draft-ietf-smime-cms-aes-ccm-and-gcm-01.txt   draft-ietf-smime-cms-aes-ccm-and-gcm-02.txt 
INTERNET DRAFT R. Housley INTERNET DRAFT R. Housley
S/MIME Working Group Vigil Security S/MIME Working Group Vigil Security
Using AES-CCM and AES-GCM Authenticated Encryption Using AES-CCM and AES-GCM Authenticated Encryption
in the Cryptographic Message Syntax (CMS) in the Cryptographic Message Syntax (CMS)
<draft-ietf-smime-cms-aes-ccm-and-gcm-01.txt> <draft-ietf-smime-cms-aes-ccm-and-gcm-02.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
skipping to change at page 3, line 44 skipping to change at page 3, line 44
encryption key, the nonce value MUST be unique. That is, the set of encryption key, the nonce value MUST be unique. That is, the set of
nonce values used with any given key MUST NOT contain any duplicate nonce values used with any given key MUST NOT contain any duplicate
values. Using the same nonce for two different messages encrypted values. Using the same nonce for two different messages encrypted
with the same key destroys the security properties. with the same key destroys the security properties.
AAD is authenticated but not encrypted. Thus, the AAD is not AAD is authenticated but not encrypted. Thus, the AAD is not
included in the AES-GCM output. It can be used to authenticate included in the AES-GCM output. It can be used to authenticate
plaintext packet headers. In the CMS authenticated-enveloped-data plaintext packet headers. In the CMS authenticated-enveloped-data
content type, authenticated attributes comprise the AAD. content type, authenticated attributes comprise the AAD.
2. Automatic Key Management 2. Automated Key Management
The reuse of an AES-CCM or AES-GCM nonce/key combination destroys the The reuse of an AES-CCM or AES-GCM nonce/key combination destroys the
security guarantees. As a result, it can be extremely difficult to security guarantees. As a result, it can be extremely difficult to
use AES-CCM or AES-GCM securely when using statically configured use AES-CCM or AES-GCM securely when using statically configured
keys. For safety's sake, implementations MUST use an automated key keys. For safety's sake, implementations MUST use an automated key
management system. management system [KeyMgmt].
The CMS authenticated-enveloped-data content type supports four The CMS authenticated-enveloped-data content type supports four
general key management techniques: general key management techniques:
Key Transport: the content-authenticated-encryption key is Key Transport: the content-authenticated-encryption key is
encrypted in the recipient's public key; encrypted in the recipient's public key;
Key Agreement: the recipient's public key and the sender's Key Agreement: the recipient's public key and the sender's
private key are used to generate a pairwise symmetric key, then private key are used to generate a pairwise symmetric key, then
the content-authenticated-encryption key is encrypted in the the content-authenticated-encryption key is encrypted in the
skipping to change at page 8, line 27 skipping to change at page 8, line 27
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
5.2. Informative References 5.2. Informative References
[BDJR] Bellare, M, Desai, A., Jokipii, E., and P. Rogaway, [BDJR] Bellare, M, Desai, A., Jokipii, E., and P. Rogaway,
"A Concrete Security Treatment of Symmetric Encryption: "A Concrete Security Treatment of Symmetric Encryption:
Analysis of the DES Modes of Operation", Proceedings Analysis of the DES Modes of Operation", Proceedings
38th Annual Symposium on Foundations of Computer 38th Annual Symposium on Foundations of Computer
Science, 1997. Science, 1997.
[KEYMGMT] Bellovin, S. and R. Housley, "Guidelines for
Cryptographic Key Management", RFC 4107, BCP 107,
June 2005.
[RANDOM] Eastlake, D., Schiller, J., and S. Crocker, "Randomness [RANDOM] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Recommendations for Security", RFC 4086, June 2005. Recommendations for Security", RFC 4086, June 2005.
6. IANA Considerations 6. IANA Considerations
None. None.
{{{ RFC Editor: Please remove this section prior to publication. }}} {{{ RFC Editor: Please remove this section prior to publication. }}}
Appendix: ASN.1 Module Appendix: ASN.1 Module
 End of changes. 4 change blocks. 
3 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/