Use of the Elliptic Curve Diffie-Hellamn Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS)
draft-ietf-curdle-cms-ecdh-new-curves-02

Document Type Active Internet-Draft (curdle WG)
Last updated 2017-03-27
Replaces draft-housley-cms-ecdh-new-curves
Stream IETF
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream WG state In WG Last Call
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Internet-Draft                                                R. Housley
Intended status: Standards Track                          Vigil Security
Expires: 27 September 2017                                 27 March 2017

    Use of the Elliptic Curve Diffie-Hellamn Key Agreement Algorithm
     with X25519 and X448 in the Cryptographic Message Syntax (CMS)

             <draft-ietf-curdle-cms-ecdh-new-curves-02.txt>

Abstract

   This document describes the conventions for using Elliptic Curve
   Diffie-Hellamn (ECDH) key agreement algorithm using curve25519 and
   curve448 in the Cryptographic Message Syntax (CMS).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 27 September 2017.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Housley              Using X25519 and X448 with CMS             [Page 1]
Internet-Draft                                                March 2017

1.  Introduction

   This document describes the conventions for using Elliptic Curve
   Diffie-Hellamn (ECDH) key agreement using curve25519 and curve448
   [CURVE] in the Cryptographic Message Syntax (CMS) [CMS].  Key
   agreement is supported in three CMS content types: the enveloped-data
   content type [CMS], authenticated-data content type [CMS], and the
   authenticated-enveloped-data content type [AUTHENV].

   The conventions for using some Elliptic Curve Cryptography (ECC)
   algorithms in CMS are described in [CMSECC].  These conventions cover
   the use of ECDH with some curves other than curve25519 and curve448
   [CURVE].  Those other curves are not deprecated, but support for
   curve25519 and curve448 is encouraged.

   Using curve25519 with Diffie-Hellman key agreement is referred to as
   X25519.  Using curve448 with Diffie-Hellman key agreement is referred
   to as X448.

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [STDWORDS].

1.2.  ASN.1

   CMS values are generated using ASN.1 [X680], which uses the Basic
   Encoding Rules (BER) and the Distinguished Encoding Rules (DER)
   [X690].

2.  Key Agreement

   In 1976, Diffie and Hellman describe a means for two parties to agree
   upon a shared secret value in manner that prevents eavesdroppers from
   learning the shared secret value [DH1976].  This secret may then be
   converted into pairwise symmetric keying material for use with other
   cryptographic algorithms.  Over the years, many variants of this
   fundamental technique have been developed.  This document describes
   the conventions for using Ephemeral-Static Elliptic Curve Diffie-
   Hellamn (ECDH) key agreement using X25519 and X448 [CURVE].

   The originator uses an ephemeral public/private key pair that is
   generated on the same elliptic curve as the public key of the
   recipient.  The ephemeral key pair is used for a single CMS protected
   content type, and then it is discarded.  The originator obtains the
   recipient's static public key from the recipient's certificate
   [PROFILE].

Housley              Using X25519 and X448 with CMS             [Page 2]
Internet-Draft                                                March 2017

   X25519 is described in Section 6.1 of [CURVE], and X448 is described
Show full document text