210 likes | 353 Views
CMS Interoperability Matrix. Jim Schaad Soaring Hawk Security. Status for RFC 3369. Errata for ASN.1 module Report document is started Signed Data FINISHED Encrypted Data FINISHED. Status for RFC 3370. Key Derivation Algorithms PBKDF2 Message Authentication Code Algorithms
E N D
CMS Interoperability Matrix Jim Schaad Soaring Hawk Security
Status for RFC 3369 • Errata for ASN.1 module • Report document is started Signed Data • FINISHED • Encrypted Data • FINISHED
Status for RFC 3370 • Key Derivation Algorithms • PBKDF2 • Message Authentication Code Algorithms • HMAC with SHA-1 • Need final ruling from IESG if these are blocking advancement.
RSA PSS and CMS Jim Schaad Soaring Hawk Security
Overview • PSS is a “new” signature algorithm for RSA key pairs • Parameters • Digest Hash Algorithm (H1) • Internal Hash Algorithm (H2) • Internal Mask Generation Function (MGF) • MGF Hash Algorithm (H3) • Salt Length (should be length of H2)
Requirements • H1 and H2 SHOULD be the same • H2 and H3 RECOMMENDED to be the same
Resolved Issues • Should key identifier and signature identifier be the same OID • Will be the case for PSS • PSS Parameter comparison • MUST do comparisons if the parameters are present in the certificate.
RSA KEM Jim Schaad Soaring Hawk Security for Burt Kaliski
Algorithm Review • Generate random value z range 0…n-1 • Encrypt z with recip. pub. key c=E(z) • Derive a KEK k = KDF(z) • Encrypt CEK with KEK wk = KEKk(cek) • EncryptedKeyValue c || wk
CMS Details Use key transport option id-kts2-basic OID ::={ x9-44 schemes(2) kts2-basic(7) } KTS2-Parms ::= SEQUENCE { kas [0] KTS2-KeyAgreementScheme, kws [1] KTS2-SymmetricKeyWrappingScheme, labelMethod [2] KTS2-LabelMethod }
id-kas1-basic OID ::= { x9-44 schemes(2) kas1-basic(1) } KAS1-Parms ::= SEQUENCE { sves [0] KAS1-SecretValueEncapsulationScheme, kdf [1] KAS1-KeyDerivationFunction, otherInfoMethod [2] KAS1-OtherInfoMethod }
Open Issues • Matching rules on usage • SMimeCapabilities • Single ASN.1 module
ESSbis Jim Schaad Soaring Hawk Security
Changes • Separate the functions of • Receipt Behavior • id-aa-receiptPolicy • ML Loop Detection • id-aa-mlExpandHistory • Rewrite processing rules • Move id-aa-contentIdentifier and id-aa-contentReference to section 4
ReceiptPolicy ReceiptPolicy ::= CHOICE { none [0] NULL, insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames } id-aa-receiptPolicy OBJECT IDENTIFIER ::= {id-aa XX}
MLAExpandHistory MLAExpandHistory ::= SEQUENCE SIZE (1..ub-ml-expansion-history) OF MLAData id-aa-mlExpandHistory OBJECT IDENTIFIER ::= {id-aa(2) XX} ub-ml-expansion-history INTEGER ::= 64 MLAData ::= SEQUENCE { mailListIdentifier EntityIdentifier, expansionTime GeneralizedTime }
Status • First draft to be published next week • Open questions on some nested cases for receipt processing behavior • Open questions on MLA attribute propigations