IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Carsten Bormann <cabo@tzi.org> Thu, 27 May 2021 19:57 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFFD63A0C58 for <suit@ietfa.amsl.com>; Thu, 27 May 2021 12:57:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Psd3jPHHg20c for <suit@ietfa.amsl.com>; Thu, 27 May 2021 12:57:17 -0700 (PDT)
Received: from gabriel-2.zfn.uni-bremen.de (gabriel-2.zfn.uni-bremen.de [134.102.50.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 334B23A011D for <suit@ietf.org>; Thu, 27 May 2021 12:57:17 -0700 (PDT)
Received: from client-pool2-245.vpn.uni-bremen.de (client-pool2-245.vpn.uni-bremen.de [134.102.48.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4FrdrT3bFtz316W; Thu, 27 May 2021 21:57:13 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <2A8B7C9F-487D-4F90-A3BC-DF2FC3C4D21D@vigilsec.com>
Date: Thu, 27 May 2021 21:57:13 +0200
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, suit@ietf.org
X-Mao-Original-Outgoing-Id: 643838233.137941-fb1a6735a68643a6aba98999ef1fbadb
Content-Transfer-Encoding: quoted-printable
Message-Id: <609DDBA2-DB43-46C6-85C4-D91DD08D689C@tzi.org>
References: <19586.1622075797@localhost> <2A8B7C9F-487D-4F90-A3BC-DF2FC3C4D21D@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/2n3R83mTKD-A2Ns_tiKFYs8MgsY>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 19:57:22 -0000

On 2021-05-27, at 21:40, Russ Housley <housley@vigilsec.com> wrote:
> 
> CEK = content-encryption key, which is defined in PKCS#7 and CMS.  I think the first uses are in RFC 2630 and RFC 2631.
> 
> KEK - key-encryption key, which is used in thoses same RFCs, but it was also used as early as RFC 1949.

FYI: RFC 4949, which should still be the goto resource here, has KEK, but not CEK (which is called a DEK there, if I get the analogy right — I certainly have heard CEK much more than DEK).

Grüße, Carsten

v2.8.7 | Report a Bug | By Email