[Ietf-krb-wg] Document Action: 'ECC Support for PKINIT' to Informational RFC
The IESG <iesg-secretary@ietf.org> Thu, 31 July 2008 09:22 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2531D3A6A60 for <ietfarch-krb-wg-archive@core3.amsl.com>; Thu, 31 Jul 2008 02:22:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.323
X-Spam-Level:
X-Spam-Status: No, score=-102.323 tagged_above=-999 required=5 tests=[AWL=0.277, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FD8obiFXgPWP for <ietfarch-krb-wg-archive@core3.amsl.com>; Thu, 31 Jul 2008 02:22:02 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id EACB33A6A1C for <krb-wg-archive@lists.ietf.org>; Thu, 31 Jul 2008 02:21:55 -0700 (PDT)
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 61A9846; Thu, 31 Jul 2008 04:22:10 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id 3B0AB41; Thu, 31 Jul 2008 04:22:10 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 04E5680D96; Thu, 31 Jul 2008 04:22:10 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by lists.anl.gov (Postfix) with ESMTP id D32BE80D8C for <ietf-krb-wg@lists.anl.gov>; Thu, 31 Jul 2008 04:22:08 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id B061A7CC06A; Thu, 31 Jul 2008 04:22:08 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13747-07; Thu, 31 Jul 2008 04:22:08 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 85B8B7CC066 for <ietf-krb-wg@lists.anl.gov>; Thu, 31 Jul 2008 04:22:08 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjwBAI0gkUhAqmIge2dsb2JhbACLHoc5AQELBQYJDgieKg
X-IronPort-AV: E=Sophos;i="4.31,285,1215406800"; d="scan'208";a="17722693"
Received: from mail.ietf.org ([64.170.98.32]) by mailgateway.anl.gov with ESMTP; 31 Jul 2008 04:22:07 -0500
Received: by core3.amsl.com (Postfix, from userid 30) id ABF8F3A6C82; Thu, 31 Jul 2008 02:21:18 -0700 (PDT)
X-idtracker: yes
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <20080731092118.ABF8F3A6C82@core3.amsl.com>
Date: Thu, 31 Jul 2008 02:21:18 -0700
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Cc: krb-wg mailing list <ietf-krb-wg@lists.anl.gov>, Internet Architecture Board <iab@iab.org>, krb-wg chair <krb-wg-chairs@tools.ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: [Ietf-krb-wg] Document Action: 'ECC Support for PKINIT' to Informational RFC
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
The IESG has approved the following document: - 'ECC Support for PKINIT ' <draft-zhu-pkinit-ecc-04.txt> as an Informational RFC This document is the product of the Kerberos Working Group. The IESG contact persons are Tim Polk and Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-zhu-pkinit-ecc-04.txt Technical Summary This document describes the use of Elliptic Curve certificates, Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman (ECDH) key agreement within the framework of PKINIT - the Kerberos Version 5 extension that provides for the use of public key cryptography. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality This document describes an optional mode of operation for the PKINIT extension to the Kerberos protocol. Several major Kerberos implementors currently support or plan to support PKINIT, and at least one has indicated an intent to support the mode of operation described in this document. Personnel The Document Shepard for this document is Jeffrey Hutzelman. The responsible Area Director is Tim Polk RFC Editor Note (1) Please replace all references to [RFC3280] with [RFC5280] (2) In Section 4, please make the following substitution for the first sentence of the first paragraph: OLD: The DHSharedSecret is the x-coordinate of the shared secret value (an elliptic curve point); DHSharedSecret is the output of operation ECSVDP-DH as described in Section 7.2.1 of [IEEE1363]. NEW: The ECDH shared secret value (an elliptic curve point) is calculated using operation ECSVDP-DH as described in Section 7.2.1 of [IEEE1363]. The x-coordinate of this point is converted to an octet string using operation FE2OSP as described in Section 5.5.4 of [IEEE1363]. This octet string is the DHSharedSecret. (3) In section 7, please make the following substitution for the first sentence of the first paragraph: OLD: When using ECDH key agreement, the recipient of an elliptic curve public key should perform certain checks to avoid the attacks described in [ECC-Validation]. NEW: When using ECDH key agreement, the recipient of an elliptic curve public key should perform the checks described in IEEE P1363 section A16.10. [IEEE1363] (4) Please remove the reference [ECC-Validation]. (5) In Section 10.1, Normative References, please make the following substitution: OLD: [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. NEW: [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. (6) Please move reference [SEC2] from Section 10.1, Normative References, to Section 10.2, Informative References. (7) In Section 10.2, Informative References, please make the following substitution: OLD: [LENSTRA] Tung, B., Neuman, B., and S. Medvinsky, "Public Key Cryptography for Initial Authentication in Kerberos", August 2004. NEW: [LENSTRA] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key Sizes", Journal of Cryptology 14 (2001) 255-293. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg