IETF Revises Cryptographic Message Syntax and Secure Multipurpose
Internet Mail Extensions
by Sean Turner and Russ Housley
Numerous protocols such as the Simple Mail Transport Protocol (SMTP,
RFC 5821), the Session Initiation Protocol (SIP, RFC 3261), the
Electronic Data Interchange (EDI) protocols, the Secure Inter-Domain
Routing (SIDR) protocols, and some of the Public Key Information (PKI)
certificate management protocols employ the CMS (Cryptographic Message
Syntax) to protect their payloads. The IETF has revised the CMS and
Secure Mail Internet Mail Extensions (S/MIME) specifications to add an
additional content type, address protocol implementation issues, and
to support additional algorithms:
- CMS has been published four times on the standards-track: RFC
2630, RFC 3369, RFC 3852, and RFC 5652. RFC 3852 addressed errata
against RFC 3369, but more importantly progressed CMS from
proposed to draft standard. RFC 5652 added a clarification about
multiple signers (RFC 4853) and addressed errata against RFC 3852.
In August, RFC 5652 was elevated to full standard (STD 70).
- S/MIME Version 3.2 Message Specification (RFC 5751) replaces
S/MIME Version 3.1 Message Specification (RFC 3851). The
mandatory content encryption algorithm is AES-128 CBC, the
mandatory message digest algorithm is SHA-256, the mandatory
digital signature algorithm and key exchange algorithm is still
RSA, but the mandatory key size range is now 1024-bit to 2048-bit.
- S/MIME Version 3.2 Certificate Handling (RFC 5750) replaces S/MIME
Version 3.1 Certificate Handling (RFC 3850). It updates the
required digital signature algorithm to be RSA with SHA-256 and it
increases the required key size range to be between 1024-bit and
4096-bit.
- The Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type (RFC 5083) specifies a
content type for use by authenticated encryption algorithms.
- Using AES-CCM and AES-GCM Authenticated Encryption in the
Cryptographic Message Syntax (CMS) specifies the use of two
authenticated encryption algorithms, namely AES Counter Cipher
Block Chaining-Message Authentication Code (AES-CCM) and
AES-Galois/Counter Mode (GCM), as content-authenticated-encryption
algorithms for use with the authenticated enveloped content type
(RFC 5083).
- Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and
GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax
(CMS), as its name implies, specifies how to use the GOST suite of
cryptographic algorithms including GOST message digest algorithms,
digital signature algorithms, key agreement algorithms, key
transport algorithms, content encryption algorithm, and HMAC
algorithms.
- Using the Boneh-Franklin and Boneh-Boyen Identity-Based Encryption
Algorithms with the Cryptographic Message Syntax (CMS) (RRFC 5409)
specifies the use of two identity-based encryption algorithms,
Boneh-Franklin (BF) and Boneh-Boyen (BB1), that can be used to
encrypt content-encryption keys.
- Using SHA2 Algorithms with Cryptographic Message Syntax (RFC 5754)
specifies the conventions for use of SHA-224, SHA-256 SHA-384, and
SHA-512 message digest algorithms as well as the use of the DSA
with SHA-224 and SHA-256.
- Use of Elliptic Curve Cryptography (ECC) Algorithms in
Cryptographic Message Syntax (CMS) (RFC 5753), which obsoletes RFC
3278, adds support for ECDSA with SHA-224, SHA-256, SHA-384, and
SHA-512. It also specifies ECDH standard, ECDH co-factor, and
1-Pass ECMQV with SHA-224, SHA-256, SHA-384, and SHA-512 as the
Key Derivation Functions and AES-128, -192, and -256 as the key
wrap algorithms. This RFC also adds support for 1-Pass ECMQV when
used with the authenticated enveloped content type (RFC 5083).
The S/MIME working group is slowly winding down. A draft that
specifies the use of the RSA-KEM key transport algorithm in CMS is the
remaining item and it should be published in the next month or two.
After publication, chances are that the S/MIME working group will be
closed, but the mailing list will remain active.
For more information, contact Blake Ramsdell (ramsdell@sendmail.com),
Paul Hoffman (paul.hoffman@vpnc.org), Russ Housley
(housley@vigilsec.com), Sean Turner (turners@ieca.com), or
smime@ietf.org.
NIST requests comments on Draft SP 800-135, Recommendation for Application-Specific Key Derivation Functions.
NIST requests comments on Draft SP 800-135, Recommendation for
Application-Specific Key Derivation Functions.
The document specifies security requirements for existing
application-specific key derivation functions in: American National
Standard (ANS) X9.42-2001-Public Key Cryptography for the Financial
Services Industry: Agreement of Symmetric Keys Using Discrete
Logarithm Cryptography, American National Standard (ANS)
X9.63-2001-Public Key Cryptography for the Financial Services
Industry: Key Agreement and Key Transport Using Elliptic Curve
Cryptography, Internet Key Exchange, Secure Shell, Transport Layer
Security, The Secure Real-time Transport Protocol, User-based
Security Model for version 3 of the Simple Network Management
Protocol , and Trusted Platform Module. The document is available at
http://csrc.nist.gov/publications/drafts/800-135/draft-sp800-135.pdf. Please
provide comments by September 30th 2010 to
quynh.dang@nist.gov with "Comments on
Draft SP 800-135" in the subject line.
For additional questions contact Quynh Dang (quynh.dang@nist.gov)