draft-ietf-smime-bfibecms-09.txt   draft-ietf-smime-bfibecms-10.txt 
L. Martin L. Martin
S/MIME Working Group Voltage Security S/MIME Working Group Voltage Security
Internet Draft Mark Schertler Internet Draft M. Schertler
Intended status: Standards Track Tumbleweed Communications Intended status: Standards Track Tumbleweed Communications
Using the Boneh-Franklin and Boneh-Boyen Identity-based Using the Boneh-Franklin and Boneh-Boyen Identity-based
Encryption Algorithms with the Cryptographic Message Syntax Encryption Algorithms with the Cryptographic Message Syntax
(CMS) (CMS)
<draft-ietf-smime-bfibecms-09.txt> <draft-ietf-smime-bfibecms-10.txt>
Status of this Document Status of this Document
By submitting this Internet-Draft, each author represents By submitting this Internet-Draft, each author represents
that any applicable patent or other IPR claims of which he that any applicable patent or other IPR claims of which he
or she is aware have been or will be disclosed, and any of or she is aware have been or will be disclosed, and any of
which he or she becomes aware will be disclosed, in which he or she becomes aware will be disclosed, in
accordance with Section 6 of BCP 79. accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Internet-Drafts are working documents of the Internet
skipping to change at page 2, line 11 skipping to change at page 2, line 11
(CMS) to encrypt content-encryption keys. Object identifiers (CMS) to encrypt content-encryption keys. Object identifiers
and the convention for encoding a recipient's identity are and the convention for encoding a recipient's identity are
also defined. also defined.
Table of Contents Table of Contents
1. Introduction............................................2 1. Introduction............................................2
1.1. Terminology........................................3 1.1. Terminology........................................3
1.2. IBE overview.......................................3 1.2. IBE overview.......................................3
2. Using identity-based encryption.........................4 2. Using identity-based encryption.........................4
3. Key encryption algorithm identifiers....................8 3. Key encryption algorithm identifiers....................7
4. Processing by the sender................................8 4. Processing by the sender................................8
5. Processing by the receiver..............................9 5. Processing by the receiver..............................8
6. ASN.1 module............................................9 6. ASN.1 module............................................9
7. Security considerations................................11 7. Security considerations................................11
7.1. Attacks that are outside the scope of this 7.1. Attacks that are outside the scope of this
document...............................................11 document...............................................11
7.2. Attacks that are within the scope of this 7.2. Attacks that are within the scope of this
document...............................................12 document...............................................12
7.3. Attacks to which the protocols defined in this 7.3. Attacks to which the protocols defined in this
document are susceptible...............................12 document are susceptible...............................12
8. IANA considerations....................................13 8. IANA considerations....................................13
9. References.............................................14 9. References.............................................14
skipping to change at page 4, line 21 skipping to change at page 4, line 21
These fields have the following meanings: These fields have the following meanings:
ibeORIType defines the object identifier (OID) that ibeORIType defines the object identifier (OID) that
indicates that the subsequent ibeORIValue is the information indicates that the subsequent ibeORIValue is the information
necessary to decrypt the message using IBE. This field MUST necessary to decrypt the message using IBE. This field MUST
be set to the following: be set to the following:
ibeORIType OBJECT IDENTIFIER ::= { ibeORIType OBJECT IDENTIFIER ::= {
joint-iso-itu(2) country(16) us(840) joint-iso-itu(2) country(16) us(840)
organization(1) identicrypt(114334) organization(1) identicrypt(114334)
ibcs(1) cms(4) ori-oid(1) ibcs(1) cms(4) ori-oid(1) version(1)
} }
ibeORIValue defines the identity that was used in the IBE ibeORIValue defines the identity that was used in the IBE
algorithm to encrypt the CEK. This is an IBERecipientInfo algorithm to encrypt the CEK. This is an IBERecipientInfo
type, which is defined as follows: type, which is defined as follows:
IBERecipientInfo ::= SEQUENCE { IBERecipientInfo ::= SEQUENCE {
cmsVersion INTEGER { v3(3) }, cmsVersion INTEGER { v3(3) },
keyFetchMethod OBJECT IDENTIFIER, keyFetchMethod OBJECT IDENTIFIER,
recipientIdentity IBEIdentityInfo, recipientIdentity IBEIdentityInfo,
serverInfo SEQUENCE SIZE (1..MAX) OF serverInfo SEQUENCE SIZE (1..MAX) OF
OIDValuePairs OPTIONAL, OIDValuePairs OPTIONAL,
encryptedKey EncryptedKey encryptedKey EncryptedKey
} }
The fields of IBERecipientInfo MUST be set as follows. The fields of IBERecipientInfo MUST be set as follows.
The cmsVersion MUST be set to 3. The cmsVersion MUST be set to 3.
