Use of Password-Based Message Authentication Code 1 (PBMAC1) in PKCS #12 Syntax
draft-ietf-lamps-rfc9579bis-06

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, debcooley1@gmail.com, draft-ietf-lamps-rfc9579bis@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rfc-editor@rfc-editor.org, spasm@ietf.org
Subject: Document Action: 'Use of Password-Based Message Authentication Code 1 (PBMAC1) in PKCS #12 Syntax' to Informational RFC (draft-ietf-lamps-rfc9579bis-06.txt)

The IESG has approved the following document:
- 'Use of Password-Based Message Authentication Code 1 (PBMAC1) in PKCS
   #12 Syntax'
  (draft-ietf-lamps-rfc9579bis-06.txt) as Informational RFC

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Paul Wouters and Deb Cooley.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc9579bis/

Ballot Text

Technical Summary

   This document specifies additions and amendments to RFCs 7292 and
   8018.  It obsoletes the RFC 9579.  It defines a way to use the
   Password-Based Message Authentication Code 1 (PBMAC1), defined in RFC
   8018, inside the PKCS #12 syntax.  The purpose of this specification
   is to permit the use of more modern Password-Based Key Derivation
   Functions (PBKDFs) and allow for regulatory compliance.

Working Group Summary

   There is support in the LAMPS WG for this document.  It allows
   implementations of PKCS#12 that use PBMAC1 to avoid the obsolete
   SHA-1 hash function.

   This document changes the specified format of password passed to the
   key derivation function.  Previously it was a BMPString, now it is
   a UTF8String.  It should be noted that the test vectors in RFC 9579
   use UTF8String encoding.  This also resolves RFC Errata 7974.

Document Quality

  There code is written and deployed.  The interoperable code implementing this
  Internet-Draft is currently shipping in Mozilla NSS, GnuTLS, and OpenSSL.

  The ASN.1 module compiles without errors.  The ASN.1 module is unchanged
  from RFC 9579.

Personnel

   The Document Shepherd for this document is Russ Housley. The Responsible
   Area Director is Deb Cooley.

RFC Editor Note