idnits 2.17.1 draft-ietf-keyprov-symmetrickeyformat-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 289. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 300. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 307. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 313. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC3852]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 18, 2007) is 5997 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 195 -- Obsolete informational reference (is this intentional?): RFC 3852 (Obsoleted by RFC 5652) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 KEYPROV Working Group Sean Turner, IECA 2 Internet Draft Russ Housley, Vigil Security 3 Intended Status: Standard Track November 18, 2007 4 Expires: May 18, 2008 6 Symmetric Key Package Content Type 7 draft-ietf-keyprov-symmetrickeyformat-01.txt 9 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html 32 This Internet-Draft will expire on May 18, 2008. 34 Copyright Notice 36 Copyright (C) The IETF Trust (2007). 38 Abstract 40 This document defines the symmetric key format content type. It is 41 transport independent. The Cryptographic Message Syntax [RFC3852] can 42 be used to digitally sign, digest, authenticate, or encrypt this 43 content type. 45 Table of Contents 47 1. Introduction...................................................2 48 1.1. Requirements Terminology..................................2 49 1.2. ASN.1 Syntax Notation.....................................2 50 2. Symmetric Key Package Content Type.............................3 51 3. Security Considerations........................................4 52 4. IANA Considerations............................................4 53 5. References.....................................................4 54 5.1. Normative References......................................4 55 5.2. Non-Normative References..................................4 56 APPENDIX A: ASN.1 Module..........................................5 58 1. Introduction 60 This document defines the symmetric key format content type. It is 61 transport independent. The Cryptographic Message Syntax [RFC3852] can 62 be used to digitally sign, digest, authenticate, or encrypt this 63 content type. 65 1.1. Requirements Terminology 67 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 68 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 69 document are to be interpreted as described in [RFC2119]. 71 1.2. ASN.1 Syntax Notation 73 The key package is defined using the ASN.1 [X.680,X.681]. 75 2. Symmetric Key Package Content Type 77 The symmetric key package content type is used to transfer one or 78 more plaintext symmetric keys from one party to another. A symmetric 79 key package MAY be encapsulated in one or more CMS protecting content 80 types. This content type must be DER encoded [X.690]. 82 The symmetric key package content type has the following syntax: 84 PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER 86 symmetric-key-package PKCS7-CONTENT-TYPE ::= 87 { SymmetricKeyPackage IDENTIFIED BY id-ct-KP-sKeyPackage } 89 id-ct-KP-sKeyPackage OBJECT IDENTIFIER ::= | 90 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 91 smime(16) ct(1) 25 } 93 SymmetricKeyPackage ::= SEQUENCE { 94 version KeyPkgVersion DEFAULT v1, 95 sKeyPkgAtts [0] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 96 sKeys SymmetricKeys } 98 SymmetricKeys ::= SEQUENCE SIZE (1..MAX) OF OneSymmetricKey 100 OneSymmetricKey ::= SEQUENCE { 101 sKeyAttrs SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 102 sKey OCTET STRING } 104 KeyPkgVersion ::= INTEGER { v1(1), ... } 106 The SymmetricKeyPackage fields are used as follows: 108 - version identifies version of the symmetric key package content 109 structure. For this version of the specification, the default 110 value, v1, MUST be used. 112 - sKeyPkgAttrs optionally provides attributes that apply to all of 113 the symmetric keys in the package. If an attribute appears here it 114 MUST NOT also be included in sKeyAttrs. 116 - sKeys contains a sequence of OneSymmetricKey values. This 117 structure is discussed below. 119 The OneSymmetricKey fields are used as follows: 121 - sKeyAttrs optionally provides attributes that apply to one 122 symmetric key. If an attribute appears here it MUST NOT also be 123 included in sKeyPkgAttrs. 125 - sKey contains the key value encoded as an OCTET STRING. 127 3. Security Considerations 129 The symmetric key package contents are not protected. This content 130 type can be combined with a security protocol to protect the contents 131 of the package. 133 4. IANA Considerations 135 None: All identifiers are already registered. Please remove this 136 section prior to publication as an RFC. 138 5. References 140 5.1. Normative References 142 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 143 Requirement Levels", BCP 14, RFC 2119, March 1997. 145 [X.680] ITU-T Recommendation X.680: Information Technology - Abstract 146 Syntax Notation One, 1997. 148 [X.681] ITU-T Recommendation X.680: Information Technology - Abstract 149 Syntax Notation One: Information Object Spcification, 1997. 