draft-ietf-smime-cmskea-01.txt   draft-ietf-smime-cmskea-02.txt 
INTERNET-DRAFT John Pawling INTERNET-DRAFT John Pawling
draft-ietf-smime-cmskea-01.txt J.G. Van Dyke & Associates draft-ietf-smime-cmskea-02.txt J.G. Van Dyke & Associates
21 May 1999 29 July 1999
Expires: 21 November 1999 Expires: 29 January 2000
CMS KEA and SKIPJACK Conventions CMS KEA and SKIPJACK Conventions
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. Internet-Drafts are working provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups. Note that other groups may also distribute working its working groups. Note that other groups may also distribute working
documents as Internet-Drafts. documents as Internet-Drafts.
skipping to change at line 213 skipping to change at line 213
KeyAgreeRecipientInfo structure includes a single RecipientEncryptedKey KeyAgreeRecipientInfo structure includes a single RecipientEncryptedKey
field containing the SKIPJACK CEK wrapped for the recipient. This field containing the SKIPJACK CEK wrapped for the recipient. This
option requires more overhead than the shared UKM option because the option requires more overhead than the shared UKM option because the
KeyAgreeRecipientInfo fields (i.e. version, originator, ukm, KeyAgreeRecipientInfo fields (i.e. version, originator, ukm,
keyEncryptionAlgorithm) must be repeated for each recipient. keyEncryptionAlgorithm) must be repeated for each recipient.
The next two paragraphs apply to both options. The next two paragraphs apply to both options.
The KeyAgreeRecipientInfo keyEncryptionAlgorithm algorithm field MUST The KeyAgreeRecipientInfo keyEncryptionAlgorithm algorithm field MUST
include the id-kEAKeyEncryptionAlgorithm OID. The KeyAgreeRecipientInfo include the id-kEAKeyEncryptionAlgorithm OID. The KeyAgreeRecipientInfo
keyEncryptionAlgorithm parameters field MUST be the id- keyEncryptionAlgorithm parameters field MUST contain a KeyWrapAlgorithm
fortezzaWrap80 OID indicating that the FORTEZZA 80-bit wrap function is as specified in [CMS]. The algorithm field of KeyWrapAlgorithm MUST
used to wrap the 80-bit SKIPJACK CEK. be the id-fortezzaWrap80 OID indicating that the FORTEZZA 80-bit
wrap function is used to wrap the 80-bit SKIPJACK CEK. The parameters
field of KeyWrapAlgorithm MUST be absent.
If the originator is not already an explicit recipient, then a copy of If the originator is not already an explicit recipient, then a copy of
the SKIPJACK CEK SHOULD be wrapped for the originator and included in the SKIPJACK CEK SHOULD be wrapped for the originator and included in
the EnvelopedData. This allows the originator to decrypt the contents the EnvelopedData. This allows the originator to decrypt the contents
of the EnvelopedData. of the EnvelopedData.
4.2.1.1. SKIPJACK CEK Wrap Process Using A Shared Originator UKM Value 4.2.1.1. SKIPJACK CEK Wrap Process Using A Shared Originator UKM Value
This section describes how a shared originator UKM value is used as an This section describes how a shared originator UKM value is used as an
input to KEA to generate each pairwise KEK used to wrap the SKIPJACK CEK input to KEA to generate each pairwise KEK used to wrap the SKIPJACK CEK
skipping to change at line 384 skipping to change at line 386
This section describes the conventions for using KEA and SKIPJACK with This section describes the conventions for using KEA and SKIPJACK with
the CMS enveloped-data content type to support "previously distributed" the CMS enveloped-data content type to support "previously distributed"
symmetric KEKs. When a "previously distributed" symmetric KEK is used to symmetric KEKs. When a "previously distributed" symmetric KEK is used to
wrap the SKIPJACK CEK, then the RecipientInfo KEKRecipientInfo CHOICE wrap the SKIPJACK CEK, then the RecipientInfo KEKRecipientInfo CHOICE
MUST be used. The methods by which KEA is used to generate the symmetric MUST be used. The methods by which KEA is used to generate the symmetric
KEK and by which the symmetric KEK is distributed are beyond the scope of KEK and by which the symmetric KEK is distributed are beyond the scope of
this document. this document.
The KEKRecipientInfo fields MUST be populated as specified in the [CMS] The KEKRecipientInfo fields MUST be populated as specified in the [CMS]
"KEKRecipientInfo Type" section. The KEKRecipientInfo "KEKRecipientInfo Type" section. The KEKRecipientInfo keyEncryptionAlgorithm
keyEncryptionAlgorithm algorithm field MUST be the id-fortezzaWrap80 OID algorithm field MUST be the id-fortezzaWrap80 OID indicating that the
(with NULL parameters) indicating that the FORTEZZA 80-bit wrap function FORTEZZA 80-bit wrap function is used to wrap the 80-bit SKIPJACK CEK.
is used to wrap the 80-bit SKIPJACK CEK. The KEKRecipientInfo The KEKRecipientInfo keyEncryptionAlgorithm parameters field MUST be absent.
encryptedKey field MUST include the SKIPJACK CEK wrapped using the The KEKRecipientInfo encryptedKey field MUST include the SKIPJACK CEK
"previously distributed" symmetric KEK as input to the FORTEZZA 80-bit wrapped using the "previously distributed" symmetric KEK as input to the
wrap function. FORTEZZA 80-bit wrap function.
