Document Action: 'ECC Support for PKINIT' to Informational RFC
The IESG <iesg-secretary@ietf.org> Thu, 31 July 2008 09:21 UTC
Return-Path: <ietf-announce-bounces@ietf.org>
X-Original-To: ietf-announce-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-announce-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F5F43A692F; Thu, 31 Jul 2008 02:21:20 -0700 (PDT)
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 30) id ABF8F3A6C82; Thu, 31 Jul 2008 02:21:18 -0700 (PDT)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Document Action: 'ECC Support for PKINIT' to Informational RFC
Message-Id: <20080731092118.ABF8F3A6C82@core3.amsl.com>
Date: Thu, 31 Jul 2008 02:21:18 -0700
Cc: krb-wg mailing list <ietf-krb-wg@lists.anl.gov>, Internet Architecture Board <iab@iab.org>, krb-wg chair <krb-wg-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following document: - 'ECC Support for PKINIT ' <draft-zhu-pkinit-ecc-04.txt> as an Informational RFC This document is the product of the Kerberos Working Group. The IESG contact persons are Tim Polk and Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-zhu-pkinit-ecc-04.txt Technical Summary This document describes the use of Elliptic Curve certificates, Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman (ECDH) key agreement within the framework of PKINIT - the Kerberos Version 5 extension that provides for the use of public key cryptography. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality This document describes an optional mode of operation for the PKINIT extension to the Kerberos protocol. Several major Kerberos implementors currently support or plan to support PKINIT, and at least one has indicated an intent to support the mode of operation described in this document. Personnel The Document Shepard for this document is Jeffrey Hutzelman. The responsible Area Director is Tim Polk RFC Editor Note (1) Please replace all references to [RFC3280] with [RFC5280] (2) In Section 4, please make the following substitution for the first sentence of the first paragraph: OLD: The DHSharedSecret is the x-coordinate of the shared secret value (an elliptic curve point); DHSharedSecret is the output of operation ECSVDP-DH as described in Section 7.2.1 of [IEEE1363]. NEW: The ECDH shared secret value (an elliptic curve point) is calculated using operation ECSVDP-DH as described in Section 7.2.1 of [IEEE1363]. The x-coordinate of this point is converted to an octet string using operation FE2OSP as described in Section 5.5.4 of [IEEE1363]. This octet string is the DHSharedSecret. (3) In section 7, please make the following substitution for the first sentence of the first paragraph: OLD: When using ECDH key agreement, the recipient of an elliptic curve public key should perform certain checks to avoid the attacks described in [ECC-Validation]. NEW: When using ECDH key agreement, the recipient of an elliptic curve public key should perform the checks described in IEEE P1363 section A16.10. [IEEE1363] (4) Please remove the reference [ECC-Validation]. (5) In Section 10.1, Normative References, please make the following substitution: OLD: [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. NEW: [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. (6) Please move reference [SEC2] from Section 10.1, Normative References, to Section 10.2, Informative References. (7) In Section 10.2, Informative References, please make the following substitution: OLD: [LENSTRA] Tung, B., Neuman, B., and S. Medvinsky, "Public Key Cryptography for Initial Authentication in Kerberos", August 2004. NEW: [LENSTRA] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key Sizes", Journal of Cryptology 14 (2001) 255-293. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce