Protocol Action: 'Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type' to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The IESG has approved the following document:

- 'Algorithms for Cryptographic Message Syntax (CMS) Encrypted Key 
   Package Content Type '
   <draft-turner-encryptedkeypackagecontenttype-algs-02.txt> as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-turner-encryptedkeypackagecontenttype-algs-02.txt

Technical Summary

This document specifies algorithms to secure the encrypted key content
type defined in draft-turner-encryptedkeypackagecontenttype.  The
algorithm choices and key sizes are based on RFC 5751, with
the exception of content encryption algorithm and key wrap algorithm
being AES Key Wrap with Padding.  This rationale for the choice is in
the security considerations.

This document is headed for standards track, but there are normative
references to two informative RFCs.  RFC3394 if for AES Key Wrap and
RFC5649 and is for AES Key Wrap with Padding.  Both are in the downref
registry.

Working Group Summary

This document is not the product of an IETF Working Group.

Document Quality

The document is short and lists the algorithms to be used based on the
encapsulation mechanism.

Personnel

Carl Wallace is the document Shepherd.  Tim Polk is the
responsible Security Area AD.


RFC Editor Note

In Section 2, please make the following substitution:

OLD:

   Regardless of the key management technique choice, implementations
   MUST support AES-128 Key Wrap with Padding [RFC5649].  Implementations
   SHOULD support AES-256 Key Wrap with Padding [RFC5649].

NEW:

   Since the content type is used to carry a cryptographic key
   and its attributes, an algorithm that is traditionally used to encrypt
one
   key with another is employed.  Regardless of the key management
technique
   choice, implementations MUST support AES-128 Key Wrap with Padding
   [RFC5649] as the content encryption algorithm.  Implementations SHOULD
   support AES-256 Key Wrap with Padding [RFC5649] as the
content-encryption
   algorithm.

In Section 3, please make the following substitution:

OLD

   EncryptedData [RFC5652] requires that keys be managed by other means;

   therefore, the only algorithm specified is the content encryption 
   algorithm. Implementations MUST support AES-128 Key Wrap with Padding 
   [RFC5649].  Implementations SHOULD support AES-256 Key Wrap with 
   Padding [RFC5649]. 

NEW

   EncryptedData [RFC5652] requires that keys be managed by other
   means; therefore, the only algorithm specified is the content
encryption 
   algorithm. Since the content type is used to carry a cryptographic key
   and its attributes, an algorithm that is traditionally used to encrypt
   one key with another is employed.  Implementations MUST support
   AES-128 Key Wrap with Padding [RFC5649].  Implementations SHOULD
   support AES-256 Key Wrap with Padding [RFC5649].

_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux