Upload
iram
View
44
Download
0
Tags:
Embed Size (px)
DESCRIPTION
CMS Interoperability Matrix. Jim Schaad Soaring Hawk Security. Status for RFC 3369. Errata for ASN.1 module Report document is started Signed Data FINISHED Encrypted Data FINISHED. Status for RFC 3370. Key Derivation Algorithms PBKDF2 Message Authentication Code Algorithms - PowerPoint PPT Presentation
Citation preview
CMS Interoperability Matrix
Jim Schaad
Soaring Hawk Security
Status for RFC 3369
• Errata for ASN.1 module
• Report document is started
Signed Data– FINISHED
• Encrypted Data– FINISHED
Status for RFC 3370
• Key Derivation Algorithms– PBKDF2
• Message Authentication Code Algorithms– HMAC with SHA-1
• Need final ruling from IESG if these are blocking advancement.
Questions
RSA PSS and CMS
Jim Schaad
Soaring Hawk Security
Overview
• PSS is a “new” signature algorithm for RSA key pairs
• Parameters– Digest Hash Algorithm (H1)– Internal Hash Algorithm (H2)– Internal Mask Generation Function (MGF)
• MGF Hash Algorithm (H3)
– Salt Length (should be length of H2)
Requirements
• H1 and H2 SHOULD be the same
• H2 and H3 RECOMMENDED to be the same
Resolved Issues
• Should key identifier and signature identifier be the same OID– Will be the case for PSS
• PSS Parameter comparison– MUST do comparisons if the parameters are
present in the certificate.
Questions
RSA KEM
Jim Schaad
Soaring Hawk Security
for Burt Kaliski
Algorithm Review
• Generate random value z range 0…n-1
• Encrypt z with recip. pub. key c=E(z)
• Derive a KEK k = KDF(z)
• Encrypt CEK with KEK wk = KEKk(cek)
• EncryptedKeyValue c || wk
CMS Details
Use key transport option
id-kts2-basic OID ::= { x9-44 schemes(2) kts2-basic(7) }
KTS2-Parms ::= SEQUENCE {
kas [0] KTS2-KeyAgreementScheme,
kws [1] KTS2-SymmetricKeyWrappingScheme,
labelMethod [2] KTS2-LabelMethod
}
id-kas1-basic OID ::= { x9-44 schemes(2) kas1-basic(1) }
KAS1-Parms ::= SEQUENCE {
sves [0] KAS1-SecretValueEncapsulationScheme,
kdf [1] KAS1-KeyDerivationFunction,
otherInfoMethod [2] KAS1-OtherInfoMethod
}
Open Issues
• Matching rules on usage
• SMimeCapabilities
• Single ASN.1 module
Questions
ESSbis
Jim Schaad
Soaring Hawk Security
Changes
• Separate the functions of – Receipt Behavior
• id-aa-receiptPolicy
– ML Loop Detection• id-aa-mlExpandHistory
• Rewrite processing rules
• Move id-aa-contentIdentifier and id-aa-contentReference to section 4
ReceiptPolicy
ReceiptPolicy ::= CHOICE {
none [0] NULL,
insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
id-aa-receiptPolicy OBJECT IDENTIFIER ::= {id-aa XX}
MLAExpandHistory
MLAExpandHistory ::= SEQUENCE
SIZE (1..ub-ml-expansion-history) OF MLAData
id-aa-mlExpandHistory OBJECT IDENTIFIER ::= {id-aa(2) XX}
ub-ml-expansion-history INTEGER ::= 64
MLAData ::= SEQUENCE {
mailListIdentifier EntityIdentifier,
expansionTime GeneralizedTime }
Status
• First draft to be published next week
• Open questions on some nested cases for receipt processing behavior
• Open questions on MLA attribute propigations
Questions