datatracker.ietf.org
Sign in
Version 5.6.3.p2, 2014-09-29
Report a bug

Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
RFC 5349

Document type: RFC - Informational (September 2008; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5349 (Informational)
Responsible AD: Tim Polk
Send notices to: krb-wg-chairs@tools.ietf.org, draft-zhu-pkinit-ecc@tools.ietf.org

Network Working Group                                             L. Zhu
Request for Comments: 5349                                 K. Jaganathan
Category: Informational                                        K. Lauter
                                                   Microsoft Corporation
                                                          September 2008

 Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography
            for Initial Authentication in Kerberos (PKINIT)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   This document describes the use of Elliptic Curve certificates,
   Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman
   (ECDH) key agreement within the framework of PKINIT -- the Kerberos
   Version 5 extension that provides for the use of public key
   cryptography.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
   2.  Conventions Used in This Document . . . . . . . . . . . . . . . 2
   3.  Using Elliptic Curve Certificates and Elliptic Curve
       Signature Schemes . . . . . . . . . . . . . . . . . . . . . . . 2
   4.  Using the ECDH Key Exchange . . . . . . . . . . . . . . . . . . 3
   5.  Choosing the Domain Parameters and the Key Size . . . . . . . . 4
   6.  Interoperability Requirements . . . . . . . . . . . . . . . . . 6
   7.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 7
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 7
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 8

Zhu, et al.                  Informational                      [Page 1]
RFC 5349                 ECC Support for PKINIT           September 2008

1.  Introduction

   Elliptic Curve Cryptography (ECC) is emerging as an attractive
   public-key cryptosystem that provides security equivalent to
   currently popular public-key mechanisms such as RSA and DSA with
   smaller key sizes [LENSTRA] [NISTSP80057].

   Currently, [RFC4556] permits the use of ECC algorithms but it does
   not specify how ECC parameters are chosen or how to derive the shared
   key for key delivery using Elliptic Curve Diffie-Hellman (ECDH)
   [IEEE1363] [X9.63].

   This document describes how to use Elliptic Curve certificates,
   Elliptic Curve signature schemes, and ECDH with [RFC4556].  However,
   it should be noted that there is no syntactic or semantic change to
   the existing [RFC4556] messages.  Both the client and the Key
   Distribution Center (KDC) contribute one ECDH key pair using the key
   agreement protocol described in this document.

2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Using Elliptic Curve Certificates and Elliptic Curve Signature
    Schemes

   ECC certificates and signature schemes can be used in the
   Cryptographic Message Syntax (CMS) [RFC3852] [RFC3278] content type
   'SignedData'.

   X.509 certificates [RFC5280] that contain ECC public keys or are
   signed using ECC signature schemes MUST comply with [RFC3279].

   The signatureAlgorithm field of the CMS data type 'SignerInfo' can
   contain one of the following ECC signature algorithm identifiers:

      ecdsa-with-Sha1   [RFC3279]
      ecdsa-with-Sha256 [X9.62]
      ecdsa-with-Sha384 [X9.62]
      ecdsa-with-Sha512 [X9.62]

   The corresponding digestAlgorithm field contains one of the following
   hash algorithm identifiers respectively:

Zhu, et al.                  Informational                      [Page 2]
RFC 5349                 ECC Support for PKINIT           September 2008

      id-sha1           [RFC3279]
      id-sha256         [X9.62]
      id-sha384         [X9.62]
      id-sha512         [X9.62]

   Namely, id-sha1 MUST be used in conjunction with ecdsa-with-Sha1,
   id-sha256 MUST be used in conjunction with ecdsa-with-Sha256,
   id-sha384 MUST be used in conjunction with ecdsa-with-Sha384, and
   id-sha512 MUST be used in conjunction with ecdsa-with-Sha512.

   Implementations of this specification MUST support ecdsa-with-Sha256
   and SHOULD support ecdsa-with-Sha1.

4.  Using the ECDH Key Exchange

   This section describes how ECDH can be used as the Authentication

[include full document text]