idnits 2.17.1 draft-turner-additional-smimecaps-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 3, 2009) is 5255 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-13) exists of draft-ietf-smime-cms-rsa-kem-07 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 NETWORK WG Sean Turner 2 Internet Draft IECA 3 Intended Status: Informational December 3, 2009 4 Expires: June 3, 2010 6 Additional S/MIME Capabilities 7 draft-turner-additional-smimecaps-02.txt 9 Status of this Memo 11 This Internet-Draft is submitted to IETF in full conformance with the 12 provisions of BCP 78 and BCP 79. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as Internet- 17 Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt. 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 This Internet-Draft will expire on June 3, 2008. 32 Copyright Notice 34 Copyright (c) 2009 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents in effect on the date of 39 publication of this document (http://trustee.ietf.org/license-info). 40 Please review these documents carefully, as they describe your rights 41 and restrictions with respect to this document. 43 Abstract 45 This document lists values for the S/MIME Capabilities Attribute. 46 The attribute itself is defined in RFC TBD1, but the values for each 47 are defined in separate algorithm documents and in some cases not at 48 all. The SMIME Capability values can be included in S/MIME messages 49 as a signed attribute and in public key certificates as an extension. 51 //RFC EDITOR: Replace TBD1 with the # assigned to draft-ietf-smime- 52 3851bis-10.txt. 54 1. Introduction 56 There has been and continues to be some confusion about an 57 algorithm's parameter values. RFCs that define how an algorithm is 58 used with CMS also define the algorithm's parameter values, e.g., 59 [RFC3370]. Additionally, these RFCs should define the 60 SMIMECapabilities attribute values; however, some have failed to do 61 so and some have failed to do so correctly. Now, the situation may 62 exist where implementations emit SMIMECapabilities attribute values 63 that are the same as algorithm's parameters when used in CMS instead 64 of following the SMIMECapablities requirements from [RFCTBD1]: in 65 "the event that there are no differentiating parameters for a 66 particular OID, the parameters MUST be omitted, and MUST NOT be 67 encoded as NULL." For example, ECDSA with SHA-1 from [RFCTBD3] 68 includes NULL parameters when they should have been omitted. 70 //RFC EDITOR: Replace TBD3 with the # assigned to draft-ietf-smime- 71 3278bis-07.txt. 73 This document lists values for the S/MIME Capabilities Attribute. 74 The attribute itself is defined in [RFCTBD1], but the values for each 75 are defined in separate algorithm documents and in some cases not at 76 all. Capability values can be included in S/MIME messages as an 77 attribute and in public key certificates as an extension [RFC4262]. 79 The majority of the values in this document are defined in other 80 documents, and this document references those documents before the 81 SMIME Capability. Values are encoded using the Distinguished 82 Encoding Rule (DER) [X.690] and are a sequence of algorithm object 83 identifier plus any parameters. The values provided in this document 84 are values for one algorithm parameter pair. The syntax for the 85 attribute is as follows and is included for convenience: 87 SMIMECapabilities ::= SEQUENCE OF SMIMECapability 88 SMIMECapability ::= SEQUENCE { 89 capabilityID OBJECT IDENTIFIER, 90 parameters ANY DEFINED BY capabilityID OPTIONAL } 92 As specified in [RFCTBD1]: "the object identifiers (OIDs) are listed 93 in order of their preference, but SHOULD be separated logically along 94 the lines of their categories (signature algorithms, symmetric 95 algorithms, key encipherment algorithms, etc.)" As the "structure of 96 the SMIMECapabilities attribute is [designed] to facilitate simple 97 table lookups and binary comparisons in order to determine matches", 98 the values are given in encoded format. 