5. Encrypted-data Conventions 5. Encrypted-data Conventions
The CMS encrypted-data content type consists of an encrypted content, The CMS encrypted-data content type consists of an encrypted content,
but no recipient information. The method for conveying the SKIPJACK CEK but no recipient information. The method for conveying the SKIPJACK CEK
required to decrypt the encrypted-data encrypted content is beyond the required to decrypt the encrypted-data encrypted content is beyond the
scope of this document. Compliant software MUST meet the requirements scope of this document. Compliant software MUST meet the requirements
for constructing an encrypted-data content type stated in [CMS]. The for constructing an encrypted-data content type stated in [CMS]. The
[CMS] "Encrypted-data Content Type" section should be studied before [CMS] "Encrypted-data Content Type" section should be studied before
reading this section, because this section does not repeat the [CMS] reading this section, because this section does not repeat the [CMS]
skipping to change at line 431 skipping to change at line 433
7. Object Identifier Definitions 7. Object Identifier Definitions
The following OIDs are specified in [INFO], but are repeated here for The following OIDs are specified in [INFO], but are repeated here for
the reader's convenience: the reader's convenience:
id-fortezzaConfidentialityAlgorithm OBJECT IDENTIFIER ::= {joint-iso- id-fortezzaConfidentialityAlgorithm OBJECT IDENTIFIER ::= {joint-iso-
ccitt(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) ccitt(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1)
algorithms(1) fortezzaConfidentialityAlgorithm (4)} algorithms(1) fortezzaConfidentialityAlgorithm (4)}
As per the definition of the id-fortezzaConfidentialityAlgorithm OID, the As specified in [USSUP1], when the id-fortezzaConfidentialityAlgorithm
SKIPJACK IV MUST be ASN.1 encoded according to the following ASN.1 OID is present in the AlgorithmIdentifier algorithm field, then the
syntax: AlgorithmIdentifier parameters field MUST be present and MUST include
the SKIPJACK IV ASN.1 encoded using the following syntax:
Skipjack-Parm ::= SEQUENCE { initialization_vector OCTET STRING } Skipjack-Parm ::= SEQUENCE { initialization-vector OCTET STRING }
Note: The [CMS] "General Overview" section describes the ASN.1 encoding
conventions for the CMS content types including the enveloped-data and
encrypted-data content types in which the
id-fortezzaConfidentialityAlgorithm OID and parameters will be present.
id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {joint-iso-ccitt(2)
country(16) us(840) organization(1) gov(101) dod(2) infosec(1) country(16) us(840) organization(1) gov(101) dod(2) infosec(1)
algorithms(1) keyExchangeAlgorithm (22)} algorithms(1) keyExchangeAlgorithm (22)}
id-fortezzaWrap80 OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) country(16) id-fortezzaWrap80 OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) country(16)
us(840) organization(1) gov(101) dod(2) infosec(1) algorithms(1) us(840) organization(1) gov(101) dod(2) infosec(1) algorithms(1)
fortezzaWrap80Algorithm (23)} fortezzaWrap80Algorithm (23)}
id-kEAKeyEncryptionAlgorithm OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) id-kEAKeyEncryptionAlgorithm OBJECT IDENTIFIER ::= {joint-iso-ccitt(2)
country(16) us(840) organization(1) gov(101) dod(2) infosec(1) country(16) us(840) organization(1) gov(101) dod(2) infosec(1)
algorithms(1) kEAKeyEncryptionAlgorithm (24)} algorithms(1) kEAKeyEncryptionAlgorithm (24)}
A. References A. References
[CMS] "Cryptographic Message Syntax", Internet Draft, draft-ietf-smime- [CMS] RFC 2630, Cryptographic Message Syntax, June 1999.
cms-13.txt.
[KEA] "Representation of Key Exchange Algorithm (KEA) Keys in Internet [KEA] RFC 2528, Representation of Key Exchange Algorithm (KEA) Keys in
X.509 Public Key Infrastructure Certificates", RFC 2528. Internet X.509 Public Key Infrastructure Certificates, March 1999.
[INFO] Registry of INFOSEC Technical Objects, 14 April 1999 [INFO] Registry of INFOSEC Technical Objects, 22 July 1999.
[MUSTSHOULD] "Key Words for Use in RFCs to Indicate Requirement [MUSTSHOULD] RFC 2119, Key Words for Use in RFCs to Indicate
Levels", RFC 2119. Requirement Levels.
