idnits 2.17.1 

draft-turner-cms-symmetrickeypackage-algs-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (September 23, 2010) is 4963 days in the past.  Is
     this intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 5649

  ** Downref: Normative reference to an Informational RFC: RFC 5753

  == Outdated reference: A later version (-04) exists of
     draft-mcgrew-fundamental-ecc-03

  ** Downref: Normative reference to an Informational draft:
     draft-mcgrew-fundamental-ecc (ref. 'I-D.mcgrew-fundamental-ecc')


     Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	Network Working Group                                       Sean Turner
2	Internet Draft                                                     IECA
3	Intended Status: Standard Track                      September 23, 2010
4	Expires: March 23, 2010

6	             Algorithms for Cryptographic Message Syntax (CMS)
7	             Protection of Symmetric Key Package Content Types
8	             draft-turner-cms-symmetrickeypackage-algs-00.txt

10	Abstract

12	   This document describes the conventions for using several
13	   cryptographic algorithms with the Cryptographic Message Syntax (CMS)
14	   to protect the symmetric key package content type.  Specifically, it
15	   includes conventions necessary to implement SignedData,
16	   EnvelopedData, EncryptedData, and AuthEnvelopedData.

18	Status of this Memo

20	   This Internet-Draft is submitted to IETF in full conformance with the
21	   provisions of BCP 78 and BCP 79.

23	   Internet-Drafts are working documents of the Internet Engineering
24	   Task Force (IETF), its areas, and its working groups.  Note that
25	   other groups may also distribute working documents as Internet-
26	   Drafts.

28	   Internet-Drafts are draft documents valid for a maximum of six months
29	   and may be updated, replaced, or obsoleted by other documents at any
30	   time.  It is inappropriate to use Internet-Drafts as reference
31	   material or to cite them other than as "work in progress."

33	   The list of current Internet-Drafts can be accessed at
34	   http://www.ietf.org/ietf/1id-abstracts.txt

36	   The list of Internet-Draft Shadow Directories can be accessed at
37	   http://www.ietf.org/shadow.html

39	   This Internet-Draft will expire on March 23, 2011.

41	Copyright Notice

43	   Copyright (c) 2010 IETF Trust and the persons identified as the
44	   document authors. All rights reserved.

46	   This document is subject to BCP 78 and the IETF Trust's Legal
47	   Provisions Relating to IETF Documents
48	   (http://trustee.ietf.org/license-info) in effect on the date of
49	   publication of this document. Please review these documents
50	   carefully, as they describe your rights and restrictions with respect
51	   to this document. Code Components extracted from this document must
52	   include Simplified BSD License text as described in Section 4.e of
53	   the Trust Legal Provisions and are provided without warranty as
54	   described in the Simplified BSD License.

56	1. Introduction

58	   This document describes the conventions for using several
59	   cryptographic algorithms with the Cryptographic Message Syntax (CMS)
60	   [RFC5652] to protect the symmetric key package content type defined
61	   in [I-D.keyprov-symmetrickeyformat].  Specifically, it includes
62	   conventions necessary to implement the following CMS content types:
63	   SignedData [RFC5652], EnvelopedData [RFC5652], EncryptedData
64	   [RFC5652], and AuthEnvelopedData [RFC5083].  Familiarity with
65	   [RFC5083], [RFC5652], [RFC5753], and [I-D.keyprov-symmetrickeyformat]
66	   is assumed.

68	   This document does not define any new algorithms; instead it refers
69	   to previously defined algorithms.

71	1.1. Terminology

73	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
74	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
75	   document are to be interpreted as described in [RFC2119].

77	2. SignedData

79	   If an implementation supports SignedData, then it MUST support the
80	   signature scheme RSA [RFC3370] and SHOULD support the signature
81	   schemes RSASSA-PSS [RFC4056] and DSA [RFC3370].  Additionally,
82	   implementations MUST support in concert with these signature schemes
83	   the hash function SHA-256 [RFC5754] and they SHOULD support the hash
84	   function SHA-1 [RFC3370].  If an implementation supports SignedData,
85	   then it MAY support ECDSA [I-D.mcgrew-fundamental-ecc][RFC5753].

87	3. EnvelopedData

89	   If an implementation supports EnvelopedData, then it MUST implement
90	   key transport and it MAY implement key agreement.

92	   When key transport is used, RSA encryption [RFC3370] MUST be
93	   supported and RSAES-OAEP [RFC3560] SHOULD be supported.

95	   When key agreement is used, Diffie-Hellman ephemeral-static [RFC3370]
96	   MUST be supported.  When key agreement is used, ECDH
97	   [I-D.mcgrew-fundamental-ecc][RFC5753] MAY be supported.

99	   Regardless of the key management technique choice, implementations
100	   MUST support AES-128 Key Wrap with Padding [RFC5649] as the content
101	   encryption algorithm.  Implementations SHOULD support AES-256 Key
102	   Wrap with Padding [RFC5649] as the content encryption algorithm.

104	   When key agreement is used, a key wrap algorithm is also specified to
105	   wrap the content encryption key.  If the content encryption algorithm
106	   is AES-128 Key Wrap with Padding, then the key wrap algorithm MUST be
107	   AES-128 Key Wrap with Padding [RFC5649].  If the content encryption
108	   algorithm is AES-256 Key Wrap with Padding, then the key wrap
109	   algorithm MUST be AES-256 Key Wrap with Padding [RFC5649].

