Updates to SFrame Cipher Suites Registry
draft-barnes-sframe-iana-256-00
| Document | Type | Active Internet-Draft (individual in sec area) | |
|---|---|---|---|
| Authors | Richard Barnes , Emad Omara , Aron Rosenberg | ||
| Last updated | 2025-10-31 (Latest revision 2025-09-18) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources |
Mailing List
|
||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | AD Evaluation::AD Followup | |
| Action Holder | |||
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | Orie Steele | ||
| Send notices to | (None) |
draft-barnes-sframe-iana-256-00
Secure Media Frames R. Barnes
Internet-Draft Cisco
Intended status: Informational E. Omara
Expires: 22 March 2026 A. Rosenberg
Apple
18 September 2025
Updates to SFrame Cipher Suites Registry
draft-barnes-sframe-iana-256-00
Abstract
This document addresses two omissions in the Secure Frames (SFrame)
protocol specification. First, the definition of the IANA registry
for SFrame ciphersuites omits several important fields. This
document requests that IANA add those fields and defines the contents
of those fields for current entries. Second, the AEAD construction
based on AES-CTR and HMAC is defined only for the 128-bit security
level. This document registers parallel constructions at the 256-bit
security level.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://bifurcation.github.io/sframe-iana-256/draft-barnes-sframe-
iana-256.html. Status information for this document may be found at
https://datatracker.ietf.org/doc/draft-barnes-sframe-iana-256/.
Discussion of this document takes place on the Secure Media Frames
Working Group mailing list (mailto:sframe@ietf.org), which is
archived at https://mailarchive.ietf.org/arch/browse/sframe/.
Subscribe at https://www.ietf.org/mailman/listinfo/sframe/.
Source for this draft and an issue tracker can be found at
https://github.com/bifurcation/sframe-iana-256.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Barnes, et al. Expires 22 March 2026 [Page 1]
Internet-Draft SFrame IANA Updates September 2025
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 22 March 2026.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. AES-256-CTR with HMAC-SHA512 . . . . . . . . . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
5.1. "SFrame Cipher Suites" Registry Update . . . . . . . . . 4
5.2. Cipher Suites for AES-256-CTR with HMAC-SHA512 . . . . . 5
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
6.1. Normative References . . . . . . . . . . . . . . . . . . 5
6.2. Informative References . . . . . . . . . . . . . . . . . 6
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 6
A.1. AEAD Encryption/Decryption Using AES-CTR and HMAC . . . . 6
A.2. SFrame Encryption/Decryption . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
The Secure Frames (SFrame) protocol specification defines an IANA
registry for cipher suites. The initial definition in Section 8.1 of
[RFC9605] is missing several important fields. This document
requests that IANA add those fields and defines the contents of those
fields for current entries. We also define new entries that extend
the SFrame CTR+HMAC construction to support AES-256.
Barnes, et al. Expires 22 March 2026 [Page 2]
Internet-Draft SFrame IANA Updates September 2025
This document addresses two omissions in the Secure Frames (SFrame)
protocol specification [RFC9605]. First, the definition in
Section 8.1 of [RFC9605] of the IANA registry for SFrame ciphersuites
omits several important fields. This document requests that IANA add
those fields and defines the contents of those fields for current
entries. Second, the AEAD construction based on AES-CTR and HMAC (in
Section 4.5.1 of [RFC9605]) is defined only for the 128-bit security
level. This document registers parallel constructions at the 256-bit
security level.
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. AES-256-CTR with HMAC-SHA512
Section 4.5.1 of [RFC9605] defines a compound authenticated
encryption construction, using the unauthenticated CTR mode of AES
for encryption and HMAC for authentication.
The original specification only defines cipher suite values for
instances of this construction using AES-128-CTR and HMAC-SHA256.
The construction works the same way when used with AES-256-CTR and
HMAC-SHA512. The only differences are in the lengths of some SFrame-
internal fields:
* The keys generated by SFrame-internal key derivation
(derive_key_salt) are longer to match the needs of AES-256-CTR and
HMAC-SHA512 (96 bytes vs 48 bytes for AES-128-CTR and HMAC-
SHA256).
* The initial tag value tag in compute_tag is 64 bytes instead of 32
bytes.
Identifiers for cipher suites using AES-256-CTR and HMAC-SHA512 are
defined in Section 5.2.
4. Security Considerations
The registry changes in this document have no affect on the security
of SFrame.
Barnes, et al. Expires 22 March 2026 [Page 3]
Internet-Draft SFrame IANA Updates September 2025
The new algorithms registered by this document allow the CTR+HMAC
construction to be used in environments that require a 256-bit
security level.
5. IANA Considerations
This document makes two requests of IANA: Updating the columns in the
"SFrame Cipher Suites" registry and adding entries to the updated
registry for the new cipher suites defined in this document.
5.1. "SFrame Cipher Suites" Registry Update
The SFrame Cipher Suites registry should be updated to add the
following columns:
* Nh: The size in bytes of the output of the hash function
* Nka: For cipher suites using the compound AEAD described in
Section 4.5.1 of [RFC9605], the size in bytes of a key for the
underlying encryption algorithm
* Nk: The size in bytes of a key for the encryption algorithm
* Nn: The size in bytes of a nonce for the encryption algorithm
* Nt: The overhead in bytes of the encryption algorithm (typically
the size of a "tag" that is added to the plaintext)
The "Change Controller" entry should be removed.
Table 1 illustrates the new structure of the registry, and provides
the required values for the currently registered entries.
Barnes, et al. Expires 22 March 2026 [Page 4]
Internet-Draft SFrame IANA Updates September 2025
+========+============================+==+===+==+==+==+=+===========+
| Value | Name |Nh|Nka|Nk|Nn|Nt|R| Reference |
+========+============================+==+===+==+==+==+=+===========+
| 0x0000 | Reserved |- |- |- |- |- |-| RFC 9605 |
+--------+----------------------------+--+---+--+--+--+-+-----------+
| 0x0001 | AES_128_CTR_HMAC_SHA256_80 |32|16 |48|12|10|Y| RFC 9605 |
+--------+----------------------------+--+---+--+--+--+-+-----------+
| 0x0002 | AES_128_CTR_HMAC_SHA256_64 |32|16 |48|12|8 |Y| RFC 9605 |
+--------+----------------------------+--+---+--+--+--+-+-----------+
| 0x0003 | AES_128_CTR_HMAC_SHA256_32 |32|16 |48|12|4 |Y| RFC 9605 |
+--------+----------------------------+--+---+--+--+--+-+-----------+
| 0x0004 | AES_128_GCM_SHA256_128 |32|n/a|16|12|16|Y| RFC 9605 |
+--------+----------------------------+--+---+--+--+--+-+-----------+
| 0x0005 | AES_256_GCM_SHA512_128 |64|n/a|32|12|16|Y| RFC 9605 |
+--------+----------------------------+--+---+--+--+--+-+-----------+
| 0xF000 | Reserved for Private Use |- |- |- |- |- |-| RFC 9605 |
| - | | | | | | | | |
| 0xFFFF | | | | | | | | |
+--------+----------------------------+--+---+--+--+--+-+-----------+
Table 1: New structure and contents of the SFrame Cipher Suites
registry
5.2. Cipher Suites for AES-256-CTR with HMAC-SHA512
The following new entries should be added to the SFrame Cipher Suites
registry:
+======+============================+==+===+==+==+==+=+===========+
|Value | Name |Nh|Nka|Nk|Nn|Nt|R| Reference |
+======+============================+==+===+==+==+==+=+===========+
|0x0006| AES_256_CTR_HMAC_SHA512_80 |64|32 |96|12|10|Y| RFC XXXX |
+------+----------------------------+--+---+--+--+--+-+-----------+
|0x0007| AES_256_CTR_HMAC_SHA512_64 |64|32 |96|12|8 |Y| RFC XXXX |
+------+----------------------------+--+---+--+--+--+-+-----------+
|0x0008| AES_256_CTR_HMAC_SHA512_32 |64|32 |96|12|4 |Y| RFC XXXX |
+------+----------------------------+--+---+--+--+--+-+-----------+
Table 2: New entries SFrame Cipher Suites registry
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>.