[SJ-KEA] SKIPJACK and KEA Algorithm Specifications, Version 2.0, [SJ-KEA] SKIPJACK and KEA Algorithm Specifications, Version 2.0,
http://csrc.nist.gov/encryption/skipjack-kea.htm. http://csrc.nist.gov/encryption/skipjack-kea.htm.
[USSUP1] Allied Communication Publication 120 (ACP120) Common
Security Protocol (CSP) United States (US) Supplement No. 1, June 1998;
http://www.armadillo.huntsville.al.us/Fortezza_docs/missi2.html#specs.
B. Acknowledgments B. Acknowledgments
The following people have made significant contributions to this draft: The following people have made significant contributions to this draft:
David Dalkowski, Russ Housley, Pierce Leonberger, Rich Nicholas, Bob David Dalkowski, Phillip Griffin, Russ Housley, Pierce Leonberger,
Relyea and Jim Schaad. Rich Nicholas, Bob Relyea and Jim Schaad.
C. Changes between CMSKEA-00 and CMSKEA-01: C. Changes between CMSKEA-01 and CMSKEA-02:
1) Section 4.2.1, 4th paragraph, first sentence: Changed as follows: 1) Section 4.2.1, 5th paragraph, second sentence: Changed as follows:
OLD: The KeyAgreeRecipientInfo keyEncryptionAlgorithm algorithm field OLD: "The KeyAgreeRecipientInfo keyEncryptionAlgorithm parameters
MUST include the id-keyExchangeAlgorithm OID. field MUST be the id-fortezzaWrap80 OID indicating that the FORTEZZA
80-bit wrap function is used to wrap the 80-bit SKIPJACK CEK."
NEW: The KeyAgreeRecipientInfo keyEncryptionAlgorithm algorithm field NEW: "The KeyAgreeRecipientInfo keyEncryptionAlgorithm parameters field
MUST include the id-kEAKeyEncryptionAlgorithm OID. MUST contain a KeyWrapAlgorithm as specified in [CMS]. The algorithm
field of KeyWrapAlgorithm MUST be the id-fortezzaWrap80 OID indicating
that the FORTEZZA 80-bit wrap function is used to wrap the 80-bit
SKIPJACK CEK. The parameters field of KeyWrapAlgorithm MUST be absent."
2) Section 4.3, 2nd paragraph, second and third sentences: Changed as Thanks to Pierce Leonberger for pointing this out.
follows:
OLD: The KEKRecipientInfo keyEncryptionAlgorithm algorithm field MUST 2) Change Section 4.3, 2nd paragraph, 2nd sentence as follows (This makes
be the id-keyExchangeAlgorithm OID. The KEKRecipientInfo the use of the id-fortezzaWrap80 OID consistent in both sections):
keyEncryptionAlgorithm parameters field MUST be the id-fortezzaWrap80
OID indicating that the FORTEZZA 80-bit wrap function is used to wrap
the 80-bit SKIPJACK CEK.
NEW: The KEKRecipientInfo keyEncryptionAlgorithm algorithm field MUST OLD: "The KEKRecipientInfo keyEncryptionAlgorithm algorithm field MUST be
be the id-fortezzaWrap80 OID (with NULL parameters) indicating that the the id-fortezzaWrap80 OID (with NULL parameters) indicating that the
FORTEZZA 80-bit wrap function is used to wrap the 80-bit SKIPJACK CEK. FORTEZZA 80-bit wrap function is used to wrap the 80-bit SKIPJACK CEK."
3) Added id-kEAKeyEncryptionAlgorithm to Section 7, Object Identifier NEW: "The KEKRecipientInfo keyEncryptionAlgorithm algorithm field MUST be
definitions. the id-fortezzaWrap80 OID indicating that the FORTEZZA 80-bit wrap
function is used to wrap the 80-bit SKIPJACK CEK. The KEKRecipientInfo
keyEncryptionAlgorithm parameters field MUST be absent."
4) Update [CMS] and [INFO] reference definitions. 3) Clarified definition of Skipjack-Parm and changed
"initialization_vector" to "initialization-vector" because underscore
is invalid ASN.1. Thanks to Phil Griffin for pointing this out.
4) Updated [CMS] and [INFO] reference definitions.
5) Added [USSUP1] reference definition.
D. Author's Address D. Author's Address
John Pawling John Pawling
J.G. Van Dyke & Associates, Inc. J.G. Van Dyke & Associates, Inc., a Wang Government Services Company
141 National Business Pkwy, Suite 210 141 National Business Pkwy, Suite 210
Annapolis Junction, MD 20701 Annapolis Junction, MD 20701
jsp@jgvandyke.com jsp@jgvandyke.com
(301) 939-2739 (301) 939-2739
(410) 880-6095 (410) 880-6095
E. Full Copyright Statement E. Full Copyright Statement
Copyright (C) The Internet Society (date). All Rights Reserved. Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/