Re: [lamps] Call for adoption of draft-housley-lamps-cms-aes-mac-alg
Russ Housley <housley@vigilsec.com> Fri, 13 November 2020 21:14 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3323A0A25 for <spasm@ietfa.amsl.com>; Fri, 13 Nov 2020 13:14:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qUedxgFDYA30 for <spasm@ietfa.amsl.com>; Fri, 13 Nov 2020 13:14:06 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4DB93A0A0B for <spasm@ietf.org>; Fri, 13 Nov 2020 13:14:05 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 2BC99300B6A for <spasm@ietf.org>; Fri, 13 Nov 2020 16:14:03 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id hKoQHgdOLfiT for <spasm@ietf.org>; Fri, 13 Nov 2020 16:14:01 -0500 (EST)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 2B85C300A48; Fri, 13 Nov 2020 16:14:01 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <9510208E-6E71-4254-A701-E077AFABA4F2@akamai.com>
Date: Fri, 13 Nov 2020 16:14:02 -0500
Cc: LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D47A01A-4089-4F6F-8D90-907A878010ED@vigilsec.com>
References: <MN2PR14MB3167E8089405296BFF0E924083E70@MN2PR14MB3167.namprd14.prod.outlook.com> <16255.1605219019@localhost> <9510208E-6E71-4254-A701-E077AFABA4F2@akamai.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, Rich Salz <rsalz@akamai.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/fIp7u43_fAwhrQsviSTlMkIuYDY>
Subject: Re: [lamps] Call for adoption of draft-housley-lamps-cms-aes-mac-alg
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 21:14:08 -0000
Here is my proposed addition for the Example. Please let me know if it does not meet your needs.
Russ
= = = = = = = = =
Appendix: AuthenticatedData Example
This example shows the establishment of an AES-256 key-encryption
key to distribute the AES-128-GMAC content-authentication key.
The content-authentication key is encrypted using AES-256-KEYWRAP.
Thus, any party in possession of the key-encryption key could have
produced the autenticated message. The recipient only knows that
the message was produced by one of those parties.
The AES-256 key-encryption key, in hexadecimal:
0b4db8bfae5d202c2dffaa6746658c7edf7a2c100fe8c8a74fc198b2cd9b7419
The identifier assigned to the key-encryption key is:
fb6f2b3952fd7449d298f68aa4bcd94d
The date used with this identifier is:
20201110120000Z
The DER encoding of the AuthenticatedData encapsulated in the
ContentInfo produces 289 octets, which are
shown in hexadecimal:
3082011d060b2a864886f70d0109100102a082010c308201080201003151a24f
02010430230410fb6f2b3952fd7449d298f68aa4bcd94d180f32303230313131
303132303030305a300b060960864801650304012d04180cc1b55b29628000d7
005dc34b7e4ca2dc6735d53ae4def1301b0609608648016503040109300e040c
bd4fecfd737d29e5419f307ea10b0609608648016503040201302b06092a8648
86f70d010701a01e041c5468697320697320736f6d652073616d706c6520636f
6e74656e742ea24b301806092a864886f70d010903310b06092a864886f70d01
0701302f06092a864886f70d01090431220420c875df2a4210704a9edddbb6df
cc870471168f904d183318bbf184ac0b045e53040c86e90edca0be9fd74dd59c
37
Decoding this ASN.1 structure gives:
0 285: SEQUENCE {
4 11: OBJECT IDENTIFIER authData (1 2 840 113549 1 9 16 1 2)
17 268: [0] {
21 264: SEQUENCE {
25 1: INTEGER 0
28 81: SET {
30 79: [2] {
32 1: INTEGER 4
35 35: SEQUENCE {
37 16: OCTET STRING
: FB 6F 2B 39 52 FD 74 49 D2 98 F6 8A A4 BC D9 4D
55 15: GeneralizedTime 10/11/2020 12:00:00 GMT
: }
72 11: SEQUENCE {
74 9: OBJECT IDENTIFIER
: aes256-wrap (2 16 840 1 101 3 4 1 45)
: }
85 24: OCTET STRING
: 0C C1 B5 5B 29 62 80 00 D7 00 5D C3 4B 7E 4C A2
: DC 67 35 D5 3A E4 DE F1
: }
: }
111 27: SEQUENCE {
113 9: OBJECT IDENTIFIER
: aes128-GMAC (2 16 840 1 101 3 4 1 9)
124 14: SEQUENCE {
126 12: OCTET STRING BD 4F EC FD 73 7D 29 E5 41 9F 30 7E
: }
: }
140 11: [1] {
142 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: }
153 43: SEQUENCE {
155 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
166 30: [0] {
168 28: OCTET STRING 'This is some sample content.'
: }
: }
198 75: [2] {
200 24: SEQUENCE {
202 9: OBJECT IDENTIFIER
: contentType (1 2 840 113549 1 9 3)
213 11: SET {
215 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
: }
: }
226 47: SEQUENCE {
228 9: OBJECT IDENTIFIER
: messageDigest (1 2 840 113549 1 9 4)
239 34: SET {
241 32: OCTET STRING
: C8 75 DF 2A 42 10 70 4A 9E DD DB B6 DF CC 87 04
: 71 16 8F 90 4D 18 33 18 BB F1 84 AC 0B 04 5E 53
: }
: }
: }
275 12: OCTET STRING 86 E9 0E DC A0 BE 9F D7 4D D5 9C 37
: }
: }
: }
The authenticated content is: 'This is some sample content.'
- [lamps] Call for adoption of draft-housley-lamps-… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-housley-la… Michael Richardson
- Re: [lamps] Call for adoption of draft-housley-la… Brockhaus, Hendrik
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Salz, Rich
- Re: [lamps] Call for adoption of draft-housley-la… Jonathan Hammell
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Jonathan Hammell
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Michael Richardson
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Dang, Quynh H. (Fed)
- Re: [lamps] Call for adoption of draft-housley-la… Brockhaus, Hendrik
- Re: [lamps] Call for adoption of draft-housley-la… Panos Kampanakis (pkampana)
- Re: [lamps] Call for adoption of draft-housley-la… Sean Turner
- Re: [lamps] Call for adoption of draft-housley-la… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-housley-la… Russ Housley
- Re: [lamps] Call for adoption of draft-housley-la… Tim Hollebeek