CMS Interoperability Matrix

Jim Schaad

Soaring Hawk Security

Status for RFC 3369

• Errata for ASN.1 module

• Report document is started

Signed Data– FINISHED

• Encrypted Data– FINISHED

Status for RFC 3370

• Key Derivation Algorithms– PBKDF2

• Message Authentication Code Algorithms– HMAC with SHA-1

• Need final ruling from IESG if these are blocking advancement.

Questions

RSA PSS and CMS

Jim Schaad

Soaring Hawk Security

Overview

• PSS is a “new” signature algorithm for RSA key pairs

• Parameters– Digest Hash Algorithm (H1)– Internal Hash Algorithm (H2)– Internal Mask Generation Function (MGF)

• MGF Hash Algorithm (H3)

– Salt Length (should be length of H2)

Requirements

• H1 and H2 SHOULD be the same

• H2 and H3 RECOMMENDED to be the same

Resolved Issues

• Should key identifier and signature identifier be the same OID– Will be the case for PSS

• PSS Parameter comparison– MUST do comparisons if the parameters are

present in the certificate.

Questions

RSA KEM

Jim Schaad

Soaring Hawk Security

for Burt Kaliski

Algorithm Review

• Generate random value z range 0…n-1

• Encrypt z with recip. pub. key c=E(z)

• Derive a KEK k = KDF(z)

• Encrypt CEK with KEK wk = KEKk(cek)

• EncryptedKeyValue c || wk

CMS Details

Use key transport option

id-kts2-basic OID ::= { x9-44 schemes(2) kts2-basic(7) }

KTS2-Parms ::= SEQUENCE {

kas [0] KTS2-KeyAgreementScheme,

kws [1] KTS2-SymmetricKeyWrappingScheme,

labelMethod [2] KTS2-LabelMethod

}

id-kas1-basic OID ::= { x9-44 schemes(2) kas1-basic(1) }

KAS1-Parms ::= SEQUENCE {

sves [0] KAS1-SecretValueEncapsulationScheme,

kdf [1] KAS1-KeyDerivationFunction,

otherInfoMethod [2] KAS1-OtherInfoMethod

}

Open Issues

• Matching rules on usage

• SMimeCapabilities

• Single ASN.1 module

Questions

ESSbis

Jim Schaad

Soaring Hawk Security

Changes

• Separate the functions of – Receipt Behavior

• id-aa-receiptPolicy

– ML Loop Detection• id-aa-mlExpandHistory

• Rewrite processing rules

• Move id-aa-contentIdentifier and id-aa-contentReference to section 4

ReceiptPolicy

ReceiptPolicy ::= CHOICE {

none [0] NULL,

insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,

inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }

id-aa-receiptPolicy OBJECT IDENTIFIER ::= {id-aa XX}

MLAExpandHistory

MLAExpandHistory ::= SEQUENCE

SIZE (1..ub-ml-expansion-history) OF MLAData

id-aa-mlExpandHistory OBJECT IDENTIFIER ::= {id-aa(2) XX}

ub-ml-expansion-history INTEGER ::= 64

MLAData ::= SEQUENCE {

mailListIdentifier EntityIdentifier,

expansionTime GeneralizedTime }

Status

• First draft to be published next week

• Open questions on some nested cases for receipt processing behavior

• Open questions on MLA attribute propigations

Questions