The IESG has approved the following document: - 'Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type ' <draft-turner-encryptedkeypackagecontenttype-algs-02.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-turner-encryptedkeypackagecontenttype-algs-02.txt Technical Summary This document specifies algorithms to secure the encrypted key content type defined in draft-turner-encryptedkeypackagecontenttype. The algorithm choices and key sizes are based on RFC 5751, with the exception of content encryption algorithm and key wrap algorithm being AES Key Wrap with Padding. This rationale for the choice is in the security considerations. This document is headed for standards track, but there are normative references to two informative RFCs. RFC3394 if for AES Key Wrap and RFC5649 and is for AES Key Wrap with Padding. Both are in the downref registry. Working Group Summary This document is not the product of an IETF Working Group. Document Quality The document is short and lists the algorithms to be used based on the encapsulation mechanism. Personnel Carl Wallace is the document Shepherd. Tim Polk is the responsible Security Area AD. RFC Editor Note In Section 2, please make the following substitution: OLD: Regardless of the key management technique choice, implementations MUST support AES-128 Key Wrap with Padding [RFC5649]. Implementations SHOULD support AES-256 Key Wrap with Padding [RFC5649]. NEW: Since the content type is used to carry a cryptographic key and its attributes, an algorithm that is traditionally used to encrypt one key with another is employed. Regardless of the key management technique choice, implementations MUST support AES-128 Key Wrap with Padding [RFC5649] as the content encryption algorithm. Implementations SHOULD support AES-256 Key Wrap with Padding [RFC5649] as the content-encryption algorithm. In Section 3, please make the following substitution: OLD EncryptedData [RFC5652] requires that keys be managed by other means; therefore, the only algorithm specified is the content encryption algorithm. Implementations MUST support AES-128 Key Wrap with Padding [RFC5649]. Implementations SHOULD support AES-256 Key Wrap with Padding [RFC5649]. NEW EncryptedData [RFC5652] requires that keys be managed by other means; therefore, the only algorithm specified is the content encryption algorithm. Since the content type is used to carry a cryptographic key and its attributes, an algorithm that is traditionally used to encrypt one key with another is employed. Implementations MUST support AES-128 Key Wrap with Padding [RFC5649]. Implementations SHOULD support AES-256 Key Wrap with Padding [RFC5649]. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