100 The DER [X.690] values for the capabilities are preceded by the 101 algorithm's name and if they were previously defined a reference for 102 the document in which they are defined. 104 1.1. Requirements Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 2. Message Digest Algorithms 112 [RFC3370] and [RFCTBD2] define the following message digest 113 algorithms for use with CMS: 115 MD5: 300a 0608 2a86 4886 f70d 0205 117 NOTE: Though [RFC3370] allows NULL parameters for SHA-1, SHA-224, 118 SHA-256, SHA-384, SHA-512, parameters MUST NOT be included as per 119 [RFCTBD1] because there is no differentiating parameters for SHA-1 120 (e.g., output length). 122 SHA-1: 3007 0605 290e 0302 1a 124 [RFCTBD2] SHA-224: 300b 0609 6086 4801 6503 0402 04 126 [RFCTBD2] SHA-256: 300b 0609 6086 4801 6503 0402 01 128 [RFCTBD2] SHA-384: 300b 0609 6086 4801 6503 0402 02 130 [RFCTBD2] SHA-512: 300b 0609 6086 4801 6503 0402 03 132 3. Digital Signature Algorithms 134 [RFC3370], [RFC4056], [RFCTBD2], and [RFCTBD3] define the following 135 digital signature algorithms for use with CMS: 137 RSA Encryption: 3009 0608 2a86 4886 f70d 0101 01 139 RSA With MD5: 3009 0608 2a86 4886 f70d 0101 04 141 RSA With SHA-1: 3009 0608 2a86 4886 f70d 0101 05 143 RSA With SHA-224: 3009 0608 2a86 4886 f70d 0101 0e 145 RSA With SHA-256: 3009 0608 2a86 4886 f70d 0101 0b 147 RSA With SHA-384: 3009 0608 2a86 4886 f70d 0101 0c 149 RSA With SHA-512: 3009 0608 2a86 4886 f70d 0101 0d 151 RSASSA-PSS: Add values here. 153 DSA With SHA-1: 3009 0607 2a86 48ce 3804 03 155 [RFCTBD2] DSA With SHA-224: 300b 0609 6086 4801 6503 0403 01 157 [RFCTBD2] DSA With SHA-256: 300b 0609 6086 4801 6503 0403 02 159 NOTE: [RFCTBD3] shows the ECDSA with SHA-1 with NULL parameter 160 values, but the NULL parameters should not have been included 161 according to [RFCTBD1]. The NULL is retained for backwards 162 compatibility. 164 [RFCTBD3] ECDSA With SHA-1: 300b 0607 2a86 48ce 3d04 01 05 00 166 [RFCTBD3] ECDSA With SHA-224: 300a 0608 2a86 48ce 3d04 0301 168 [RFCTBD3] ECDSA With SHA-256: 300a 0608 2a86 48ce 3d04 0302 170 [RFCTBD3] ECDSA With SHA-384: 300a 0608 2a86 48ce 3d04 0303 172 [RFCTBD3] ECDSA With SHA-512: 300a 0608 2a86 48ce 3d04 0304 174 4. Key Transport Algorithms 176 [RFC3370], [RFC3560], [RFCTBD4] define the following key transport 177 algorithms for use with CMS: 179 RSA Encryption: 300d 0608 2a86 4886 f70d 0101 01 181 [RFC3560] RSAES-OAEP Default: 300D 0609 2a86 4886 f70d 0101 0730 00 183 NOTE: [RFC3560] shows the RSAES-OAEP with SHA-224, SHA-256, 384, and 184 512 with NULL parameter values for the SHA algorithms, but the NULL 185 parameters should not have been included according to [RFCTBD1]. 187 [RFC3560] RSAES-OAEP SHA-224: 3038 0609 2a86 4886 f70d 0101 0730 2b30 188 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d 189 0101 0830 0d06 0960 8648 0165 0304 0204 0500 191 [RFC3560] RSAES-OAEP SHA-256: 3038 0609 2a86 4886 f70d 0101 0730 2b30 192 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d 193 0101 0830 0d06 0960 8648 0165 0304 0201 0500 195 [RFC3560] RSAES-OAEP SHA-384: 3038 0609 2a86 4886 f70d 0101 0730 2b30 196 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d 197 0101 0830 0d06 0960 8648 0165 0304 0202 0500 199 [RFC3560] RSAES-OAEP SHA-512: 3038 0609 2a86 4886 f70d 0101 0730 2b30 200 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d 201 0101 0830 0d06 0960 8648 0165 0304 0203 0500 203 [RFCTBD4] RSA-KEM: 205 5. Key Agreement Algorithms 207 [RFC2876], [RFC3370], and [RFCTBD3] define the following key 208 agreement algorithms for use with CMS: 210 NOTE: The parameters for key agreement algorithms are the key wrap 211 algorithm (see Section 6). 213 [RFC2876] KEA: 3018 0609 6086 4801 6502 0101 1830 0b06 0960 8648 214 0165 0201 0117 216 KA=DH S-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0a30 217 0d06 0d2a 8648 86f7 0d01 0910 0306 219 KA=DH S-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 220 0a30 1106 0d2a 8648 86f7 0d01 0910 0306 0202 00a0 222 KA=DH S-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 223 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 78 224 KA=DH S-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 225 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 3a 227 KA=DH E-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0530 228 0d06 0d2a 8648 86f7 0d01 0910 0306 230 KA=DH E-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 231 0530 1106 0d2a 8648 86f7 0d01 0910 030a 0202 00a0 233 KA=DH E-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 234 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 78 236 KA=DH E-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 237 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 3a 239 NOTE: [RFCTBD3] shows the ECDH with SHA-1|3 DES wrap capabilities 240 with NULL parameter values, but the NULL parameters should not have 241 been included according to [RFCTBD1]. The NULL is retained for 242 backwards compatibility. 244 [RFCTBD3] KA=ECDH standard KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 245 0510 8648 3f00 0230 0f06 0b2a 8648 86f7 0d01 0910 0306 246 0500 248 [RFCTBD3] KA=ECDH standard KDF=SHA-224 Wrap=Triple-DES: 3017 0606 249 2b81 0401 0b00 300e 060b 2a86 4886 f70d 0109 1003 06 251 [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=Triple-DES: 3017 0606 252 2b81 0401 0b01 300e 060b 2a86 4886 f70d 0109 1003 06 254 [RFCTBD3] KA=ECDH standard KDF=SHA-384 Wrap=Triple-DES: 3017 0606 255 2b81 0401 0b02 300e 060b 2a86 4886 f70d 0109 1003 06 257 [RFCTBD3] KA=ECDH standard KDF=SHA-512 Wrap=Triple-DES: 3017 0606 258 2b81 0401 0b03 300e 060b 2a86 4886 f70d 0109 1003 06 260 [RFCTBD3] KA=ECDH standard KDF=SHA-1 Wrap=AES-128: 3018 0609 2b81 261 0510 8648 3f00 0230 0b06 0960 8648 0165 0304 0105 263 [RFCTBD3] KA=ECDH standard KDF=SHA-224 Wrap=AES-128: 3015 0606 2b81 264 0401 0b00 300b 0609 6086 4801 6503 0401 05 266 [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=AES-128: 3015 0606 2b81 267 0401 0b01 300b 0609 6086 4801 6503 0401 05 269 [RFCTBD3] KA=ECDH standard KDF=SHA-384 Wrap=AES-128: 3015 0606 2b81 270 0401 0b02 300b 0609 6086 4801 6503 0401 05 272 [RFCTBD3] KA=ECDH standard KDF=SHA-512 Wrap=AES-128: 3015 0606 2b81 273 0401 0b03 300b 0609 6086 4801 6503 0401 05 275 [RFCTBD3] KA=ECDH standard KDF=SHA-1 Wrap=AES-192: 3018 0609 2b81 276 0510 8648 3f00 0230 0b06 0960 8648 0165 0304 0119 278 [RFCTBD3] KA=ECDH standard KDF=SHA-224 Wrap=AES-192: 3015 0606 2b81 279 0401 0b00 300b 0609 6086 4801 6503 0401 19 281 [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=AES-192: 3015 0606 2b81 282 0401 0b01 300b 0609 6086 4801 6503 0401 19 284 [RFCTBD3] KA=ECDH standard KDF=SHA-384 Wrap=AES-192: 3015 0606 2b81 285 0401 0b02 300b 0609 6086 4801 6503 0401 19 287 [RFCTBD3] KA=ECDH standard KDF=SHA-512 Wrap=AES-192: 3015 0606 2b81 288 0401 0b03 300b 0609 6086 4801 6503 0401 19 290 [RFCTBD3] KA=ECDH standard KDF=SHA-1 Wrap=AES-256: 3018 0609 2b81 291 