| draft-ietf-lamps-cms-mix-with-psk-03.txt | draft-ietf-lamps-cms-mix-with-psk-04.txt | |||
|---|---|---|---|---|
| INTERNET-DRAFT R. Housley | INTERNET-DRAFT R. Housley | |||
| Internet Engineering Task Force (IETF) Vigil Security | Internet Engineering Task Force (IETF) Vigil Security | |||
| Intended Status: Proposed Standard | Intended Status: Proposed Standard | |||
| Expires: 8 September 2019 8 March 2019 | Expires: 11 November 2019 10 May 2019 | |||
| Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS) | Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS) | |||
| <draft-ietf-lamps-cms-mix-with-psk-03.txt> | <draft-ietf-lamps-cms-mix-with-psk-04.txt> | |||
| Abstract | Abstract | |||
| The invention of a large-scale quantum computer would pose a serious | The invention of a large-scale quantum computer would pose a serious | |||
| challenge for the cryptographic algorithms that are widely deployed | challenge for the cryptographic algorithms that are widely deployed | |||
| today. The Cryptographic Message Syntax (CMS) supports key transport | today. The Cryptographic Message Syntax (CMS) supports key transport | |||
| and key agreement algorithms that could be broken by the invention of | and key agreement algorithms that could be broken by the invention of | |||
| such a quantum computer. By storing communications that are | such a quantum computer. By storing communications that are | |||
| protected with the CMS today, someone could decrypt them in the | protected with the CMS today, someone could decrypt them in the | |||
| future when a large-scale quantum computer becomes available. Once | future when a large-scale quantum computer becomes available. Once | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 11, line 5 ¶ | skipping to change at page 11, line 5 ¶ | |||
| OKM is the output keying material, which is exactly L octets. The | OKM is the output keying material, which is exactly L octets. The | |||
| OKM is the key-encryption key that is used to encrypt the content- | OKM is the key-encryption key that is used to encrypt the content- | |||
| encryption key or the content-authenticated-encryption key. | encryption key or the content-authenticated-encryption key. | |||
| 6. ASN.1 Module | 6. ASN.1 Module | |||
| This section contains the ASN.1 module for the two key management | This section contains the ASN.1 module for the two key management | |||
| techniques defined in this document. This module imports types from | techniques defined in this document. This module imports types from | |||
| other ASN.1 modules that are defined in [RFC5911] and [RFC5912]. | other ASN.1 modules that are defined in [RFC5911] and [RFC5912]. | |||
| <CODE BEGINS> | ||||
| CMSORIforPSK-2019 | CMSORIforPSK-2019 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-ori-psk-2019(TBD0) } | smime(16) modules(0) id-mod-cms-ori-psk-2019(TBD0) } | |||
| DEFINITIONS EXPLICIT TAGS ::= | DEFINITIONS EXPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS All | -- EXPORTS All | |||
| IMPORTS | IMPORTS | |||
| skipping to change at page 13, line 5 ¶ | skipping to change at page 12, line 50 ¶ | |||
| psk OCTET STRING, | psk OCTET STRING, | |||
| keyMgmtAlgType ENUMERATED { | keyMgmtAlgType ENUMERATED { | |||
| keyTrans (5), | keyTrans (5), | |||
| keyAgree (10) }, | keyAgree (10) }, | |||
| keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, | keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, | |||
| pskLength INTEGER (1..MAX), | pskLength INTEGER (1..MAX), | |||
| kdkLength INTEGER (1..MAX) } | kdkLength INTEGER (1..MAX) } | |||
| END | END | |||
| <CODE ENDS> | ||||
| 7. Security Considerations | 7. Security Considerations | |||
| Implementations must protect the pre-shared key (PSK), key transport | Implementations must protect the pre-shared key (PSK), key transport | |||
| private key, the agreement private key, the key-derivation key, and | private key, the agreement private key, the key-derivation key, and | |||
| the key-encryption key. Compromise of the PSK will make the | the key-encryption key. Compromise of the PSK will make the | |||
| encrypted content vulnerable to the future invention of a large-scale | encrypted content vulnerable to the future invention of a large-scale | |||
| quantum computer. Compromise of the PSK and either the key transport | quantum computer. Compromise of the PSK and either the key transport | |||
| private key or the agreement private key may result in the disclosure | private key or the agreement private key may result in the disclosure | |||
| of all contents protected with that combination of keying material. | of all contents protected with that combination of keying material. | |||
| Compromise of the PSK and the key-derivation key may result in | Compromise of the PSK and the key-derivation key may result in | |||
| skipping to change at page 16, line 35 ¶ | skipping to change at page 16, line 35 ¶ | |||
| [IANA-SMIME] https://www.iana.org/assignments/smi-numbers/smi- | [IANA-SMIME] https://www.iana.org/assignments/smi-numbers/smi- | |||
| numbers.xhtml#security-smime. | numbers.xhtml#security-smime. | |||
| [IANA-ORI] https://www.iana.org/assignments/smi-numbers/smi- | [IANA-ORI] https://www.iana.org/assignments/smi-numbers/smi- | |||
| numbers.xhtml#security-smime-13. | numbers.xhtml#security-smime-13. | |||
| [RFC2631] Rescorla, E., "Diffie-Hellman Key Agreement Method", | [RFC2631] Rescorla, E., "Diffie-Hellman Key Agreement Method", | |||
| RFC 2631, June 1999. | RFC 2631, June 1999. | |||
| [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport | ||||
| Algorithm in Cryptographic Message Syntax (CMS)", | ||||
| RFC 3560, July 2003. | ||||
| [RFC4086] D. Eastlake 3rd, D., Schiller, J., and S. Crocker, | [RFC4086] D. Eastlake 3rd, D., Schiller, J., and S. Crocker, | |||
| "Randomness Requirements for Security", RFC 4086, | "Randomness Requirements for Security", RFC 4086, | |||
| June 2005. | June 2005. | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, May 2008. | (CRL) Profile", RFC 5280, May 2008. | |||
| [RFC5753] Turner, S., and D. Brown, "Use of Elliptic Curve | [RFC5753] Turner, S., and D. Brown, "Use of Elliptic Curve | |||
| End of changes. 6 change blocks. | ||||
| 7 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||