draft-ietf-lamps-cms-mix-with-psk-03.txt   draft-ietf-lamps-cms-mix-with-psk-04.txt 
INTERNET-DRAFT R. Housley INTERNET-DRAFT R. Housley
Internet Engineering Task Force (IETF) Vigil Security Internet Engineering Task Force (IETF) Vigil Security
Intended Status: Proposed Standard Intended Status: Proposed Standard
Expires: 8 September 2019 8 March 2019 Expires: 11 November 2019 10 May 2019
Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS) Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)
<draft-ietf-lamps-cms-mix-with-psk-03.txt> <draft-ietf-lamps-cms-mix-with-psk-04.txt>
Abstract Abstract
The invention of a large-scale quantum computer would pose a serious The invention of a large-scale quantum computer would pose a serious
challenge for the cryptographic algorithms that are widely deployed challenge for the cryptographic algorithms that are widely deployed
today. The Cryptographic Message Syntax (CMS) supports key transport today. The Cryptographic Message Syntax (CMS) supports key transport
and key agreement algorithms that could be broken by the invention of and key agreement algorithms that could be broken by the invention of
such a quantum computer. By storing communications that are such a quantum computer. By storing communications that are
protected with the CMS today, someone could decrypt them in the protected with the CMS today, someone could decrypt them in the
future when a large-scale quantum computer becomes available. Once future when a large-scale quantum computer becomes available. Once
skipping to change at page 1, line 44 skipping to change at page 1, line 44
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 11, line 5 skipping to change at page 11, line 5
OKM is the output keying material, which is exactly L octets. The OKM is the output keying material, which is exactly L octets. The
OKM is the key-encryption key that is used to encrypt the content- OKM is the key-encryption key that is used to encrypt the content-
encryption key or the content-authenticated-encryption key. encryption key or the content-authenticated-encryption key.
6. ASN.1 Module 6. ASN.1 Module
This section contains the ASN.1 module for the two key management This section contains the ASN.1 module for the two key management
techniques defined in this document. This module imports types from techniques defined in this document. This module imports types from
other ASN.1 modules that are defined in [RFC5911] and [RFC5912]. other ASN.1 modules that are defined in [RFC5911] and [RFC5912].
<CODE BEGINS>
CMSORIforPSK-2019 CMSORIforPSK-2019
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-cms-ori-psk-2019(TBD0) } smime(16) modules(0) id-mod-cms-ori-psk-2019(TBD0) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS All -- EXPORTS All
IMPORTS IMPORTS
skipping to change at page 13, line 5 skipping to change at page 12, line 50
psk OCTET STRING, psk OCTET STRING,
keyMgmtAlgType ENUMERATED { keyMgmtAlgType ENUMERATED {
keyTrans (5), keyTrans (5),
keyAgree (10) }, keyAgree (10) },
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
pskLength INTEGER (1..MAX), pskLength INTEGER (1..MAX),
kdkLength INTEGER (1..MAX) } kdkLength INTEGER (1..MAX) }
END END
<CODE ENDS>
7. Security Considerations 7. Security Considerations
Implementations must protect the pre-shared key (PSK), key transport Implementations must protect the pre-shared key (PSK), key transport
private key, the agreement private key, the key-derivation key, and private key, the agreement private key, the key-derivation key, and
the key-encryption key. Compromise of the PSK will make the the key-encryption key. Compromise of the PSK will make the
encrypted content vulnerable to the future invention of a large-scale encrypted content vulnerable to the future invention of a large-scale
quantum computer. Compromise of the PSK and either the key transport quantum computer. Compromise of the PSK and either the key transport
private key or the agreement private key may result in the disclosure private key or the agreement private key may result in the disclosure
of all contents protected with that combination of keying material. of all contents protected with that combination of keying material.
Compromise of the PSK and the key-derivation key may result in Compromise of the PSK and the key-derivation key may result in
skipping to change at page 16, line 35 skipping to change at page 16, line 35
[IANA-SMIME] https://www.iana.org/assignments/smi-numbers/smi- [IANA-SMIME] https://www.iana.org/assignments/smi-numbers/smi-
numbers.xhtml#security-smime. numbers.xhtml#security-smime.
[IANA-ORI] https://www.iana.org/assignments/smi-numbers/smi- [IANA-ORI] https://www.iana.org/assignments/smi-numbers/smi-
numbers.xhtml#security-smime-13. numbers.xhtml#security-smime-13.
[RFC2631] Rescorla, E., "Diffie-Hellman Key Agreement Method", [RFC2631] Rescorla, E., "Diffie-Hellman Key Agreement Method",
RFC 2631, June 1999. RFC 2631, June 1999.
[RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport
Algorithm in Cryptographic Message Syntax (CMS)",
RFC 3560, July 2003.
[RFC4086] D. Eastlake 3rd, D., Schiller, J., and S. Crocker, [RFC4086] D. Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", RFC 4086, "Randomness Requirements for Security", RFC 4086,
June 2005. June 2005.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC5753] Turner, S., and D. Brown, "Use of Elliptic Curve [RFC5753] Turner, S., and D. Brown, "Use of Elliptic Curve
 End of changes. 6 change blocks. 
7 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/