151 [X.690] ITU-T Recommendation X.690 Information Technology - ASN.1 152 encoding rules: Specification of Basic Encoding Rules (BER), 153 Canonical Encoding Rules (CER) and Distinguished Encoding Rules 154 (DER), 1997. 156 5.2. Non-Normative References 158 [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", RFC3852, 159 July 2004. 161 APPENDIX A: ASN.1 Module 163 This appendix provides the normative ASN.1 definitions for the 164 structures described in this specification using ASN.1 as defined in 165 X.680 and X.681. 167 SymmetricKeyPackageModulev1 168 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 169 smime(16) modules(0) 33 } 171 DEFINITIONS IMPLICIT TAGS ::= 173 BEGIN 175 -- EXPORTS ALL 177 -- IMPORTS NOTHING 179 PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER 181 KeyPackageContentTypes PKCS7-CONTENT-TYPE ::= { 182 symmetric-key-package | 183 ... -- Expect additional content types -- 184 } 186 symmetric-key-package PKCS7-CONTENT-TYPE ::= 187 { SymmetricKeyPackage IDENTIFIED BY id-ct-KP-sKeyPackage } 189 id-ct-KP-sKeyPackage OBJECT IDENTIFIER ::= 190 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 191 smime(16) ct(1) 25 } 193 SymmetricKeyPackage ::= SEQUENCE { 194 version KeyPkgVersion DEFAULT v1, 195 sKeyPkgAttrs [0] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 196 sKeys SymmetricKeys } 198 SymmetricKeys ::= SEQUENCE SIZE (1..MAX) OF OneSymmetricKey 200 OneSymmetricKey ::= SEQUENCE { 201 sKeyAttrs SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL, 202 sKey OCTET STRING } 204 KeyPkgVersion ::= INTEGER { v1(1), ... } 205 Attribute ::= SEQUENCE { 206 type ATTRIBUTE.&id ({SupportedAttributes}), 207 values SET SIZE (1..MAX) OF ATTRIBUTE.&Type 208 ({SupportedAttributes}{@type}) } 210 SupportedAttributes ATTRIBUTE ::= { ... } 212 ATTRIBUTE ::= CLASS { 213 &derivation ATTRIBUTE OPTIONAL, 214 &Type OPTIONAL, 215 -- either &Type or &derivation required 216 &equality-match MATCHING-RULE OPTIONAL, 217 &ordering-match MATCHING-RULE OPTIONAL, 218 &substrings-match MATCHING-RULE OPTIONAL, 219 &single-valued BOOLEAN DEFAULT FALSE, 220 &collective BOOLEAN DEFAULT FALSE, 221 -- operational extensions 222 &no-user-modification BOOLEAN DEFAULT FALSE, 223 &usage AttributeUsage DEFAULT userApplications, 224 &id OBJECT IDENTIFIER UNIQUE } 225 WITH SYNTAX { 226 [ SUBTYPE OF &derivation ] 227 [ WITH SYNTAX &Type ] 228 [ EQUALITY MATCHING RULE &equality-match ] 229 [ ORDERING MATCHING RULE &ordering-match ] 230 [ SUBSTRINGS MATCHING RULE &substrings-match ] 231 [ SINGLE VALUE &single-valued ] 232 [ COLLECTIVE &collective ] 233 [ NO USER MODIFICATION &no-user-modification ] 234 [ USAGE &usage ] 235 ID &id } 237 MATCHING-RULE ::= CLASS { 238 &AssertionType OPTIONAL, 239 &id OBJECT IDENTIFIER UNIQUE } 240 WITH SYNTAX { 241 [ SYNTAX &AssertionType ] 242 ID &id } 244 AttributeType ::= ATTRIBUTE.&id 246 AttributeValue ::= ATTRIBUTE.&Type 247 AttributeUsage ::= ENUMERATED { 248 userApplications (0), 249 directoryOperation (1), 250 distributedOperation (2), 251 dSAOperation (3) } 253 END 255 Author's Address 257 Sean Turner 259 IECA, Inc. 260 3057 Nutley Street, Suite 106 261 Fairfax, VA 22031 262 USA 264 Email: turners@ieca.com 266 Russ Housley 268 Vigil Security, LLC 269 918 Spring Knoll Drive 270 Herndon, VA 20170 271 USA 273 EMail: housley@vigilsec.com 275 Full Copyright Statement 277 Copyright (C) The IETF Trust (2007). 279 This document is subject to the rights, licenses and restrictions 280 contained in BCP 78, and except as set forth therein, the authors 281 retain all their rights. 283 This document and the information contained herein are provided on an 284 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 285 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 286 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 287 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 288 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 289 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 291 Intellectual Property 293 The IETF takes no position regarding the validity or scope of any 294 Intellectual Property Rights or other rights that might be claimed to 295 pertain to the implementation or use of the technology described in 296 this document or the extent to which any license under such rights 297 might or might not be available; nor does it represent that it has 298 made any independent effort to identify any such rights. Information 299 on the procedures with respect to rights in RFC documents can be 300 found in BCP 78 and BCP 79. 302 Copies of IPR disclosures made to the IETF Secretariat and any 303 assurances of licenses to be made available, or the result of an 304 attempt made to obtain a general license or permission for the use of 305 such proprietary rights by implementers or users of this 306 specification can be obtained from the IETF on-line IPR repository at 307 http://www.ietf.org/ipr. 309 The IETF invites any interested party to bring to its attention any 310 copyrights, patents or patent applications, or other proprietary 311 rights that may cover technology that may be required to implement 312 this standard. Please address the information to the IETF at ietf- 313 ipr@ietf.org. 315 Acknowledgment 317 Funding for the RFC Editor function is provided by the IETF 318 Administrative Support Activity (IASA).