111	4. EncryptedData

113	   If an implementation supports EncryptedData, then it MUST implement
114	   AES-128 Key Wrap with Padding [RFC5649] and SHOULD implement AES-256
115	   Key Wrap with Padding [RFC5649].

117	   NOTE: EncryptedData requires that keys be managed by other means;
118	   therefore, the only algorithm specified is the content encryption
119	   algorithm.

121	5. AuthEnvelopedData

123	   If an implementation supports AuthEnvelopedData, then it MUST
124	   implement the EnvelopedData recommendations except for the content
125	   encryption algorithm, which in this case MUST be AES-GCM [RFC5084];
126	   the 128-bit version MUST be implemented and the 256-bit version
127	   SHOULD be implemented.  Implementations MAY also support for AES-CCM
128	   [RFC5084].

130	6. Public Key Sizes

132	   The easiest way to implement SignedData, EnvelopedData, and
133	   AuthEnvelopedData is with public key certificates [RFC5280]. If an
134	   implementation supports RSA, RSASSA-PSS, DSA, RSAES-OAEP, or DH, then
135	   it MUST support key lengths from 1024-bit to 2048-bit, inclusive.  If
136	   an implementation supports ECDSA or ECDH, then it MUST support keys
137	   on P-256.

139	7. Security Considerations

141	   The security considerations from [RFC3370], [RFC3560], [RFC4056],
142	   [RFC5083], [RFC5084], [RFC5649], [RFC5652], [RFC5753], [RFC5754], and
143	   [I-D.keyprov-symmetrickeyformat] apply.

145	   The choice of content encryption algorithms for this document was
146	   based on [RFC5649]: "In the design of some high assurance
147	   cryptographic modules, it is desirable to segregate cryptographic
148	   keying material from other data. The use of a specific cryptographic
149	   mechanism solely for the protection of cryptographic keying material
150	   can assist in this goal." Unfortunately, there is no AES-GCM or AES-
151	   CCM mode that provides the same properties.  If an AES-GCM and AES-
152	   CCM mode that provides the same properties is defined, then this
153	   document will be updated to adopt that algorithm.

155	   [SP800-57] provides comparable bits of security for some algorithms
156	   and key sizes. [SP800-57] also provides time frames during which
157	   certain numbers of bits of security are appropriate and some
158	   environments may find these time frames useful.

160	8. IANA Considerations

162	   None.  Please remove this section prior to publication as an RFC.

164	9. References

166	9.1. Normative References

168	   [RFC2119]   Bradner, S., "Key words for use in RFCs to Indicate
169	               Requirement Levels", BCP 14, RFC 2119, March 1997.

171	   [RFC3370]   Housley, R., "Cryptographic Message Syntax (CMS)
172	               Algorithms", RFC 3370, August 2002.

174	   [RFC3560]   Housley, R., "Use of the RSAES-OAEP Key Transport
175	               Algorithm in the Cryptographic Message Syntax (CMS)", RFC
176	               3560, July 2003.

178	   [RFC4056]   Schaad, J., "Use of RSASSA-PSS Signature Algorithm in
179	               Cryptographic Message Syntax (CMS)", RFC 4056, June 2005.

181	   [RFC5083]   Housley, R., "Cryptographic Message Syntax (CMS)
182	               Authenticated-Enveloped-Data Content Type", RFC 5083,
183	               November 2007.

185	   [RFC5084]   Housley, R., "Using AES-CCM and AES-GCM Authenticated
186	               Encryption in the Cryptographic Message Syntax (CMS)",
187	               RFC 5084, November 2007.

189	   [RFC5280]   Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
190	               Housley, R., and W. Polk, "Internet X.509 Public Key
191	               Infrastructure Certificate and Certificate Revocation
192	               List (CRL) Profile", RFC 5280, May 2008.

194	   [RFC5649]   Housley, R., and M. Dworkin, "Advanced Encryption
195	               Standard (AES) Key Wrap with Padding Algorithm", RFC
196	               5649, September 2009.

198	   [RFC5652]   Housley, R., "Cryptographic Message Syntax (CMS)", RFC
199	               5652, September 2009.

201	   [RFC5753]   Turner, S., and D. Brown, "Use of Elliptic Curve
202	               Cryptography (ECC) Algorithms in Cryptographic Message
203	               Syntax (CMS)", RFC 5753, January 2010.

205	   [RFC5754]   Turner, S., "Using SHA2 Algorithms with Cryptographic
206	               Message Syntax", RFC 5754, January 2010.

208	   [I-D.keyprov-symmetrickeyformat] Turner, S., and R. Housley,
209	               "Symmetric Key Package Content Type", draft-ietf-keyprov-
210	               symmetrickeyformat-11.txt, work-in-progress.

212	   [I-D.mcgrew-fundamental-ecc]  McGrew, D., Igoe, E., and M. Salter,
213	               "Fundamental Elliptic Curve Cryptography Algorithms",
214	               draft-mcgrew-fundamental-ecc-03.txt, work-in-progress.

216	9.2. Informative References

218	   [SP800-57]  National Institute of Standards and Technology (NIST),
219	               Special Publication 800-57: Recommendation for Key
220	               Management - Part 1 (Revised), March 2007.

222	Author's Addresses

224	   Sean Turner
225	   IECA, Inc.
226	   3057 Nutley Street, Suite 106
227	   Fairfax, VA 22031
228	   USA

230	   EMail: turners@ieca.com