draft-ietf-smime-cast-128-00.txt   draft-ietf-smime-cast-128-01.txt 
Internet Draft Carlisle Adams (Entrust Technologies) Internet Draft Carlisle Adams (Entrust Technologies)
S/MIME Working Group S/MIME Working Group
Expires in 6 months September 1999 Expires in 6 months March 2000
Use of the CAST-128 Encryption Algorithm in S/MIME Use of the CAST-128 Encryption Algorithm in CMS
<draft-ietf-smime-cast-128-00.txt> <draft-ietf-smime-cast-128-01.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 1, line 29 skipping to change at page 1, line 30
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire in March, 2000. Comments or This Internet-Draft will expire in September, 2000. Comments or
suggestions for improvement may be made on the "ietf-smime" mailing suggestions for improvement may be made on the "ietf-smime" mailing
list, or directly to the author. list, or directly to the author.
Copyright Notice Copyright Notice
Copyright (C)The Internet Society (1999). All Rights Reserved. Copyright (C)The Internet Society (2000). All Rights Reserved.
Abstract Abstract
This document specifies how to incorporate CAST-128 [RFC2144] into This document specifies how to incorporate CAST-128 [RFC2144] into
S/MIME as an additional algorithm for symmetric encryption. The the S/MIME Cryptographic Message Syntax (CMS) as an additional
relevant OIDs and processing steps are provided so that CAST-128 algorithm for symmetric encryption. The relevant OIDs and processing
may be included in the S/MIME Cryptographic Message Syntax (CMS) steps are provided so that CAST-128 may be included in the CMS
specification [RFC2630] for symmetric content and key encryption. specification [RFC2630] for symmetric content and key encryption.
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase, "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase,
as shown) are to be interpreted as described in [RFC2119]. as shown) are to be interpreted as described in [RFC2119].
1. Motivation 1. Motivation
S/MIME (Secure/Multipurpose Internet Mail Extensions) [SMIME2, S/MIME (Secure/Multipurpose Internet Mail Extensions) [SMIME2,
SMIME3] is a set of specifications for the secure transport of MIME SMIME3] is a set of specifications for the secure transport of MIME
skipping to change at page 2, line 37 skipping to change at page 2, line 37
specification. specification.
2. Specification 2. Specification
This section provides the OIDs and processing information necessary This section provides the OIDs and processing information necessary
for CAST-128 to be used for content and key encryption in CMS. for CAST-128 to be used for content and key encryption in CMS.
2.1 OIDs for Content and Key Encryption 2.1 OIDs for Content and Key Encryption
CAST-128 is added to the set of optional symmetric encryption CAST-128 is added to the set of optional symmetric encryption
algorithms in S/MIME by providing two unique object identifiers algorithms in CMS by providing two unique object identifiers
(OIDs). One OID defines the content encryption algorithm and the (OIDs). One OID defines the content encryption algorithm and the
other defines the key encryption algorithm. Thus an S/MIME agent can other defines the key encryption algorithm. Thus a CMS agent can
apply CAST-128 either for content or key encryption by selecting the apply CAST-128 either for content or key encryption by selecting the
corresponding object identifier, supplying the required parameter, and corresponding object identifier, supplying the required parameter, and
starting the program code. starting the program code.
For content encryption the use of CAST-128 in cipher block chaining For content encryption the use of CAST-128 in cipher block chaining
(CBC) mode is RECOMMENDED. The key length is variable (from 40 to 128 (CBC) mode is RECOMMENDED. The key length is variable (from 40 to 128
bits in 1-octet increments). bits in 1-octet increments).
The CAST-128 content-encryption algorithm in CBC mode has the The CAST-128 content-encryption algorithm in CBC mode has the
following object identifier: following object identifier:
skipping to change at page 3, line 44 skipping to change at page 3, line 44
2.2 Key Wrapping and Unwrapping 2.2 Key Wrapping and Unwrapping
CAST-128 key wrapping and unwrapping is done in conformance with CMS CAST-128 key wrapping and unwrapping is done in conformance with CMS
[RFC2630]. [RFC2630].
