[Ietf-krb-wg] FW: Document Action: 'ECC Support for PKINIT' to Informational RFC
Larry Zhu <lzhu@windows.microsoft.com> Thu, 31 July 2008 10:18 UTC
Return-Path: <ietf-krb-wg-bounces@lists.anl.gov>
X-Original-To: ietfarch-krb-wg-archive@core3.amsl.com
Delivered-To: ietfarch-krb-wg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE8F13A6AEB for <ietfarch-krb-wg-archive@core3.amsl.com>; Thu, 31 Jul 2008 03:18:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.218
X-Spam-Level:
X-Spam-Status: No, score=-104.218 tagged_above=-999 required=5 tests=[AWL=-1.619, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DL1CECVhVi-H for <ietfarch-krb-wg-archive@core3.amsl.com>; Thu, 31 Jul 2008 03:18:00 -0700 (PDT)
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by core3.amsl.com (Postfix) with ESMTP id B49283A69EB for <krb-wg-archive@lists.ietf.org>; Thu, 31 Jul 2008 03:18:00 -0700 (PDT)
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id D633742; Thu, 31 Jul 2008 05:18:17 -0500 (CDT)
Received: from lists.anl.gov (katydid.it.anl.gov [146.137.96.32]) by mailhost.anl.gov (Postfix) with ESMTP id B843D39; Thu, 31 Jul 2008 05:18:17 -0500 (CDT)
Received: from katydid.it.anl.gov (localhost [127.0.0.1]) by lists.anl.gov (Postfix) with ESMTP id 97B1C80D96; Thu, 31 Jul 2008 05:18:17 -0500 (CDT)
X-Original-To: ietf-krb-wg@lists.anl.gov
Delivered-To: ietf-krb-wg@lists.anl.gov
Received: from mailhost.anl.gov (mailhost.anl.gov [130.202.113.50]) by lists.anl.gov (Postfix) with ESMTP id 9031C80D8C for <ietf-krb-wg@lists.anl.gov>; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
Received: by mailhost.anl.gov (Postfix) id 8B26F24; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
Delivered-To: ietf-krb-wg@anl.gov
Received: from mailhost.anl.gov (localhost [127.0.0.1]) by localhost.ctd.anl.gov (Postfix) with ESMTP id 6318339 for <ietf-krb-wg@anl.gov>; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
Received: from mailrelay.anl.gov (mailrelay.anl.gov [130.202.101.22]) by mailhost.anl.gov (Postfix) with ESMTP id 4CDC524 for <ietf-krb-wg@anl.gov>; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by localhost.it.anl.gov (Postfix) with ESMTP id 3494C7CC065; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
Received: from mailrelay.anl.gov ([127.0.0.1]) by localhost (mailrelay.anl.gov [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18049-05; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
Received: from mailgateway.anl.gov (mailgateway.anl.gov [130.202.101.28]) by mailrelay2.anl.gov (Postfix) with ESMTP id 08A1C7CC059 for <ietf-krb-wg@anl.gov>; Thu, 31 Jul 2008 05:18:15 -0500 (CDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjUAAK8ukUiDa3PWmmdsb2JhbACLHoc5AQEBAQEIBQgHEQYrngw
X-IronPort-AV: E=Sophos;i="4.31,285,1215406800"; d="scan'208";a="17723703"
Received: from mailc.microsoft.com (HELO smtp.microsoft.com) ([131.107.115.214]) by mailgateway.anl.gov with ESMTP; 31 Jul 2008 05:18:14 -0500
Received: from tk5-exhub-c104.redmond.corp.microsoft.com (157.54.88.97) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.1.251.2; Thu, 31 Jul 2008 03:18:14 -0700
Received: from tk5-exmlt-w601.wingroup.windeploy.ntdev.microsoft.com (157.54.18.32) by tk5-exhub-c104.redmond.corp.microsoft.com (157.54.88.97) with Microsoft SMTP Server id 8.1.240.5; Thu, 31 Jul 2008 03:18:13 -0700
Received: from NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com ([fe80::8de9:51a2:cd62:f122]) by tk5-exmlt-w601.wingroup.windeploy.ntdev.microsoft.com ([157.54.18.32]) with mapi; Thu, 31 Jul 2008 03:18:14 -0700
From: Larry Zhu <lzhu@windows.microsoft.com>
To: "ietf-krb-wg@anl.gov" <ietf-krb-wg@anl.gov>
Date: Thu, 31 Jul 2008 03:18:13 -0700
Thread-Topic: [Ietf-krb-wg] Document Action: 'ECC Support for PKINIT' to Informational RFC
Thread-Index: Acjy7vCJoeFoIObES9O74iOj+GhDgQAB8e0g
Message-ID: <AB1E5627D2489D45BD01B84BD5B90046061C58906F@NA-EXMSG-W601.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-Virus-Scanned: Debian amavisd-new at frigga.it.anl.gov
Subject: [Ietf-krb-wg] FW: Document Action: 'ECC Support for PKINIT' to Informational RFC