0510 8648 3f00 0230 0b06 0960 8648 0165 0304 012d 293 [RFCTBD3] KA=ECDH standard KDF=SHA-224 Wrap=AES-256: 3015 0606 2b81 294 0401 0B00 300b 0609 6086 4801 6503 0401 2d 296 [RFCTBD3] KA=ECDH standard KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 297 0401 0b01 300b 0609 6086 4801 6503 0401 2d 299 [RFCTBD3] KA=ECDH standard KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 300 0401 0b02 300b 0609 6086 4801 6503 0401 2d 302 [RFCTBD3] KA=ECDH standard KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 303 0401 0B03 300b 0609 6086 4801 6503 0401 2d 305 NOTE: [RFCTBD3] shows the ECMQV with SHA-1 and 3 DES wrap 306 capabilities with NULL parameter values, but the NULL parameters 307 should not have been included according to [RFCTBD1]. The NULL is 308 retained for backwards compatibility. 310 [RFCTBD3] KA=ECDH cofactor KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 311 0510 8648 3f00 0330 0f06 0b2a 8648 86f7 0d01 0910 0306 312 0500 314 [RFCTBD3] KA=ECDH cofactor KDF=SHA-224 Wrap=Triple-DES: 3017 0606 315 2b81 0401 0e00 300d 060b 2a86 4886 f70d 0109 1003 06 317 [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=Triple-DES: 3017 0606 318 2b81 0401 0e01 300d 060b 2a86 4886 f70d 0109 1003 06 320 [RFCTBD3] KA=ECDH cofactor KDF=SHA-384 Wrap=Triple-DES: 3017 0606 321 2b81 0401 0e02 300d 060b 2a86 4886 f70d 0109 1003 06 323 [RFCTBD3] KA=ECDH cofactor KDF=SHA-512 Wrap=Triple-DES: 3017 0606 324 2b81 0401 0e03 300d 060b 2a86 4886 f70d 0109 1003 06 326 [RFCTBD3] KA=ECDH cofactor KDF=SHA-1 Wrap=AES-128: 3018 0609 2b81 327 0510 8648 3f00 0330 0b06 0960 8648 0165 0304 0105 329 [RFCTBD3] KA=ECDH cofactor KDF=SHA-224 Wrap=AES-128: 3015 0606 2b81 330 0401 0e00 300b 0609 6086 4801 6503 0401 05 332 [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-128: 3015 0606 2b81 333 0401 0e01 300b 0609 6086 4801 6503 0401 05 335 [RFCTBD3] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-128: 3015 0606 2b81 336 0401 0e02 300b 0609 6086 4801 6503 0401 05 338 [RFCTBD3] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-128: 3017 0606 2b81 339 0401 0e03 300b 0609 6086 4801 6503 0401 05 341 [RFCTBD3] KA=ECDH cofactor KDF=SHA-1 Wrap=AES-192: 30 18 06 09 2b 81 342 0510 8648 3f00 0330 0b06 0960 8648 0165 0304 0119 344 [RFCTBD3] KA=ECDH cofactor KDF=SHA-224 Wrap=AES-192: 3015 0606 2b81 345 0401 0e00 300b 0609 6086 4801 6503 0401 19 347 [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-192: 3015 0606 2b81 348 0401 0e01 300b 0609 6086 4801 6503 0401 19 350 [RFCTBD3] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-192: 3015 0606 2b81 351 0401 0e02 300b 0609 6086 4801 6503 0401 19 353 [RFCTBD3] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-192: 3015 0606 2b81 354 0401 0e03 300b 0609 6086 4801 6503 0401 19 356 [RFCTBD3] KA=ECDH cofactor KDF=SHA-1 Wrap=AES-256: 3015 0609 2b81 357 0510 8648 3f00 0330 0b06 0960 8648 0165 0304 012d 359 [RFCTBD3] KA=ECDH cofactor KDF=SHA-224 Wrap=AES-256: 3015 0606 2b81 360 0401 0e00 300b 0609 6086 4801 6503 0401 2d 362 [RFCTBD3] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 363 0401 0e01 300b 0609 6086 4801 6503 0401 2d 365 [RFCTBD3] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 366 0401 0e02 300b 0609 6086 4801 6503 0401 2d 368 [RFCTBD3] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 369 0401 0e03 300b 0609 6086 4801 6503 0401 2d 371 NOTE: [RFCTBD3] shows the ECMQV with SHA-1 and 3 DES wrap 372 capabilities with NULL parameter values, but the NULL parameters 373 should not have been included according to [RFCTBD1]. The NULL is 374 retained for backwards compatibility. 