2.2.1 CAST-128 Key Wrap 2.2.1 CAST-128 Key Wrap
Key wrapping with CAST-128 is identical to [RFC2630], Sections 12.6.1 Key wrapping with CAST-128 is identical to [RFC2630], Sections 12.6.1
and 12.6.4, with "RC2" replaced by "CAST-128" in the introduction to and 12.6.4, with "RC2" replaced by "CAST-128" in the introduction to
12.6.4. 12.6.4. Only 128-bit CAST-128 keys may be used as key-encryption
keys, and they MUST be used with the cast5CMSkeywrapParameter set to
128. It is RECOMMENDED that the size of the content-encryption key
and the size of the key-encryption key be equal (since the security
of the content will be at most the smaller of these two values).
2.2.2 CAST-128 Key Unwrap 2.2.2 CAST-128 Key Unwrap
Key unwrapping with CAST-128 is identical to [RFC2630], Sections Key unwrapping with CAST-128 is identical to [RFC2630], Sections
12.6.1 and 12.6.5, with "RC2" replaced by "CAST-128" in the 12.6.1 and 12.6.5, with "RC2" replaced by "CAST-128" in the
introduction to 12.6.5. introduction to 12.6.5.
3. Discussion 3. Using CAST-128 in S/MIME Clients
An S/MIME client should announce the set of cryptographic functions An S/MIME client SHOULD announce the set of cryptographic functions
it supports by using the S/MIME capabilities attribute. This it supports by using the S/MIME capabilities attribute. This
attribute provides a partial list of OIDs of cryptographic functions attribute provides a partial list of OIDs of cryptographic functions
and MUST be signed by the client. The functions' OIDs should be and MUST be signed by the client. The functions' OIDs SHOULD be
logically separated in functional categories and MUST be ordered with logically separated in functional categories and MUST be ordered with
respect to their preference. If an S/MIME client is required to respect to their preference. If an S/MIME client is required to
support symmetric encryption with CAST-128, the capabilities attribute support symmetric encryption with CAST-128, the capabilities attribute
MUST contain the above specified OIDs in the category of symmetric MUST contain the cast5cbc OID specified above in the category of
algorithms. The parameters associated with the OIDs given above may symmetric algorithms. The parameter associated with this OID (see
be used to indicate supported key length. Alternatively, the above) MAY be used to indicate supported key length.
following parameter from http://www.imc.org/ietf-smime/smime-oids.asn
may be used in the S/MIME capabilities attribute instead:
SMIMECapabilitiesParametersForCast5CBC ::= INTEGER
-- CAST Key Length (number of bits)
-- (key size: 40, 64, 80 or 128)
Note that this parameter restricts the range of possible CAST-128 key
sizes to four, but this should be acceptable for many environments.
When a sending agent creates an encrypted message, it has to decide When a sending agent creates an encrypted message, it has to decide
which type of encryption algorithm to use. In general the decision which type of encryption algorithm to use. In general the decision
process involves information obtained from the capabilities lists process involves information obtained from the capabilities lists
included in messages received from the recipient, as well as other included in messages received from the recipient, as well as other
information such as private agreements, user preferences, legal information such as private agreements, user preferences, legal
restrictions, and so on. If users require CAST-128 for symmetric restrictions, and so on. If users require CAST-128 for symmetric
encryption, it MUST be supported by the S/MIME clients on both the encryption, it MUST be supported by the S/MIME clients on both the
sending and receiving side, and it MUST be set in the user sending and receiving side, and it MUST be set in the user
preferences. preferences.
4. Security Considerations 4. Security Considerations
This document specifies the use of the CAST-128 symmetric cipher for This document specifies the use of the CAST-128 symmetric cipher for
encrypting the content of an S/MIME message and for encrypting the encrypting the content of a CMS message and for encrypting the
symmetric key used to encrypt the content of an S/MIME message. symmetric key used to encrypt the content of a CMS message.
Although CAST-128 allows keys of variable length to be used, it must Although CAST-128 allows keys of variable length to be used, it must
be recognized that smaller key sizes (e.g., 40, 56, or 64 bits) may be be recognized that smaller key sizes (e.g., 40, 56, or 64 bits) may be
unacceptably weak for some environments. The use of larger key sizes unacceptably weak for some environments. The use of larger key sizes
(e.g., 128 bits) is always RECOMMENDED (when relevant import, export, (e.g., 128 bits) is always RECOMMENDED (when relevant import, export,
or other laws permit). It is also RECOMMENDED that the size of the or other laws permit). It is also RECOMMENDED that the size of the
content-encryption key and the size of the key-encryption key be equal content-encryption key and the size of the key-encryption key be equal
(since the security of the content will be at most the smaller of (since the security of the content will be at most the smaller of
these two values). these two values).
References References
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/