Barnes, et al. Expires 22 March 2026 [Page 5]
Internet-Draft SFrame IANA Updates September 2025
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
[RFC9605] Omara, E., Uberti, J., Murillo, S. G., Barnes, R., Ed.,
and Y. Fablet, "Secure Frame (SFrame): Lightweight
Authenticated Encryption for Real-Time Media", RFC 9605,
DOI 10.17487/RFC9605, August 2024,
<https://www.rfc-editor.org/rfc/rfc9605>.
6.2. Informative References
[TestVectors]
"SFrame Test Vectors", September 2025,
<https://github.com/bifurcation/sframe-iana-256/blob/main/
test-vectors/test-vectors-aes256.json>.
Appendix A. Test Vectors
This section provides a set of test vectors that implementations can
use to verify that they correctly implement SFrame encryption and
decryption with the cipher suites registered in this document. Test
vectors are provided for both the AES-256-CTR-HMAC construction and
for full SFrame encryption with the new cipher suites.
All values are either numeric or byte strings. Numeric values are
represented as hex values, prefixed with 0x. Byte strings are
represented in hex encoding.
Line breaks and whitespace within values are inserted to conform to
the width requirements of the RFC format. They should be removed
before use.
These test vectors are also available in JSON format at
[TestVectors]. In the JSON test vectors, numeric values are JSON
numbers and byte string values are JSON strings containing the hex
encoding of the byte strings.
A.1. AEAD Encryption/Decryption Using AES-CTR and HMAC
For each case, we provide:
* cipher_suite: The index of the cipher suite in use (see
Section 5.1)
* key: The key input to encryption/decryption
Barnes, et al. Expires 22 March 2026 [Page 6]
Internet-Draft SFrame IANA Updates September 2025
* enc_key: The encryption subkey produced by the derive_subkeys()
algorithm
* auth_key: The encryption subkey produced by the derive_subkeys()
algorithm
* nonce: The nonce input to encryption/decryption
* aad: The aad input to encryption/decryption
* pt: The plaintext
* ct: The ciphertext
An implementation should verify that the following are true, where
AEAD.Encrypt and AEAD.Decrypt are as defined in Section 4.5.1 of
[RFC9605]:
* AEAD.Encrypt(key, nonce, aad, pt) == ct
* AEAD.Decrypt(key, nonce, aad, ct) == pt
The other values in the test vector are intermediate values provided
to facilitate debugging of test failures.
A.2. SFrame Encryption/Decryption
For each case, we provide:
* cipher_suite: The index of the cipher suite in use (see
Section 5.1)
* kid: A KID value
* ctr: A CTR value
* base_key: The base_key input to the derive_key_salt algorithm
* sframe_key_label: The label used to derive sframe_key in the
derive_key_salt algorithm
* sframe_salt_label: The label used to derive sframe_salt in the
derive_key_salt algorithm
* sframe_secret: The sframe_secret variable in the derive_key_salt
algorithm
Barnes, et al. Expires 22 March 2026 [Page 7]
Internet-Draft SFrame IANA Updates September 2025
* sframe_key: The sframe_key value produced by the derive_key_salt
algorithm
* sframe_salt: The sframe_salt value produced by the derive_key_salt
algorithm
* metadata: The metadata input to the SFrame encrypt algorithm
* pt: The plaintext
* ct: The SFrame ciphertext
An implementation should verify that the following are true, where
encrypt and decrypt are as defined in Section 4.4 of [RFC9605], using
an SFrame context initialized with base_key assigned to kid:
* encrypt(ctr, kid, metadata, plaintext) == ct
* decrypt(metadata, ct) == pt
The other values in the test vector are intermediate values provided
to facilitate debugging of test failures.