376 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 377 0510 8648 3f00 1030 0f06 0b2a 8648 86f7 0d01 0910 0306 378 0500 380 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=Triple-DES: 3017 0606 381 2b81 0401 0f00 300d 060b 2a86 4886 f70d 0109 1003 06 383 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=Triple-DES: 3017 0606 384 2b81 0401 0f01 300d 060b 2a86 4886 f70d 0109 1003 06 386 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=Triple-DES: 3017 0606 387 2b81 0401 0f02 300d 060b 2a86 4886 f70d 0109 1003 06 389 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=Triple-DES: 3017 0606 390 2b81 0401 0f03 300d 060b 2a86 4886 f70d 0109 1003 06 392 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-128: 3018 0609 2b81 393 0510 8648 3f00 1030 0b06 0960 8648 0165 0304 0105 395 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-128: 3015 0606 2b81 396 0401 0f00 300b 0609 6086 4801 6503 0401 05 398 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=AES-128: 3015 0606 2b81 399 0401 0f01 300b 0609 6086 4801 6503 0401 05 401 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-128: 3015 0606 2b81 402 0401 0f02 300b 0609 6086 4801 6503 0401 05 404 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-128: 3015 0606 2b81 405 0401 0f03 300b 0609 6086 4801 6503 0401 05 407 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-192: 3018 0609 2b81 408 0510 8648 3f00 1030 0b06 0960 8648 0165 0304 0119 410 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-192: 3015 0606 2b81 411 0401 0f00 300b 0609 6086 4801 6503 0401 19 413 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=AES-192: 3015 0606 2b81 414 0401 0f01 300b 0609 6086 4801 6503 0401 19 416 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-192: 3015 0606 2b81 417 0401 0f02 300b 0609 6086 4801 6503 0401 19 419 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-192: 3015 0606 2b81 420 0401 0f03 300b 0609 6086 4801 6503 0401 19 422 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-256: 3018 0609 2b81 423 0510 8648 3f00 1030 0b06 0960 8648 0165 0304 012d 425 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-256: 3015 0606 2b81 426 0401 0f00 300b 0609 6086 4801 6503 0401 2d 428 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 429 0401 0f01 300b 0609 6086 4801 6503 0401 2d 431 [RFCTBD3] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 432 0401 0f02 300b 0609 6086 4801 6503 0401 2d 434 [RFCTBD3] ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 0401 435 0f03 300b 0609 6086 4801 6503 0401 2d 437 6. Key Wrap Algorithms 439 [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC4010], 440 [RFC5649] define the following key agreement algorithms for use with 441 CMS: 443 NOTE: In most instances, the key wrap algorithm is included in the 444 capabilities set as part of the key agreement algorithm. 446 [RFC2876] FORTEZZA Wrap 80: 300b 0609 6086 4801 6502 0101 17 448 [RFC3058] IDEA: 300D 060B 2B06 0104 0181 3C07 0101 02 450 3-DES Wrap: 300e 060b 2a86 4886 f70d 0109 1003 06 452 RC2 40-bit: 3011 060d 2a86 4886 f70d 0109 1003 0602 0200 a0 454 RC2 64-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 0178 456 RC2 128-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 013a 458 AES-128 Key Wrap: 300b 0609 6086 4801 6503 0401 05 460 AES-196 Key Wrap: 300b 0609 6086 4801 6503 0401 19 462 AES-256 Key Wrap: 300b 0609 6086 4801 6503 0401 2d 463 AES-128 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 08 465 AES-196 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 1c 467 AES-256 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 30 469 Camellia 128-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 02 471 Camellia 196-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 