Download - CMS Interoperability Matrix
CMS Interoperability Matrix
Jim Schaad
Soaring Hawk Security
Status for RFC 3369
• Errata for ASN.1 module
• Report document is started
Signed Data– FINISHED
• Encrypted Data– FINISHED
Status for RFC 3370
• Key Derivation Algorithms– PBKDF2
• Message Authentication Code Algorithms– HMAC with SHA-1
• Need final ruling from IESG if these are blocking advancement.
Questions
RSA PSS and CMS
Jim Schaad
Soaring Hawk Security
Overview
• PSS is a “new” signature algorithm for RSA key pairs
• Parameters– Digest Hash Algorithm (H1)– Internal Hash Algorithm (H2)– Internal Mask Generation Function (MGF)
• MGF Hash Algorithm (H3)
– Salt Length (should be length of H2)
Requirements
• H1 and H2 SHOULD be the same
• H2 and H3 RECOMMENDED to be the same
Resolved Issues
• Should key identifier and signature identifier be the same OID– Will be the case for PSS
• PSS Parameter comparison– MUST do comparisons if the parameters are
present in the certificate.
Questions
RSA KEM
Jim Schaad
Soaring Hawk Security
for Burt Kaliski
Algorithm Review
• Generate random value z range 0…n-1
• Encrypt z with recip. pub. key c=E(z)
• Derive a KEK k = KDF(z)
• Encrypt CEK with KEK wk = KEKk(cek)
• EncryptedKeyValue c || wk
CMS Details
Use key transport option
id-kts2-basic OID ::= { x9-44 schemes(2) kts2-basic(7) }
KTS2-Parms ::= SEQUENCE {
kas [0] KTS2-KeyAgreementScheme,
kws [1] KTS2-SymmetricKeyWrappingScheme,
labelMethod [2] KTS2-LabelMethod
}
id-kas1-basic OID ::= { x9-44 schemes(2) kas1-basic(1) }
KAS1-Parms ::= SEQUENCE {
sves [0] KAS1-SecretValueEncapsulationScheme,
kdf [1] KAS1-KeyDerivationFunction,
otherInfoMethod [2] KAS1-OtherInfoMethod
}
Open Issues
• Matching rules on usage
• SMimeCapabilities
• Single ASN.1 module
Questions
ESSbis
Jim Schaad
Soaring Hawk Security
Changes
• Separate the functions of – Receipt Behavior
• id-aa-receiptPolicy
– ML Loop Detection• id-aa-mlExpandHistory
• Rewrite processing rules
• Move id-aa-contentIdentifier and id-aa-contentReference to section 4
ReceiptPolicy
ReceiptPolicy ::= CHOICE {
none [0] NULL,
insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
id-aa-receiptPolicy OBJECT IDENTIFIER ::= {id-aa XX}
MLAExpandHistory
MLAExpandHistory ::= SEQUENCE
SIZE (1..ub-ml-expansion-history) OF MLAData
id-aa-mlExpandHistory OBJECT IDENTIFIER ::= {id-aa(2) XX}
ub-ml-expansion-history INTEGER ::= 64
MLAData ::= SEQUENCE {
mailListIdentifier EntityIdentifier,
expansionTime GeneralizedTime }
Status
• First draft to be published next week
• Open questions on some nested cases for receipt processing behavior
• Open questions on MLA attribute propigations
Questions