Barnes, et al. Expires 22 March 2026 [Page 8]
Internet-Draft SFrame IANA Updates September 2025
cipher_suite: 0x0006
kid: 0x0000000000000123
ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230006
sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300
06
sframe_secret: 0fc3ea6de6aac97a35f194cf9bed94d4
b5230f1cb45a785c9fe5dce9c188938a
b6ba005bc4c0a19181599e9d1bcf7b74
aca48b60bf5e254e546d809313e083a3
sframe_key: 3c343886ec1c79278836863e00fe934c
8894460cfa367ebdc4856b0a9268a4f4
fb99437876819394ef90b10ee12602d0
23f7128ee50f2314c2cc3cff4c56616d
2fe03ad2a254cc2ed29b2a4d3f2534c0
dda9e7c391ad1917ea07aa221dd4b224
sframe_salt: e082f7ce012ad30c87c49e3f
metadata: 4945544620534672616d65205747
nonce: e082f7ce012ad30c87c4db58
aad: 99012345674945544620534672616d65
205747
pt: 64726166742d696574662d736672616d
652d656e63
ct: 9901234567b369e03ec6467ad505ddc8
4914115069280c5c797555be6e32cde6
ac25bc9e
Barnes, et al. Expires 22 March 2026 [Page 9]
Internet-Draft SFrame IANA Updates September 2025
cipher_suite: 0x0007
kid: 0x0000000000000123
ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230007
sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300
07
sframe_secret: 0fc3ea6de6aac97a35f194cf9bed94d4
b5230f1cb45a785c9fe5dce9c188938a
b6ba005bc4c0a19181599e9d1bcf7b74
aca48b60bf5e254e546d809313e083a3
sframe_key: 7271d6c6cbccd2e2343d480ebea65718
a7bb379eefcf3f8d107c1e2a76e75529
3a497fd9e4e8291b965161987ef4ef24
983eabb06cb0a392defaab18654780a3
9c106ffa4a47d4183a6e593cd0c1bcab
2b9c6dcf049215845bfb7580c4dea80e
sframe_salt: 46b4367993a314910d4d9f3d
metadata: 4945544620534672616d65205747
nonce: 46b4367993a314910d4dda5a
aad: 99012345674945544620534672616d65
205747
pt: 64726166742d696574662d736672616d
652d656e63
ct: 990123456797cb5644d8831ff8bdc080
249990b24b569144cab2a87be22c20d9
7976
Barnes, et al. Expires 22 March 2026 [Page 10]
Internet-Draft SFrame IANA Updates September 2025
cipher_suite: 0x0008
kid: 0x0000000000000123
ctr: 0x0000000000004567
base_key: 000102030405060708090a0b0c0d0e0f
sframe_key_label: 534672616d6520312e30205365637265
74206b65792000000000000001230008
sframe_salt_label: 534672616d6520312e30205365637265
742073616c7420000000000000012300
08
sframe_secret: 0fc3ea6de6aac97a35f194cf9bed94d4
b5230f1cb45a785c9fe5dce9c188938a
b6ba005bc4c0a19181599e9d1bcf7b74
aca48b60bf5e254e546d809313e083a3
sframe_key: afe92c81e0df8c00fab619e0559fe5ae
efce1ef77789d4c728af1b1c1f2e3552
c405d274415a5291ec075c2d9954c450
fbd36682a4e978494808b703ce78b409
f9fec29b91e6e703a75c4131377c80c9
d51b8906088092452e2593eb142eea2d
sframe_salt: f6de647bac1263524cfb6533
metadata: 4945544620534672616d65205747
nonce: f6de647bac1263524cfb2054
aad: 99012345674945544620534672616d65
205747
pt: 64726166742d696574662d736672616d
652d656e63
ct: 9901234567112a94a288b85b49ffef1d
279f2830165c39d76cac8884011c
Authors' Addresses
Richard Barnes
Cisco
Email: rlb@ipv.sx
Emad Omara
Apple
Email: eomara@apple.com
Aron Rosenberg
Apple
Email: aron.rosenberg@apple.com
Barnes, et al. Expires 22 March 2026 [Page 11]