The keyFetchMethod is the OID that defines the method of The keyFetchMethod is the OID that defines the method of
retrieving the private key that the recipient MUST use. How retrieving the private key that the recipient MUST use. This
to retrieve an IBE private key using the steps defined in SHOULD be set to uriPPSOID [IBE] which is defined to be the
[IBE] is defined by the keyFetchMethod OID. The method for following:
retrieving private keys that is specified in [IBE] is
defined by cmsPPSOID, which is defined to be the following:
cmsPPSOID OBJECT IDENTIFIER ::= { uriPPSOID OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) joint-iso-itu-t(2) country(16) us(840)
organization(1) identicrypt(114334) organization(1) identicrypt(114334)
pps-schemas(3) ic-schemas(1) pps-uri(1) pps-schemas(3) ic-schemas(1) pps-uri(1) version(1)
} }
The recipientIdentity is the data that was used to calculate The recipientIdentity is the data that the sender used to
the IBE public key that was used to encrypt the content- calculate the IBE public key that the sender used to encrypt
encryption key. This recipientIdentity is used to calculate the content-encryption key. This recipientIdentity is used
IBE public and private keys as described in [IBCS]. This to calculate IBE public and private keys as described in
MUST be an IBEIdentityInfo type, which is defined as [IBCS]. This MUST be a DER-encoded [DER] IBEIdentityInfo
follows: type [IBE], which is defined as follows:
IBEIdentityInfo ::= SEQUENCE { IBEIdentityInfo ::= SEQUENCE {
district IA5String, district IA5String,
serial INTEGER, serial INTEGER,
identitySchema OBJECT IDENTIFIER, identityType OBJECT IDENTIFIER,
identityData OCTET STRING identityData OCTET STRING
} }
The fields of IBEIdentityInfo have the following meanings. The identityType defines the format that is used to encode
The district and serial are unique identifiers that are used
to construct the URI for the location of the necessary IBE
public parameters. The construction and use of this URI is
defined in [IBE]. Internationalized Resource Identifiers
(IRIs) MUST be handled according to the procedures specified
in Section 7.4 of [PKIX].
The identitySchema defines the format that is used to encode
the information that defines the identity of the recipient. the information that defines the identity of the recipient.
This MUST be set to cmsIdentityOID to indicate that This MUST be set to cmsIdentityOID to indicate that
identityData contains an EmailIdentitySchema type. The value identityData contains an EmailIdentityData type. The value
of cmsIdentityOID is the following: of cmsIdentityOID is the following:
cmsIdentityOID OBJECT IDENTIFIER ::= { cmsIdentityOID OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) joint-iso-itu-t(2) country(16) us(840)
organization(1) identicrypt(114334) organization(1) identicrypt(114334)
keyschemas(2) icschemas(1) rfc822Name(1) keyschemas(2) icschemas(1) email(1) version(1)
} }
The identityData field contains the identify information for The identityData MUST be an EmailIdentityData type, which is
the recipient, the contents of which is an ASN.1 structure defined as follows:
which MUST be DER encoded [DER] before placing it in the
OCTET STRING.
If identitySchema is set to the cmsIdentityOID OBJECT
IDENTIFIER, the identityData MUST be an EmailIdentitySchema
type, which is defined as follows:
EmailIdentitySchema ::= SEQUENCE { EmailIdentityData ::= SEQUENCE {
rfc822Name IA5String, rfc822Name IA5String,
time GeneralizedTime time GeneralizedTime
} }
The rfc822Name field is the e-mail address of the recipient The rfc822Name field is the e-mail address of the recipient
in the format defined in Section 4.2.1.6 of [PKIX] for the in the format defined in Section 4.2.1.6 of [PKIX] for the
rfc822Name subjectAltName variant. Rules for encoding rfc822Name subjectAltName variant. Rules for encoding
Internet mail addresses that include internationalized Internet mail addresses that include internationalized
domain names are specified in Section 7.5 of [PKIX]. domain names are specified in Section 7.5 of [PKIX].
skipping to change at page 7, line 38 skipping to change at page 7, line 22
OIDValuePairs ::= SEQUENCE { OIDValuePairs ::= SEQUENCE {
fieldID OBJECT IDENTIFIER, fieldID OBJECT IDENTIFIER,
fieldData OCTET STRING fieldData OCTET STRING
} }
These can be used to convey any other information that might These can be used to convey any other information that might
be used by a PKG. Examples of such information could include be used by a PKG. Examples of such information could include
the user interface that the recipient will experience. the user interface that the recipient will experience.
Differences in the user interface could include localization Differences in the user interface could include localization
information or commercial branding information. information or commercial branding information. A client
MUST ignore any part of serverInfo that it is unable to
OIDValuePairs ::= SEQUENCE { process.
fieldID OBJECT IDENTIFIER,
fieldData OCTET STRING
}
The encryptedKey is the result of encrypting the CEK with an The encryptedKey is the result of encrypting the CEK with an
IBE algorithm using recipientIdentity as the IBE public key. IBE algorithm using recipientIdentity as the IBE public key.
3. Key encryption algorithm identifiers 3. Key encryption algorithm identifiers
The BF and BB1 algorithms as defined in [IBCS] have the The BF and BB1 algorithms as defined in [IBCS] have the
following object identifiers. These object identifiers are following object identifiers. These object identifiers are
also defined in the ASN.1 module in [IBCS]. also defined in the ASN.1 module in [IBCS].
skipping to change at page 9, line 41 skipping to change at page 9, line 25
5. Obtains the IBE private key needed to decrypt the 5. Obtains the IBE private key needed to decrypt the
encrypted CEK using the process defined in [IBE]. encrypted CEK using the process defined in [IBE].
