PKCS #5: Password-Based Cryptography Specification Version 2.1
draft-moriarty-pkcs5-v2dot1-04

[Ballot comment]
Below is Bert Wijnen's OPS DIR review:
I did OPSDIR review for this document. Such reviews are primarily intended to check if there is any operational or network management impact. I do not see any such impact/aspects in the document, so I think the doc is ready for publication from this perspective. Some nits/questions: - Section: 5.2. PBKDFs should that be: 5.2. PBKDF2 ??? - I am somewhat surprised to see that ALL references are normative. even a reference to a slide deck:
[WANG] X. Wang, A.C. Yao, and F. Yao. Cryptanalysis on SHA-1. Presented by Adi Shamir at the rump session of CRYPTO 2005. Slides may be found currently at

This follows the essay format described at
http://www.ietf.org/iesg/template/doc-writeup.html

The individual submission/AD sponsored document is an RFC'ized
version of the original PKCS document and is presented for
publication as an Informational RFC as part of the transfer of
copyright from RSA/EMC to the IETF trust. We've done with with a
bunch of other PKCS documents previously, e.g. RFC 7292, so there's
no news here. Given the history of other PKCS series documents
transferred to the IETF, publication as an Informational RFC is
appropriate and the document is marked for proposed status as
Informational. There are no IPR declarations needed. As sponsoring
AD, in addition to IETF LC, I checked with the saag list that
nobody had issues with this document. (There are a couple of
ID-nits, which'll be fixed before or after the telechat.)

This follows the essay format described at
http://www.ietf.org/iesg/template/doc-writeup.html

The individual submission/AD sponsored document is an RFC'ized
version of the original PKCS document and is presented for
publication as an Informational RFC as part of the transfer of
copyright from RSA/EMC to the IETF trust. We've done with with a
bunch of other PKCS documents previously, e.g. RFC 7292, so there's
no news here. Given the history of other PKCS series documents
transferred to the IETF, publication as an Informational RFC is
appropriate and the document is marked for proposed status as
Informational. There are no IPR declarations needed. As sponsoring
AD, in addition to IETF LC, I checked with the saag list that
nobody had issues with this document. (There are a couple of
ID-nits, which'll be fixed before or after the telechat.)

The suggested document announcement is as follows:

  'Technical Summary

  This document provides recommendations for the implementation
  of password-based cryptography, covering key derivation
  functions, encryption schemes, message-authentication
      schemes, and ASN.1 syntax identifying the techniques.

  'Working Group Summary

  This is an individual submission being AD sponsored as a
  republication of PKCS #5 v2.1 [PKCS5_21] from RSA
  Laboratories' Public-Key Cryptography Standards (PKCS)
  series. By publishing this RFC, change control is transferred
      to the IETF.

  'Document Quality

      This is a republication of a document from a well-respected
      and widely implemented series until now maintained by
      EMC/RSA.

(Via drafts-lastcall-comment@iana.org): IESG/Authors/WG Chairs:

IANA has reviewed draft-moriarty-pkcs5-v2dot1-01.txt, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any IANA actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
IANA Specialist
ICANN

The following Last Call announcement was sent out:

From: The IESG
To: "IETF-Announce"
CC: draft-moriarty-pkcs5-v2dot1@ietf.org, stephen.farrell@cs.tcd.ie
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (PKCS #5: Password-Based Cryptography Specification Version 2.1) to Informational RFC


The IESG has received a request from an individual submitter to consider
the following document:
- 'PKCS #5: Password-Based Cryptography Specification Version 2.1'
  as Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-09-02. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document provides recommendations for the implementation of
  password-based cryptography, covering key derivation functions,
  encryption schemes, message-authentication schemes, and ASN.1 syntax
  identifying the techniques.

  The recommendations are intended for general application within
  computer and communications systems, and as such include a fair
  amount of flexibility. They are particularly intended for the
  protection of sensitive information such as private keys, as in PKCS
  #8. It is expected that application standards and implementation
  profiles based on these specifications may include additional
  constraints.

  Other cryptographic techniques based on passwords, such as password-
  based-key entity authentication and key establishment protocols are
  outside the scope of this document.  Guidelines for the selection of
  passwords are also outside the scope.

  This document represents a republication of PKCS #5 v2.1 from RSA
  Laboratories' Public-Key Cryptography Standards (PKCS) series. By
  publishing this RFC, change control is transferred to the IETF.

This document also obsoletes RFC 2898. Noting that in the abstract
and some other ID-nits will be fixed during/after IETF last call.



The file can be obtained via
https://datatracker.ietf.org/doc/draft-moriarty-pkcs5-v2dot1/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-moriarty-pkcs5-v2dot1/ballot/


No IPR declarations have been submitted directly on this I-D.