idnits 2.17.1 draft-turner-akf-algs-update-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC5959, but the abstract doesn't seem to directly say this. It does mention RFC5959 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 22, 2010) is 4864 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 5753 ** Downref: Normative reference to an Informational draft: draft-mcgrew-fundamental-ecc (ref. 'I-D.mcgrew-fundamental-ecc') Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Turner 3 Internet-Draft IECA 4 Updates: 5959 (once approved) December 22, 2010 5 Intended status: Standards Track 6 Expires: June 22, 2011 8 Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) 9 Asymmetric Key Package Content Type 10 draft-turner-akf-algs-update-02.txt 12 Abstract 14 This document describes conventions for using Elliptic Curve 15 cryptographic algorithms with SignedData and EnvelopedData to protect 16 the AsymmetricKeyPackage content type. Specifically, it includes 17 conventions necessary to implement Elliptic Curve Diffie-Hellman 18 (ECDH) with EnvelopedData and Elliptic Curve Digital Signature 19 Algorithm (ECDSA) with SignedData. This document extends RFC 5959. 21 Status of this Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on June 22, 2010. 38 Copyright Notice 40 Copyright (c) 2010 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 48 Internet-DraftEC Algorithms for CMS Asymmetric Key Pacakges 2010-12-22 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 1. Introduction 58 [RFC5959] describes conventions necessary to protect the 59 AsymmetricKeyPackage content type [RFC5958] with Cryptographic 60 Message Syntax (CMS) protecting content types: SignedData [RFC5652], 61 EnvelopedData [RFC5652], EncryptedData [RFC5652], AuthenticatedData 62 [RFC5652], and AuthEnvelopedData [RFC5083]. This document amends 63 [RFC5959] by extending the algorithms used with SignedData and 64 EnvelopedData to include Elliptic Curve Digital Signature Algorithm 65 (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH), respectively. 66 Familiarity with [RFC5959] and [RFC5753] is assumed. 68 This document does not define any new algorithms; instead, it refers 69 to previously defined algorithms. 71 1.1 Terminology 73 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 74 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 75 "OPTIONAL" in this document are to be interpreted as described in 76 [RFC2119]. 78 2. AsymmetricKeyPackage 80 As noted in Asymmetric Key Packages [RFC5958], CMS can be used to 81 protect the AsymmetricKeyPackage. The following provides guidance 82 for SignedData [RFC5652] and EnvelopedData [RFC5652] when used with 83 Elliptic Curve algorithms. 85 2.1. SignedData 87 If an implementation supports SignedData, then it MAY support ECDSA 88 [I-D.mcgrew-fundamental-ecc]. 90 2.2. EnvelopedData 92 When key agreement is used, standard (as opposed to co-factor) ECDH 93 [I-D.mcgrew-fundamental-ecc] MAY be supported. 95 Internet-DraftEC Algorithms for CMS Asymmetric Key Pacakges 2010-12-22 97 3. Public Key Sizes 99 The easiest way to implement the SignedData and EnvelopedData is with 100 public key certificates [RFC5280][RFC5480]. If an implementation 101 supports ECDSA or ECDH, then it MUST support keys on the P-256 curve. 103 4. Security Considerations 105 The security considerations from [RFC5280], [RFC5480], [RFC5652], 106 [RFC5753], [RFC5959], and [I-D.mcgrew-fundamental-ecc] apply. 108 5. IANA Considerations 110 None. Please remove this section prior to publication as an RFC. 112 6. Normative References 114 6.1. Normative References 116 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 117 Requirement Levels", BCP 14, RFC 2119, March 1997. 119 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 120 Housley, R., and W. Polk, "Internet X.509 Public Key 121 Infrastructure Certificate and Certificate Revocation List 122 (CRL) Profile", RFC 5280, May 2008. 124 [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk, 125 "Elliptic Curve Cryptography Subject Public Key 126 Information", RFC 5480, March 2009. 128 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 129 5652, September 2009. 131 [RFC5753] Turner, S., and D. Brown, "Use of Elliptic Curve 132 Cryptography (ECC) Algorithms in Cryptographic Message 133 Syntax (CMS)", RFC 5753, January 2010. 135 [RFC5958] Turners, S., "Asymmetric Key Packages", RFC 5958, August 136 2010. 138 [RFC5959] Turners, S., "Asymmetric Key Packages", RFC 5959, August 139 2010. 141 [I-D.mcgrew-fundamental-ecc] McGrew, D., Igoe, E., and M. Salter, 142 "Fundamental Elliptic Curve Cryptography Algorithms", 143 draft-mcgrew-fundamental-ecc-04.txt, work-in-progress. 145 Internet-DraftEC Algorithms for CMS Asymmetric Key Pacakges 2010-12-22 147 6.2. Informative References 149 [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) 150 Authenticated-Enveloped-Data Content Type", RFC 5083, 151 November 2007. 153 Authors' Addresses 155 Sean Turner 156 IECA, Inc. 157 3057 Nutley Street, Suite 106 158 Fairfax, VA 22031 159 USA 161 EMail: turners@ieca.com