473 Camellia 256-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 475 SEED Wrap: 300c 060a 2a83 1a8c 9a44 0701 0101 477 7. Content Encryption Algorithms 479 [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC5084], and 480 [RFC5649] define the following content encryption algorithms for use 481 with CMS: 483 RC2-CBC 40-bit: 300d 0608 2a86 4886 f70d 0302 0201 28 485 RC2-CBC 64-bit: 300d 0608 2a86 4886 f70d 0302 0201 40 487 RC2-CBC 128-bit: 300e 0608 2a86 4886 f70d 0302 0202 0080 489 3-DES-CBC: 300a 0608 2a86 4886 f70d 0307 491 NOTE: [RFC2876] incorrectly included 00 at the end of the 492 SMIMECapability. 494 [RFC2876] SKIPJACK: 300b 0609 6086 4801 6502 0101 04 496 [RFC3058] IDEA-CBC: 300d 060b 2b06 0104 0181 3c07 0101 02 498 [RFC3565] AES-CBC-128: 300b 0609 6086 4801 6503 0401 02 500 [RFC3565] AES-CBC-196: 300b 0609 6086 4801 6503 0401 16 502 [RFC3565] AES-CBC-256: 300b 0609 6086 4801 6503 0401 2a 504 AES-CCM-128: 300b 0609 6086 4801 6503 0401 07 506 AES-CCM-196: 300b 0609 6086 4801 6503 0401 1b 508 AES-CCM-256: 300b 0609 6086 4801 6503 0401 2f 509 AES-GCM-128: 300b 0609 6086 4801 6503 0401 06 511 AES-GCM-196: 300b 0609 6086 4801 6503 0401 1a 513 AES-GCM-256: 300b 0609 6086 4801 6503 0401 2e 515 AES-128 Key Wrap: 300b 0609 6086 4801 6503 0401 05 517 AES-196 Key Wrap: 300b 0609 6086 4801 6503 0401 19 519 AES-256 Key Wrap: 300b 0609 6086 4801 6503 0401 2d 521 AES-128 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 08 523 AES-196 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 1c 525 AES-256 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 30 527 NOTE: Camellia defines their capability parameters as NULL. 529 [RFC3657] Camellia 128-CBC: 300f 060b 2a83 088c 9a4b 3d01 0101 0205 530 00 532 [RFC3657] Camellia 196-CBC: 300f 060b 2a83 088c 9a4b 3d01 0101 0305 533 00 535 [RFC3657] Camellia 256-CBC: 300f 060b 2a83 088c 9a4b 3d01 0101 0405 536 00 538 NOTE: SEED defines their capability parameters as NULL. 540 [RFC4010] SEED CBC: 300C 0608 2a83 1a8c 9a44 0104 0500 542 8. Message Authentication Code Algorithms 544 [RFC3370], [RFC4231], and [RFC4490] define the following message 545 authentication code algorithms for use with CMS: 547 HMAC SHA-1: 3009 0608 2b0601 0505 0801 02 549 HMAC SHA-224: 300a 0608 2a86 4886 f70d 0208 551 HMAC SHA-256: 300a 0608 2a86 4886 f70d 0209 553 HMAC SHA-384: 300a 0608 2a86 4886 f70d 020a 555 HMAC SHA-512: 300a 0608 2a86 4886 f70d 020b 557 [RFC4490] HMAC GOST: 3008 0606 2A85 0302 0209 559 9. Compression Algorithms 561 [RFC3274] define the following compression algorithms for use with 562 CMS: 564 [RFC3274] ZLIB: 300D 060B 2A86 4886 F70D 0109 1003 08 566 10. Security Considerations 568 This document does not advocate the use of any particular algorithm. 569 The strength of the algorithms and applicability to their use in a 570 particular environment is defined in the algorithms specifications. 572 11. IANA Considerations 574 There are no IANA considerations. 576 12. References 578 12.1. Normative References 580 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 581 Requirement Levels", BCP 14, RFC 2119, March 1997. 583 [RFCTBD1] Turners, S., and B. Ramsdell, "Secure/Multipurpose 584 Internet Mail Extensions (S/MIME) Version 3.2 Message 585 Specification", draft-ietf-smime-3851bis-11.txt, work- 586 in-progress. 588 //RFC EDITOR: Replace TBD1 with the # assigned to draft-ietf-smime- 589 3851bis-11.txt. 591 [X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825- 592 1:2002, Information technology - ASN.1 encoding rules: 593 Specification of Basic Encoding Rules (BER), Canonical 594 Encoding Rules (CER) and Distinguished Encoding Rules 595 (DER). 