CMS Symmetric Key Management and Distribution
RFC 5275
Network Working Group S. Turner
Request for Comments: 5275 IECA
Category: Standards Track June 2008
CMS Symmetric Key Management and Distribution
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document describes a mechanism to manage (i.e., set up,
distribute, and rekey) keys used with symmetric cryptographic
algorithms. Also defined herein is a mechanism to organize users
into groups to support distribution of encrypted content using
symmetric cryptographic algorithms. The mechanism uses the
Cryptographic Message Syntax (CMS) protocol and Certificate
Management over CMS (CMC) protocol to manage the symmetric keys. Any
member of the group can then later use this distributed shared key to
decrypt other CMS encrypted objects with the symmetric key. This
mechanism has been developed to support Secure/Multipurpose Internet
Mail Extensions (S/MIME) Mail List Agents (MLAs).
Turner Standards Track [Page 1]
RFC 5275 CMS SymKeyDist June 2008
Table of Contents
1. Introduction ....................................................4
1.1. Conventions Used in This Document ..........................4
1.2. Applicability to E-mail ....................................5
1.3. Applicability to Repositories ..............................5
1.4. Using the Group Key ........................................5
2. Architecture ....................................................6
3. Protocol Interactions ...........................................7
3.1. Control Attributes .........................................8
3.1.1. GL Use KEK .........................................10
3.1.2. Delete GL ..........................................14
3.1.3. Add GL Member ......................................14
3.1.4. Delete GL Member ...................................15
3.1.5. Rekey GL ...........................................16
3.1.6. Add GL Owner .......................................16
3.1.7. Remove GL Owner ....................................17
3.1.8. GL Key Compromise ..................................17
3.1.9. GL Key Refresh .....................................18
3.1.10. GLA Query Request and Response ....................18
3.1.10.1. GLA Query Request ........................18
3.1.10.2. GLA Query Response .......................19
3.1.10.3. Request and Response Types ...............19
3.1.11. Provide Cert ......................................19
3.1.12. Update Cert .......................................20
3.1.13. GL Key ............................................21
3.2. Use of CMC, CMS, and PKIX .................................23
3.2.1. Protection Layers ..................................23
3.2.1.1. Minimum Protection ........................23
3.2.1.2. Additional Protection .....................24
3.2.2. Combining Requests and Responses ...................24
3.2.3. GLA Generated Messages .............................26
3.2.4. CMC Control Attributes and CMS Signed Attributes ...27
3.2.4.1. Using cMCStatusInfoExt ....................27
3.2.4.2. Using transactionId .......................30
3.2.4.3. Using Nonces and signingTime ..............30
3.2.4.4. CMC and CMS Attribute Support
Requirements ..............................31
3.2.5. Resubmitted GL Member Messages .....................31
3.2.6. PKIX Certificate and CRL Profile ...................31
4. Administrative Messages ........................................32
4.1. Assign KEK to GL ..........................................32
4.2. Delete GL from GLA ........................................36
4.3. Add Members to GL .........................................38
4.3.1. GLO Initiated Additions ............................39
4.3.2. Prospective Member Initiated Additions .............47
4.4. Delete Members from GL ....................................49
4.4.1. GLO Initiated Deletions ............................50
Turner Standards Track [Page 2]
Show full document text