draft-ietf-smime-rcek-02.txt   draft-ietf-smime-rcek-03.txt 
INTERNET-DRAFT S. Farrell INTERNET-DRAFT S. Farrell
Expires in six months Baltimore Technologies Expires in six months Baltimore Technologies
S. Turner S. Turner
IECA IECA
May 2001 May 2001
Reuse of CMS Content Encryption Keys Reuse of CMS Content Encryption Keys
<draft-ietf-smime-rcek-02.txt> <draft-ietf-smime-rcek-03.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of [RFC2026]. all provisions of Section 10 of [RFC2026].
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Internet-Drafts are draft documents valid for a maximum of Drafts. Internet-Drafts are draft documents valid for a maximum of
skipping to change at page 4, line 50 skipping to change at page 4, line 50
a password. The output of the PBKDF2 function is MSG2.KEK. To this a password. The output of the PBKDF2 function is MSG2.KEK. To this
end, a new attribute type is defined which allows passing of the end, a new attribute type is defined which allows passing of the
required parameters. required parameters.
id-aa-KEKDerivationAlg OBJECT IDENTIFIER ::= { id-aa 32 } id-aa-KEKDerivationAlg OBJECT IDENTIFIER ::= { id-aa 32 }
KEKDerivationAlgorithm ::= SEQUENCE { KEKDerivationAlgorithm ::= SEQUENCE {
kekAlg AlgorithmIdentifier, kekAlg AlgorithmIdentifier,
pbkdf2Param PBKDF2-params pbkdf2Param PBKDF2-params
} }
keyAlg is the algorithm identifier (and associated parameters, if kekAlg is the algorithm identifier (and associated parameters, if
any), for the MSG2 key encryption algorithm. Note that it is not any), for the MSG2 key encryption algorithm. Note that it is not
necessary to protect this field MSG.KEK is only used by the necessary to protect this field since modification of keyAlg only
originator. represents a denial-of-service attack.
The PBKDF2 algorithm parameters are to be handled as follows: The PBKDF2 algorithm parameters are to be handled as follows:
- The salt MUST use the "specified" element of the CHOICE. - The salt MUST use the "specified" element of the CHOICE.
- The message originator selects the iterationCount. - The message originator selects the iterationCount.
- The value of keyLength is determined by the kekAlg and MUST be - The value of keyLength is determined by the kekAlg and MUST be
present. present.
- The prf field MUST use the default algorithm specified in - The prf field MUST use the default algorithm specified in
[RFC2898] which is algid-hmacWithSHA1 (and so the prf field MUST [RFC2898] which is algid-hmacWithSHA1 (and so the prf field MUST
be omitted). be omitted).
skipping to change at page 8, line 22 skipping to change at page 8, line 22
-- [RFC2898] defines PBKDF2-params using 1993 ASN.1, which -- [RFC2898] defines PBKDF2-params using 1993 ASN.1, which
-- results in the same encoding as produced by the definition -- results in the same encoding as produced by the definition
-- below. See [RFC2898] for that definition. -- below. See [RFC2898] for that definition.
PBKDF2-params ::= SEQUENCE { PBKDF2-params ::= SEQUENCE {
salt CHOICE { salt CHOICE {
specified OCTET STRING, -- MUST BE USED specified OCTET STRING, -- MUST BE USED
otherSource AlgorithmIdentifier -- DO NOT USE THIS FIELD otherSource AlgorithmIdentifier -- DO NOT USE THIS FIELD
}, },
iterationCount INTEGER (1..MAX), iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL, keyLength INTEGER (1..MAX) OPTIONAL
} }
-- id-aa is the arc with all new authenticated and -- id-aa is the arc with all new authenticated and
-- unauthenticated attributes produced the by S/MIME -- unauthenticated attributes produced the by S/MIME
-- Working Group. It is also defined in [CMS-MSG] -- Working Group. It is also defined in [CMS-MSG]
id-aa OBJECT IDENTIFIER ::= id-aa OBJECT IDENTIFIER ::=
{iso(1) member-body(2) usa(840) rsadsi(113549) {iso(1) member-body(2) usa(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) attributes(2)} pkcs(1) pkcs-9(9) smime(16) attributes(2)}
skipping to change at line 442 skipping to change at page 9, line 29
problems problems
- Added allocated OIDs for module and attributes - Added allocated OIDs for module and attributes
- Added more justification text to section 2 - Added more justification text to section 2
- Added conformance text (new section 5) - Added conformance text (new section 5)
- Added security consideration about subset of recipients - Added security consideration about subset of recipients
- Added security consideration describing reason for byte reversal - Added security consideration describing reason for byte reversal
- Changed from unidirectional since Diameter may need bi-directional - Changed from unidirectional since Diameter may need bi-directional
- Copied kdf params stuff from rfc2898 since it uses '93 ASN.1 - Copied kdf params stuff from rfc2898 since it uses '93 ASN.1
- Changed so that max decrypts=1, implies that one more message can - Changed so that max decrypts=1, implies that one more message can
re-use the CEK (used to be silly where a value of 1 meant no more) re-use the CEK (used to be silly where a value of 1 meant no more)
Changes from -02 to -03
- Removed extra comma from ASN.1 module
- Reworded section 4, para 6
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/