| draft-ietf-smime-cms-aes-ccm-and-gcm-01.txt | draft-ietf-smime-cms-aes-ccm-and-gcm-02.txt | |||
|---|---|---|---|---|
| INTERNET DRAFT R. Housley | INTERNET DRAFT R. Housley | |||
| S/MIME Working Group Vigil Security | S/MIME Working Group Vigil Security | |||
| Using AES-CCM and AES-GCM Authenticated Encryption | Using AES-CCM and AES-GCM Authenticated Encryption | |||
| in the Cryptographic Message Syntax (CMS) | in the Cryptographic Message Syntax (CMS) | |||
| <draft-ietf-smime-cms-aes-ccm-and-gcm-01.txt> | <draft-ietf-smime-cms-aes-ccm-and-gcm-02.txt> | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| skipping to change at page 3, line 44 | skipping to change at page 3, line 44 | |||
| encryption key, the nonce value MUST be unique. That is, the set of | encryption key, the nonce value MUST be unique. That is, the set of | |||
| nonce values used with any given key MUST NOT contain any duplicate | nonce values used with any given key MUST NOT contain any duplicate | |||
| values. Using the same nonce for two different messages encrypted | values. Using the same nonce for two different messages encrypted | |||
| with the same key destroys the security properties. | with the same key destroys the security properties. | |||
| AAD is authenticated but not encrypted. Thus, the AAD is not | AAD is authenticated but not encrypted. Thus, the AAD is not | |||
| included in the AES-GCM output. It can be used to authenticate | included in the AES-GCM output. It can be used to authenticate | |||
| plaintext packet headers. In the CMS authenticated-enveloped-data | plaintext packet headers. In the CMS authenticated-enveloped-data | |||
| content type, authenticated attributes comprise the AAD. | content type, authenticated attributes comprise the AAD. | |||
| 2. Automatic Key Management | 2. Automated Key Management | |||
| The reuse of an AES-CCM or AES-GCM nonce/key combination destroys the | The reuse of an AES-CCM or AES-GCM nonce/key combination destroys the | |||
| security guarantees. As a result, it can be extremely difficult to | security guarantees. As a result, it can be extremely difficult to | |||
| use AES-CCM or AES-GCM securely when using statically configured | use AES-CCM or AES-GCM securely when using statically configured | |||
| keys. For safety's sake, implementations MUST use an automated key | keys. For safety's sake, implementations MUST use an automated key | |||
| management system. | management system [KeyMgmt]. | |||
| The CMS authenticated-enveloped-data content type supports four | The CMS authenticated-enveloped-data content type supports four | |||
| general key management techniques: | general key management techniques: | |||
| Key Transport: the content-authenticated-encryption key is | Key Transport: the content-authenticated-encryption key is | |||
| encrypted in the recipient's public key; | encrypted in the recipient's public key; | |||
| Key Agreement: the recipient's public key and the sender's | Key Agreement: the recipient's public key and the sender's | |||
| private key are used to generate a pairwise symmetric key, then | private key are used to generate a pairwise symmetric key, then | |||
| the content-authenticated-encryption key is encrypted in the | the content-authenticated-encryption key is encrypted in the | |||
| skipping to change at page 8, line 27 | skipping to change at page 8, line 27 | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| 5.2. Informative References | 5.2. Informative References | |||
| [BDJR] Bellare, M, Desai, A., Jokipii, E., and P. Rogaway, | [BDJR] Bellare, M, Desai, A., Jokipii, E., and P. Rogaway, | |||
| "A Concrete Security Treatment of Symmetric Encryption: | "A Concrete Security Treatment of Symmetric Encryption: | |||
| Analysis of the DES Modes of Operation", Proceedings | Analysis of the DES Modes of Operation", Proceedings | |||
| 38th Annual Symposium on Foundations of Computer | 38th Annual Symposium on Foundations of Computer | |||
| Science, 1997. | Science, 1997. | |||
| [KEYMGMT] Bellovin, S. and R. Housley, "Guidelines for | ||||
| Cryptographic Key Management", RFC 4107, BCP 107, | ||||
| June 2005. | ||||
| [RANDOM] Eastlake, D., Schiller, J., and S. Crocker, "Randomness | [RANDOM] Eastlake, D., Schiller, J., and S. Crocker, "Randomness | |||
| Recommendations for Security", RFC 4086, June 2005. | Recommendations for Security", RFC 4086, June 2005. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| None. | None. | |||
| {{{ RFC Editor: Please remove this section prior to publication. }}} | {{{ RFC Editor: Please remove this section prior to publication. }}} | |||
| Appendix: ASN.1 Module | Appendix: ASN.1 Module | |||
| End of changes. 4 change blocks. | ||||
| 3 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||