6. Decrypts the CEK using the IBE private key obtained in 6. Decrypts the CEK using the IBE private key obtained in
Step 4 using the algorithms described in [IBCS]. Step 4 using the algorithms described in [IBCS].
6. ASN.1 module 6. ASN.1 module
The following ASN.1 module summarizes the ASN.1 definitions The following ASN.1 module summarizes the ASN.1 definitions
discussed in this document. defined by this document.
IBECMS-module { IBECMS-module {
joint-iso-itu-t(2) country(16) us(840) joint-iso-itu-t(2) country(16) us(840)
organization(1) identicrypt(114334) organization(1) identicrypt(114334)
ibcs(1) cms(4) module(5) version(1) ibcs(1) cms(4) module(5) version(1)
} }
DEFINITIONS IMPLICIT TAGS ::= BEGIN DEFINITIONS IMPLICIT TAGS ::= BEGIN
IMPORTS IBEIdentityInfo, uriPPSOID FROM
IBEARCH-module { joint-iso-itu-t(2) country(16)
us(840) organization(1) identicrypt(114334) ibcs(1)
ibearch(5) module(5) version(1)
};
IBEOtherRecipientInfo ::= SEQUENCE { IBEOtherRecipientInfo ::= SEQUENCE {
oriType OBJECT IDENTIFIER, oriType OBJECT IDENTIFIER,
oriValue IBERecipientInfo oriValue IBERecipientInfo
} }
ibeORIType OBJECT IDENTIFIER ::= { ibeORIType OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) joint-iso-itu-t(2) country(16) us(840)
organization(1) identicrypt(114334) organization(1) identicrypt(114334)
ibcs(1) cms(4) ori-oid(1) ibcs(1) cms(4) ori-oid(1) version(1)
} }
IBERecipientInfo ::= SEQUENCE { IBERecipientInfo ::= SEQUENCE {
cmsVersion INTEGER { v3(3) }, cmsVersion INTEGER { v3(3) },
keyFetchMethod OBJECT IDENTIFIER, keyFetchMethod OBJECT IDENTIFIER,
recipientIdentity IBEIdentityInfo, recipientIdentity IBEIdentityInfo,
serverInfo SEQUENCE SIZE (1..MAX) OF serverInfo SEQUENCE SIZE (1..MAX) OF
OIDValuePairs OPTIONAL, OIDValuePairs OPTIONAL,
encryptedKey EncryptedKey encryptedKey EncryptedKey
} }
IBEIdentityInfo ::= SEQUENCE {
district IA5String,
serial INTEGER,
identitySchema OBJECT IDENTIFIER,
identityData OCTET STRING
}
OIDValuePairs ::= SEQUENCE { OIDValuePairs ::= SEQUENCE {
fieldID OBJECT IDENTIFIER, fieldID OBJECT IDENTIFIER,
fieldData OCTET STRING fieldData OCTET STRING
} }
EncryptedKey ::= OCTET STRING EncryptedKey ::= OCTET STRING
EmailIdentitySchema ::= SEQUENCE { EmailIdentityData ::= SEQUENCE {
rfc822Name IA5String, rfc822Name IA5String,
time GeneralizedTime time GeneralizedTime
} }
cmsIdentityOID OBJECT IDENTIFIER ::= { cmsIdentityOID OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) joint-iso-itu-t(2) country(16) us(840)
organization(1) identicrypt(114334) organization(1) identicrypt(114334)
keyschemas(2) icschemas(1) RFC2821email(1) keyschemas(2) icschemas(1) email(1) version(1)
}
cmsPPSOID OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840)
organization(1) identicrypt(114334)
pps-schemas(3) ic-schemas(1) pps-uri(1)
} }
END END
7. Security considerations 7. Security considerations
This document is based on [CMS] and [IBCS], and the relevant This document is based on [CMS], [IBCS] and [IBE], and the
security considerations of those documents apply. relevant security considerations of those documents apply.
7.1. Attacks that are outside the scope of this document 7.1. Attacks that are outside the scope of this document
Attacks on the cryptographic algorithms that are used to Attacks on the cryptographic algorithms that are used to
implement IBE are outside the scope of this document. Such implement IBE are outside the scope of this document. Such
attacks are detailed in [IBCS], which defines parameters attacks are detailed in [IBCS], which defines parameters
that give 80-bit, 112-bit, 128-bit and 256-bit encryption that give 80-bit, 112-bit, 128-bit and 256-bit encryption
strength. We assume that capable administrators of an IBE strength. We assume that capable administrators of an IBE
system will select parameters that provide a sufficient system will select parameters that provide a sufficient
resistance to cryptanalytic attacks by adversaries. resistance to cryptanalytic attacks by adversaries.
 End of changes. 23 change blocks. 
65 lines changed or deleted 39 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/