idnits 2.17.1 draft-schaad-cose-more-algs-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The abstract seems to contain references ([RFC5649], [I-D.ietf-cose-RFC8152bis-struct]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (17 November 2019) is 1622 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-15) exists of draft-ietf-cose-rfc8152bis-struct-06 == Outdated reference: A later version (-16) exists of draft-ietf-cbor-7049bis-07 Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Schaad 3 Internet-Draft August Cellars 4 Intended status: Informational 17 November 2019 5 Expires: 20 May 2020 7 CBOR Object Signing and Encryption (COSE): Additional Algorithms 8 draft-schaad-cose-more-algs-00 10 Abstract 12 The CBOR Object Signing and Encryption (COSE) syntax 13 [I-D.ietf-cose-rfc8152bis-struct] allows for adding additional 14 algorithms to the registries. This document adds one additional key 15 wrap algorithm to the registry using the AES Wrap with Padding 16 Algorithm [RFC5649]. 18 Contributing to this document 20 This note is to be removed before publishing as an RFC. 22 The source for this draft is being maintained in GitHub. Suggested 23 changes should be submitted as pull requests at https://github.com/ 24 cose-wg/X509 Editorial changes can be managed in GitHub, but any 25 substantial issues need to be discussed on the COSE mailing list. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on 20 May 2020. 44 Copyright Notice 46 Copyright (c) 2019 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. Code Components 54 extracted from this document must include Simplified BSD License text 55 as described in Section 4.e of the Trust Legal Provisions and are 56 provided without warranty as described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 61 1.1. Requirements Terminology . . . . . . . . . . . . . . . . 2 62 1.2. Open Issues . . . . . . . . . . . . . . . . . . . . . . . 2 63 2. AES Key Wrap with Padding . . . . . . . . . . . . . . . . . . 3 64 2.1. Security Considerations for AES-KW with Padding . . . . . 3 65 3. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 66 3.1. Normative References . . . . . . . . . . . . . . . . . . 4 67 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 69 1. Introduction 71 The CBOR Object Signing and Encryption (COSE) syntax 72 [I-D.ietf-cose-rfc8152bis-struct] is defined to have an object based 73 set of security primatives using CBOR [I-D.ietf-cbor-7049bis] for use 74 in constrained environments. COSE has algorithm agility so that 75 documents like this one can register algorithms which are needed. 77 In this document we add the AES Wrap with Padding algorithm to the 78 registry and describe how to use it. 80 1.1. Requirements Terminology 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 84 "OPTIONAL" in this document are to be interpreted as described in BCP 85 14 [RFC2119] [RFC8174] when, and only when, they appear in all 86 capitals, as shown here. 88 1.2. Open Issues 90 This section is to be removed before publishing as an RFC. 92 * A desire has been expressed to all for the use of AES Key Wrap 93 with Padding as a content encryption algorithm. This is not 94 compatible with the requirement that all content encryption 95 algorithms "support authentication of both the content and 96 additional data." AES Key Wrap is an AE not an AEAD algorithm. 98 2. AES Key Wrap with Padding 100 The AES Key Wrap with Padding is defined in [RFC5649]. This 101 algorithm uses an AES key to wrap a value that is a multiple of 8 102 bits. As such, it can be used to wrap not only the key sizes for the 103 content encryption algorithms, but additionally it can be used to 104 encrypt off size keys that can be used with the keyed hash functions 105 or key derivation functions. The algorithm uses a single fixed 106 parameter, the initial value. This value is fixed in section 3 of 107 [RFC5649], this is a different value from that used for the AES Key 108 Wrap algorithm of [RFC3394]. There are no public parameters that 109 very on a per-invocation bases. This algorithm does not support 110 additional data and thus the protected header field MUST be empty. 112 When using a COSE key for this algorithm, the following checks are 113 made: 115 * The 'kty' field MUST be present, and it MUST be 'Symmetric'. 117 * If the 'alg' field is present, it MUST match the AES Key Wrap 118 algorithm being used. 120 * If the 'key_ops' field is present, it MUST include 'encrypt' or 121 'wrap key' when encrypting. 123 * If the 'key_ops' field is present, it MUST include 'decrypt' or 124 'unwrap key' when decrypting. 126 +------------+-------+----------+------------------------+ 127 | Name | Value | Key Size | Description | 128 +============+=======+==========+========================+ 129 | A128KW-Pad | TBD1 | 128 | AES Key Wrap w/padding | 130 | | | | and a 128-bit key | 131 +------------+-------+----------+------------------------+ 132 | A192KW-Pad | TBD2 | 192 | AES Key Wrap w/padding | 133 | | | | and a 192-bit key | 134 +------------+-------+----------+------------------------+ 135 | A256KW-Pad | TBD3 | 256 | AES Key Wrap w/padding | 136 | | | | and a 256-bit key | 137 +------------+-------+----------+------------------------+ 139 Table 1: AES Key Wrap Algorithm Values 141 2.1. Security Considerations for AES-KW with Padding 143 The shared secret needs to have some method to be regularly updated 144 over time. The shared secret is the basis of trust. 146 3. References 148 3.1. Normative References 150 [I-D.ietf-cose-rfc8152bis-struct] 151 Schaad, J., "CBOR Object Signing and Encryption (COSE): 152 Structures and Process", Work in Progress, Internet-Draft, 153 draft-ietf-cose-rfc8152bis-struct-06, 11 September 2019, 154 . 157 [I-D.ietf-cbor-7049bis] 158 Bormann, C. and P. Hoffman, "Concise Binary Object 159 Representation (CBOR)", Work in Progress, Internet-Draft, 160 draft-ietf-cbor-7049bis-07, 25 August 2019, 161 . 163 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 164 Requirement Levels", BCP 14, RFC 2119, 165 DOI 10.17487/RFC2119, March 1997, 166 . 168 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 169 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 170 May 2017, . 172 [RFC5649] Housley, R. and M. Dworkin, "Advanced Encryption Standard 173 (AES) Key Wrap with Padding Algorithm", RFC 5649, 174 DOI 10.17487/RFC5649, September 2009, 175 . 177 [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard 178 (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, 179 September 2002, . 181 Author's Address 183 Jim Schaad 184 August Cellars 186 Email: ietf@augustcellars.com