Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)
RFC 5008
Document | Type |
RFC - Historic
(September 2007; Errata)
Obsoleted by RFC 6318
Status changed by status-change-suiteb-to-historic
Was draft-housley-smime-suite-b (individual in sec area)
|
|
---|---|---|---|
Authors | Russ Housley , Jerome Solinas | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5008 (Historic) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Network Working Group R. Housley Request for Comments: 5008 Vigil Security Category: Informational J. Solinas NSA September 2007 Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME) Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This document specifies the conventions for using the United States National Security Agency's Suite B algorithms in Secure/Multipurpose Internet Mail Extensions (S/MIME) as specified in RFC 3851. 1. Introduction This document specifies the conventions for using the United States National Security Agency's Suite B algorithms [SuiteB] in Secure/Multipurpose Internet Mail Extensions (S/MIME) [MSG]. S/MIME makes use of the Cryptographic Message Syntax (CMS) [CMS]. In particular, the signed-data and the enveloped-data content types are used. Since many of the Suite B algorithms enjoy uses in other environments as well, the majority of the conventions needed for the Suite B algorithms are already specified in other documents. This document references the source of these conventions, and the relevant details are repeated to aid developers that choose to support Suite B. In a few cases, additional algorithm identifiers are needed, and they are provided in this document. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [STDWORDS]. Housley & Solinas Informational [Page 1] RFC 5008 Suite B in S/MIME September 2007 1.2. ASN.1 CMS values are generated using ASN.1 [X.208-88], the Basic Encoding Rules (BER) [X.209-88], and the Distinguished Encoding Rules (DER) [X.509-88]. 1.3. Suite B Security Levels Suite B offers two security levels: Level 1 and Level 2. Security Level 2 offers greater cryptographic strength by using longer keys. For S/MIME signed messages, Suite B follows the direction set by RFC 3278 [CMSECC], but some additional algorithm identifiers are assigned. Suite B uses these algorithms: Security Level 1 Security Level 2 ---------------- ---------------- Message Digest: SHA-256 SHA-384 Signature: ECDSA with P-256 ECDSA with P-384 For S/MIME-encrypted messages, Suite B follows the direction set by RFC 3278 [CMSECC] and follows the conventions set by RFC 3565 [CMSAES]. Again, additional algorithm identifiers are assigned. Suite B uses these algorithms: Security Level 1 Security Level 2 ---------------- ---------------- Key Agreement: ECDH with P-256 ECDH with P-384 Key Derivation: SHA-256 SHA-384 Key Wrap: AES-128 Key Wrap AES-256 Key Wrap Content Encryption: AES-128 CBC AES-256 CBC 2. SHA-256 and SHA-256 Message Digest Algorithms This section specifies the conventions employed by implementations that support SHA-256 or SHA-384 [SHA2]. In Suite B, Security Level 1, the SHA-256 message digest algorithm MUST be used. In Suite B, Security Level 2, SHA-384 MUST be used. Within the CMS signed-data content type, message digest algorithm identifiers are located in the SignedData digestAlgorithms field and the SignerInfo digestAlgorithm field. Also, message digest values are located in the Message Digest authenticated attribute. In addition, message digest values are input into signature algorithms. The SHA-256 and SHA-384 message digest algorithms are defined in FIPS Pub 180-2 [SHA2, EH]. The algorithm identifier for SHA-256 is: Housley & Solinas Informational [Page 2] RFC 5008 Suite B in S/MIME September 2007 id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } The algorithm identifier for SHA-384 is: id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } There are two possible encodings for the AlgorithmIdentifier parameters field. The two alternatives arise from the fact that when the 1988 syntax for AlgorithmIdentifier was translated into the 1997 syntax, the OPTIONAL associated with the AlgorithmIdentifierShow full document text