597 12.2. Informative References 599 [RFC2876] Pawling, J., "Use of the KEA and SKIPJACK Algorithms 600 in CMS", RFC 2876, July 2000. 602 [RFC3058] Teiwes, S., Hartmann, P., Kuenzi, D., "Use of the IDEA 603 Encryption Algorithm in CMS", RFC 3058, February 2001. 605 [RFC3274] Gutmann, P., "CompressedData Content Type for 606 Cryptographic Message Syntax", RFC3274, June 2002. 608 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 609 Algorithms", RFC 3370, August 2002. 611 [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport 612 Algorithm in the Cryptographic Message Syntax (CMS)", 613 RFC 3560, July 2003. 615 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard 616 (AES) Encryption Algorithm in Cryptographic Message 617 Syntax (CMS)", RFC 3565, July 2003. 619 [RFC3657] Moriai, S, Kato, A., "Use of the Camellia Encryption 620 Algorithm", RFC 3657, January 2004. 622 [RFC4010] Park, J. Lee, S., Kim, J., and J. Lee, "Use of the 623 SEED Encryption Algorithm in Cryptographic Message 624 Syntax (CMS)", RFC 4010, February 2005. 626 [RFC4056] Schaad, J., " Use of the RSASSA-PSS Signature 627 Algorithm in Cryptographic Message Syntax", RFC 4056, 628 June 2005. 630 [RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC- 631 SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA- 632 512", RFC 4231, December 2005 634 [RFC4262] Santesson, S., "X.509 Certificate Extension for 635 Secure/Multipurpose Internet Mail Extensions (S/MIME) 636 Capabilities," RFC 4262, December 2005. 638 [RFC4490] Leontiev, S., and G. Chudov, Ed. "Using the GOST R 639 34.10-94, and GOST R 34.10-2001 Algorithms with 640 Cryptographic Message Syntax (CMS)", RFC 4490, May 641 2006. 643 [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated 644 Encryption in the Cryptographic Message Syntax (CMS)", 645 RFC 5084, November 2007. 647 [RFCTBD2] Turners, S., "Using SHA2 Algorithms with Cryptographic 648 Message Syntax", draft-ietf-smime-sha2-11.txt, work- 649 in-progress. 651 //RFC EDITOR: Replace TBD2 with the # assigned to draft-ietf-smime- 652 sha2-11.txt. 654 [RFCTBD3] Turners, S., and D. Brown, "Use of Elliptic Curve 655 Cryptography (ECC) Algorithms in Cryptographic Message 656 Syntax (CMS)", draft-ietf-smime-3278bis-09.txt, work- 657 in-progress. 659 //RFC EDITOR: Replace TBD3 with the # assigned to draft-ietf-smime- 660 3278bis-09.txt. 662 [RFCTBD4] Randall, J., and B.Kaliski, "Use of the RSA-KEM Key 663 Transport Algorithm in CMS", draft-ietf-smime-cms-rsa- 664 kem-07.txt, work-in-progress. 666 //RFC EDITOR: Replace TBD4 with the # assigned to draft-ietf-smime- 667 cms-rsa-kem-07.txt. 669 [RFC5649] Housley, R., and M. Dworkin, "Advanced Encryption 670 Standard (AES) Key Wrap with Padding Algorithm", RFC 671 5649, August 2009. 673 Appendix A Revision History 675 [[ This entire section is to be removed upon publication. ]] 677 A.1 Changes between draft-turner-additional-smimecaps-00 and -01 679 Removed NULL parameters from RSA algorithms in Section 3. 681 Corrected length in ECDH cofactor KDF=SHA-224, SHA-256, and SHA-512 682 Wrap Triple-DES in Section 5. 684 Added RC2-CBC 64-bit in Section 7. 686 A.2 Changes between draft-turner-additional-smimecaps-01 and -02 688 Provided a specific example of which algorithms included NULL as 689 parameters when it shouldn't have. 691 Added an introduction paragraph to state which RFCs are being 692 updated. 694 Removed and reworded many of the notes. 696 Added RSA-KEM and RSASSA-PSS capabilities. 698 Removed NULL from SKIPJACK capability. 700 Authors' Addresses 702 Sean Turner 704 IECA, Inc. 705 3057 Nutley Street, Suite 106 706 Fairfax, VA 22031 707 USA 709 Email: turners@ieca.com