690 Information Technology - ASN.1 149 encoding rules: Specification of Basic Encoding Rules (BER), 150 Canonical Encoding Rules (CER) and Distinguished Encoding Rules 151 (DER), 1997. 153 5.2. Non-Normative References 155 [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", RFC3852, 156 July 2004. 158 APPENDIX A: ASN.1 Module 160 This appendix provides the normative ASN.1 definitions for the 161 structures described in this specification using ASN.1 as defined in 162 X.680. 164 SymmetricKeyPackageModulev1 165 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 166 smime(16) modules(0) 33 } 168 DEFINITIONS IMPLICIT TAGS ::= 170 BEGIN 172 -- EXPORTS ALL 174 -- IMPORTS NOTHING 176 PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER 178 KeyPackageContentTypes PKCS7-CONTENT-TYPE ::= { 179 symmetric-key-package | 180 ... -- Expect additional content types -- 181 } 183 symmetric-key-package PKCS7-CONTENT-TYPE ::= 184 { SymmetricKeyPackage IDENTIFIED BY id-ct-KP-sKeyPackage } 186 id-ct-KP-sKeyPackage OBJECT IDENTIFIER ::= 187 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 188 smime(16) ct(1) 25 } 190 SymmetricKeyPackage ::= SEQUENCE { 191 version KeyPkgVersion DEFAULT v1, 192 sKeyPkgAttrs [0] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 193 sKeys SymmetricKeys } 195 SymmetricKeys ::= SEQUENCE SIZE (1..MAX) OF OneSymmetricKey 197 OneSymmetricKey ::= SEQUENCE { 198 sKeyAttrs SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 199 sKey OCTET STRING } 201 KeyPkgVersion ::= INTEGER { v1(1), ... } 202 Attribute ::= SEQUENCE { 203 type ATTRIBUTE.&id ({SupportedAttributes}), 204 values SET SIZE (1..MAX) OF ATTRIBUTE.&Type 205 ({SupportedAttributes}{@type}) } 207 SupportedAttributes ATTRIBUTE ::= { ... } 209 ATTRIBUTE ::= CLASS { 210 &derivation ATTRIBUTE OPTIONAL, 211 &Type OPTIONAL, 212 -- either &Type or &derivation required 213 &equality-match MATCHING-RULE OPTIONAL, 214 &ordering-match MATCHING-RULE OPTIONAL, 215 &substrings-match MATCHING-RULE OPTIONAL, 216 &single-valued BOOLEAN DEFAULT FALSE, 217 &collective BOOLEAN DEFAULT FALSE, 218 -- operational extensions 219 &no-user-modification BOOLEAN DEFAULT FALSE, 220 &usage AttributeUsage DEFAULT userApplications, 221 &id OBJECT IDENTIFIER UNIQUE } 222 WITH SYNTAX { 223 [ SUBTYPE OF &derivation ] 224 [ WITH SYNTAX &Type ] 225 [ EQUALITY MATCHING RULE &equality-match ] 226 [ ORDERING MATCHING RULE &ordering-match ] 227 [ SUBSTRINGS MATCHING RULE &substrings-match ] 228 [ SINGLE VALUE &single-valued ] 229 [ COLLECTIVE &collective ] 230 [ NO USER MODIFICATION &no-user-modification ] 231 [ USAGE &usage ] 232 ID &id } 234 MATCHING-RULE ::= CLASS { 235 &AssertionType OPTIONAL, 236 &id OBJECT IDENTIFIER UNIQUE } 237 WITH SYNTAX { 238 [ SYNTAX &AssertionType ] 239 ID &id } 241 AttributeType ::= ATTRIBUTE.&id 243 AttributeValue ::= ATTRIBUTE.&Type 244 AttributeUsage ::= ENUMERATED { 245 userApplications (0), 246 directoryOperation (1), 247 distributedOperation (2), 248 dSAOperation (3) } 250 END 252 Editor's Address 254 Sean Turner 255 IECA, Inc. 257 Email: turners (at) ieca (dot) com 259 Russ Housley 260 Vigil Security 262 Email: housley (at) vigilsec (dot) com 264 Full Copyright Statement 266 Copyright (C) The IETF Trust (2007). 268 This document is subject to the rights, licenses and restrictions 269 contained in BCP 78, and except as set forth therein, the authors 270 retain all their rights. 272 This document and the information contained herein are provided on an 273 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 274 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 275 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 276 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 277 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 278 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 280 Intellectual Property 282 The IETF takes no position regarding the validity or scope of any 283 Intellectual Property Rights or other rights that might be claimed to 284 pertain to the implementation or use of the technology described in 285 this document or the extent to which any license under such rights 286 might or might not be available; nor does it represent that it has 287 made any independent effort to identify any such rights. Information 288 on the procedures with respect to rights in RFC documents can be 289 found in BCP 78 and BCP 79. 291 Copies of IPR disclosures made to the IETF Secretariat and any 292 assurances of licenses to be made available, or the result of an 293 attempt made to obtain a general license or permission for the use of 294 such proprietary rights by implementers or users of this 295 specification can be obtained from the IETF on-line IPR repository at 296 http://www.ietf.org/ipr. 298 The IETF invites any interested party to bring to its attention any 299 copyrights, patents or patent applications, or other proprietary 300 rights that may cover technology that may be required to implement 301 this standard. Please address the information to the IETF at ietf- 302 ipr@ietf.org. 304 Acknowledgment 306 Funding for the RFC Editor function is provided by the IETF 307 Administrative Support Activity (IASA).