idnits 2.17.1 draft-melnikov-sasl-digest-aes-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 185 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 12 instances of too long lines in the document, the longest one being 5 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2002) is 8099 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC 2222' is defined on line 116, but no explicit reference was found in the text == Unused Reference: 'RFC 1321' is defined on line 126, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2222 (Obsoleted by RFC 4422, RFC 4752) ** Obsolete normative reference: RFC 2831 (ref. 'DIGEST') (Obsoleted by RFC 6331) -- Possible downref: Non-RFC (?) normative reference: ref. 'AES' ** Downref: Normative reference to an Informational RFC: RFC 1321 Summary: 10 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 SASL Working Group A. Melnikov 2 Internet Draft ACI WorldWide/MessagingDirect 3 Document: draft-melnikov-sasl-digest-aes-00.txt February 2002 5 AES Ciphersuites for DIGEST-MD5 SASL mechanism 7 Status of this Memo 9 This document is an Internet Draft and is in full conformance with 10 all provisions of Section 10 of RFC 2026. 12 Internet Drafts are working documents of the Internet Engineering 13 Task Force (IETF), its Areas, and its Working Groups. Note that 14 other groups may also distribute working documents as Internet 15 Drafts. Internet Drafts are draft documents valid for a maximum of 16 six months. Internet Drafts may be updated, replaced, or obsoleted 17 by other documents at any time. It is not appropriate to use 18 Internet Drafts as reference material or to cite them other than as 19 ``work in progress''. 21 The list of current Internet-Drafts can be accessed at 22 http://www.ietf.org/ietf/1id-abstracts.txt 24 The list of Internet-Draft Shadow Directories can be accessed at 25 http://www.ietf.org/shadow.html. 27 Directories on ds.internic.net, nic.nordu.net, ftp.isi.edu, or 28 munnari.oz.au. 30 A revised version of this draft document will be submitted to the RFC 31 editor as a Proposed Standard for the Internet Community. Discussion 32 and suggestions for improvement are requested. Distribution of this 33 draft is unlimited. 35 Copyright Notice 37 Copyright (C) The Internet Society (2002). All Rights Reserved. 39 Abstract 41 This document describes the use of the AES Cipher Algorithm in Cipher 42 Block Chaining Mode, as a confidentiality algorithm for DIGEST-MD5 43 SASL mechanism. 45 Table of Contents 47 49 1 Introduction 51 At present, the symmetric ciphers supported by DIGEST-MD5 are RC4, 52 DES and triple DES. The SASL mechanism would be enhanced by the 53 addition of AES [AES] ciphersuites, for the following reasons: 55 1. RC4 is a subject to intellectual property claims. RSA Security 56 Inc has claims that the RC4 algorithm is a trade secret. 58 2. DES is not considered secure. 60 3. The AES is computationally and memory efficient and has withstood 61 extensive cryptanalytic analysis. It is easy implementable on 62 a variety of software and hardware, including smart cards 63 and handheld computers. The AES is therefore a desirable choice. 65 This document proposes a new DIGEST-MD5 ciphersuite, with the aim of 66 overcoming these problems. 68 2 Conventions and Notation 70 This document uses conventions established by [DIGEST]. 72 3 Definition of AES ciphers for Confidentiality Protection 74 This document extends the ABNF definition of cipher-value defined in 75 section 2.1.1 of [DIGEST]. 77 cipher-value |= "aes" 79 where 81 aes 82 the Advanced Encryption Standard (AES) cipher [AES] in cipher 83 block chaining (CBC) mode with a 128 bit key. This mode requires an 84 Initialization Vector (IV) that is the same size as the block size. 86 Section 2.4 of [DIGEST] defines the value of "n" that is used to construct 87 Kcc and Kcs. For cipher "aes" n is 16. The key for the "aes" cipher is all 88 16 bytes of Kcc or Kcs. 90 The IV for the "aes" cipher in CBC mode for messages going from client 91 to server (IVc) consists of 16 bytes calculated as follows: 93 IVc = MD5({Kcc, "aes-128"}) 95 The IV for the "aes" cipher in CBC mode for messages going from server 96 to client (IVs) consists of 16 bytes calculated as follows: 98 IVs = MD5({Kcs, "aes-128"}) 100 The IV is XOR'd with the first plaintext block before it is encrypted. 101 Then for successive blocks, the previous ciphertext block is XOR'd with 102 the current plaintext, before it is encrypted. 104 4 Security Considerations 106 It is not believed that the new ciphersuite is ever less secure 107 than the corresponding older ones. The AES is believed to be 108 secure, and it has withstood extensive cryptanalytic attack. 110 The use of MD5 hash in DIGEST-MD5 limits the length of AES key to 111 128 bit, because a key is the output of MD5 hash (i.e. it can't be 112 longer than 128 bit). 114 5 References 116 [RFC 2222] Myers, J., "Simple Authentication and Security Layer 117 (SASL)", RFC 2222, October 1997. 119 [DIGEST] Leach, P., Newman, C., "Using Digest Authentication as a 120 SASL Mechanism", RFC 2831, May 2000. 122 [AES] Daemen, J., Rijmen, V., "The Rijndael Block Cipher", 123 http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf, 124 3rd September 1999. 126 [RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 127 April 1992. 129 6 Acknowledgements 131 This document borrows some text from draft-ietf-ipsec-ciph-aes-cbc-03.txt 132 and draft-ietf-tls-ciphersuite-06.txt. 134 7 Authors' Addresses 136 Alexey Melnikov 137 mailto: mel@messagingdirect.com 139 ACI WorldWide/MessagingDirect 140 900 10117 - Jasper Ave. 141 Edmonton, Alberta, T5J 1W8, CANADA 143 8 Full Copyright Statement 145 Copyright (C) The Internet Society (2002). All Rights Reserved. 147 This document and translations of it may be copied and furnished to 148 others, and derivative works that comment on or otherwise explain it 149 or assist in its implementation may be prepared, copied, published 150 and distributed, in whole or in part, without restriction of any 151 kind, provided that the above copyright notice and this paragraph are 152 included on all such copies and derivative works. However, this 153 document itself may not be modified in any way, such as by removing 154 the copyright notice or references to the Internet Society or other 155 Internet organizations, except as needed for the purpose of 156 developing Internet standards in which case the procedures for 157 copyrights defined in the Internet Standards process must be 158 followed, or as required to translate it into languages other than 159 English. 161 The limited permissions granted above are perpetual and will not be 162 revoked by the Internet Society or its successors or assigns. 164 This document and the information contained herein is provided on an 165 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 166 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 167 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 168 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 169 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 171 Acknowledgement 173 Funding for the RFC Editor function is currently provided by the 174 Internet Society.