X-BeenThere: ietf-krb-wg@lists.anl.gov
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is a list for the IETF Kerberos Working Group. {WORLDPUB, EXTERNAL}" <ietf-krb-wg.lists.anl.gov>
List-Unsubscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=unsubscribe>
List-Archive: <https://lists.anl.gov/pipermail/ietf-krb-wg>
List-Post: <mailto:ietf-krb-wg@lists.anl.gov>
List-Help: <mailto:ietf-krb-wg-request@lists.anl.gov?subject=help>
List-Subscribe: <https://lists.anl.gov/mailman/listinfo/ietf-krb-wg>, <mailto:ietf-krb-wg-request@lists.anl.gov?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-krb-wg-bounces@lists.anl.gov
Errors-To: ietf-krb-wg-bounces@lists.anl.gov
fyi -----Original Message----- From: ietf-krb-wg-bounces@lists.anl.gov [mailto:ietf-krb-wg-bounces@lists.anl.gov] On Behalf Of The IESG Sent: Thursday, July 31, 2008 2:21 AM To: IETF-Announce Cc: krb-wg mailing list; Internet Architecture Board; krb-wg chair; RFC Editor Subject: [Ietf-krb-wg] Document Action: 'ECC Support for PKINIT' to Informational RFC The IESG has approved the following document: - 'ECC Support for PKINIT ' <draft-zhu-pkinit-ecc-04.txt> as an Informational RFC This document is the product of the Kerberos Working Group. The IESG contact persons are Tim Polk and Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-zhu-pkinit-ecc-04.txt Technical Summary This document describes the use of Elliptic Curve certificates, Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman (ECDH) key agreement within the framework of PKINIT - the Kerberos Version 5 extension that provides for the use of public key cryptography. Working Group Summary This document represents the consensus of the Kerberos Working Group. Document Quality This document describes an optional mode of operation for the PKINIT extension to the Kerberos protocol. Several major Kerberos implementors currently support or plan to support PKINIT, and at least one has indicated an intent to support the mode of operation described in this document. Personnel The Document Shepard for this document is Jeffrey Hutzelman. The responsible Area Director is Tim Polk RFC Editor Note (1) Please replace all references to [RFC3280] with [RFC5280] (2) In Section 4, please make the following substitution for the first sentence of the first paragraph: OLD: The DHSharedSecret is the x-coordinate of the shared secret value (an elliptic curve point); DHSharedSecret is the output of operation ECSVDP-DH as described in Section 7.2.1 of [IEEE1363]. NEW: The ECDH shared secret value (an elliptic curve point) is calculated using operation ECSVDP-DH as described in Section 7.2.1 of [IEEE1363]. The x-coordinate of this point is converted to an octet string using operation FE2OSP as described in Section 5.5.4 of [IEEE1363]. This octet string is the DHSharedSecret. (3) In section 7, please make the following substitution for the first sentence of the first paragraph: OLD: When using ECDH key agreement, the recipient of an elliptic curve public key should perform certain checks to avoid the attacks described in [ECC-Validation]. NEW: When using ECDH key agreement, the recipient of an elliptic curve public key should perform the checks described in IEEE P1363 section A16.10. [IEEE1363] (4) Please remove the reference [ECC-Validation]. (5) In Section 10.1, Normative References, please make the following substitution: OLD: [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002. NEW: [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. (6) Please move reference [SEC2] from Section 10.1, Normative References, to Section 10.2, Informative References. (7) In Section 10.2, Informative References, please make the following substitution: OLD: [LENSTRA] Tung, B., Neuman, B., and S. Medvinsky, "Public Key Cryptography for Initial Authentication in Kerberos", August 2004. NEW: [LENSTRA] Lenstra, A. and E. Verheul, "Selecting Cryptographic Key Sizes", Journal of Cryptology 14 (2001) 255-293. _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg@lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg