datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

Encryption and Checksum Specifications for Kerberos 5
RFC 3961

Document type: RFC - Proposed Standard (February 2005; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3961 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: <jhutz+@cmu.edu>

Network Working Group                                         K. Raeburn
Request for Comments: 3961                                           MIT
Category: Standards Track                                  February 2005

                 Encryption and Checksum Specifications
                             for Kerberos 5

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes a framework for defining encryption and
   checksum mechanisms for use with the Kerberos protocol, defining an
   abstraction layer between the Kerberos protocol and related
   protocols, and the actual mechanisms themselves.  The document also
   defines several mechanisms.  Some are taken from RFC 1510, modified
   in form to fit this new framework and occasionally modified in
   content when the old specification was incorrect.  New mechanisms are
   presented here as well.  This document does NOT indicate which
   mechanisms may be considered "required to implement".

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Concepts  . . . . . . . . . . . . . . . . . . . . . . . . . .  2
   3.  Encryption Algorithm Profile  . . . . . . . . . . . . . . . .  4
   4.  Checksum Algorithm Profile  . . . . . . . . . . . . . . . . .  9
   5.  Simplified Profile for CBC Ciphers with Key Derivation  . . . 10
       5.1.  A Key Derivation Function . . . . . . . . . . . . . . . 10
       5.2.  Simplified Profile Parameters . . . . . . . . . . . . . 12
       5.3.  Cryptosystem Profile Based on Simplified Profile  . . . 13
       5.4.  Checksum Profiles Based on Simplified Profile . . . . . 16
   6.  Profiles for Kerberos Encryption and Checksum Algorithms  . . 16
       6.1.  Unkeyed Checksums . . . . . . . . . . . . . . . . . . . 17
       6.2.  DES-based Encryption and Checksum Types . . . . . . . . 18
       6.3.  Triple-DES Based Encryption and Checksum Types  . . . . 28
   7.  Use of Kerberos Encryption Outside This Specification . . . . 30

Raeburn                     Standards Track                     [Page 1]
RFC 3961         Encryption and Checksum Specifications    February 2005

   8.  Assigned Numbers  . . . . . . . . . . . . . . . . . . . . . . 31
   9.  Implementation Notes  . . . . . . . . . . . . . . . . . . . . 32
   10. Security Considerations . . . . . . . . . . . . . . . . . . . 33
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
   12. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 36
   A.  Test vectors  . . . . . . . . . . . . . . . . . . . . . . . . 38
       A.1.  n-fold  . . . . . . . . . . . . . . . . . . . . . . . . 38
       A.2.  mit_des_string_to_key . . . . . . . . . . . . . . . . . 39
       A.3.  DES3 DR and DK  . . . . . . . . . . . . . . . . . . . . 43
       A.4.  DES3string_to_key . . . . . . . . . . . . . . . . . . . 44
       A.5.  Modified CRC-32 . . . . . . . . . . . . . . . . . . . . 44
   B.  Significant Changes from RFC 1510 . . . . . . . . . . . . . . 45
   Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
   Normative References. . . . . . . . . . . . . . . . . . . . . . . 47
   Informative References. . . . . . . . . . . . . . . . . . . . . . 48
   Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . . 49
   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 50

1.  Introduction

   The Kerberos protocols [Kerb] are designed to encrypt messages of
   arbitrary sizes, using block encryption ciphers or, less commonly,
   stream encryption ciphers.  Encryption is used to prove the
   identities of the network entities participating in message
   exchanges.  However, nothing in the Kerberos protocol requires that
   any specific encryption algorithm be used, as long as the algorithm
   includes certain operations.

   The following sections specify the encryption and checksum mechanisms
   currently defined for Kerberos, as well as a framework for defining
   future mechanisms.  The encoding, chaining, padding, and other
   requirements for each are described.  Appendix A gives test vectors
   for several functions.

2.  Concepts

   Both encryption and checksum mechanisms are profiled in later
   sections.  Each profile specifies a collection of operations and
   attributes that must be defined for a mechanism.  A Kerberos
   encryption or checksum mechanism specification is not complete if it

[include full document text]