CMS Interoperability Matrix
description
Transcript of CMS Interoperability Matrix
![Page 1: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/1.jpg)
CMS Interoperability Matrix
Jim Schaad
Soaring Hawk Security
![Page 2: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/2.jpg)
Status for RFC 3369
• Errata for ASN.1 module
• Report document is started
Signed Data– FINISHED
• Encrypted Data– FINISHED
![Page 3: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/3.jpg)
Status for RFC 3370
• Key Derivation Algorithms– PBKDF2
• Message Authentication Code Algorithms– HMAC with SHA-1
• Need final ruling from IESG if these are blocking advancement.
![Page 4: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/4.jpg)
Questions
![Page 5: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/5.jpg)
RSA PSS and CMS
Jim Schaad
Soaring Hawk Security
![Page 6: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/6.jpg)
Overview
• PSS is a “new” signature algorithm for RSA key pairs
• Parameters– Digest Hash Algorithm (H1)– Internal Hash Algorithm (H2)– Internal Mask Generation Function (MGF)
• MGF Hash Algorithm (H3)
– Salt Length (should be length of H2)
![Page 7: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/7.jpg)
Requirements
• H1 and H2 SHOULD be the same
• H2 and H3 RECOMMENDED to be the same
![Page 8: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/8.jpg)
Resolved Issues
• Should key identifier and signature identifier be the same OID– Will be the case for PSS
• PSS Parameter comparison– MUST do comparisons if the parameters are
present in the certificate.
![Page 9: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/9.jpg)
Questions
![Page 10: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/10.jpg)
RSA KEM
Jim Schaad
Soaring Hawk Security
for Burt Kaliski
![Page 11: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/11.jpg)
Algorithm Review
• Generate random value z range 0…n-1
• Encrypt z with recip. pub. key c=E(z)
• Derive a KEK k = KDF(z)
• Encrypt CEK with KEK wk = KEKk(cek)
• EncryptedKeyValue c || wk
![Page 12: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/12.jpg)
CMS Details
Use key transport option
id-kts2-basic OID ::= { x9-44 schemes(2) kts2-basic(7) }
KTS2-Parms ::= SEQUENCE {
kas [0] KTS2-KeyAgreementScheme,
kws [1] KTS2-SymmetricKeyWrappingScheme,
labelMethod [2] KTS2-LabelMethod
}
![Page 13: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/13.jpg)
id-kas1-basic OID ::= { x9-44 schemes(2) kas1-basic(1) }
KAS1-Parms ::= SEQUENCE {
sves [0] KAS1-SecretValueEncapsulationScheme,
kdf [1] KAS1-KeyDerivationFunction,
otherInfoMethod [2] KAS1-OtherInfoMethod
}
![Page 14: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/14.jpg)
Open Issues
• Matching rules on usage
• SMimeCapabilities
• Single ASN.1 module
![Page 15: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/15.jpg)
Questions
![Page 16: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/16.jpg)
ESSbis
Jim Schaad
Soaring Hawk Security
![Page 17: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/17.jpg)
Changes
• Separate the functions of – Receipt Behavior
• id-aa-receiptPolicy
– ML Loop Detection• id-aa-mlExpandHistory
• Rewrite processing rules
• Move id-aa-contentIdentifier and id-aa-contentReference to section 4
![Page 18: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/18.jpg)
ReceiptPolicy
ReceiptPolicy ::= CHOICE {
none [0] NULL,
insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
id-aa-receiptPolicy OBJECT IDENTIFIER ::= {id-aa XX}
![Page 19: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/19.jpg)
MLAExpandHistory
MLAExpandHistory ::= SEQUENCE
SIZE (1..ub-ml-expansion-history) OF MLAData
id-aa-mlExpandHistory OBJECT IDENTIFIER ::= {id-aa(2) XX}
ub-ml-expansion-history INTEGER ::= 64
MLAData ::= SEQUENCE {
mailListIdentifier EntityIdentifier,
expansionTime GeneralizedTime }
![Page 20: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/20.jpg)
Status
• First draft to be published next week
• Open questions on some nested cases for receipt processing behavior
• Open questions on MLA attribute propigations
![Page 21: CMS Interoperability Matrix](https://reader036.fdocuments.net/reader036/viewer/2022062500/56815a75550346895dc7dd69/html5/thumbnails/21.jpg)
Questions