Skip to main content

Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
RFC 5349

Revision differences

Document history

Date Rev. By Action
2015-10-14
04 (System) Notify list changed from krb-wg-chairs@ietf.org, draft-zhu-pkinit-ecc@ietf.org to (None)
2012-08-22
04 (System) post-migration administrative database adjustment to the No Objection position for Pasi Eronen
2008-09-25
04 Cindy Morgan State Changes to RFC Published from RFC Ed Queue by Cindy Morgan
2008-09-25
04 Cindy Morgan [Note]: 'RFC 5349' added by Cindy Morgan
2008-09-22
04 (System) RFC published
2008-08-01
04 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2008-07-31
04 (System) IANA Action state changed to No IC from In Progress
2008-07-31
04 (System) IANA Action state changed to In Progress
2008-07-31
04 Cindy Morgan IESG state changed to Approved-announcement sent
2008-07-31
04 Cindy Morgan IESG has approved the document
2008-07-31
04 Cindy Morgan Closed "Approve" ballot
2008-07-29
04 Pasi Eronen [Ballot comment]
2008-07-29
04 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Undefined by Pasi Eronen
2008-07-29
04 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to Undefined from Discuss by Pasi Eronen
2008-06-06
04 (System) Removed from agenda for telechat - 2008-06-05
2008-06-05
04 Cindy Morgan State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Cindy Morgan
2008-06-05
04 Pasi Eronen
[Ballot comment]
Informative References:
> [LENSTRA]  Tung, B., Neuman, B., and S. Medvinsky, "Public Key
>            Cryptography for Initial Authentication …
[Ballot comment]
Informative References:
> [LENSTRA]  Tung, B., Neuman, B., and S. Medvinsky, "Public Key
>            Cryptography for Initial Authentication in Kerberos",
>            August 2004.

Is this supposed to refer to some paper by Arjen Lenstra?

It seems reference [SEC2] could be informative (all the EC things
should be in X9.62/X9.63/IEEE1363).
2008-06-05
04 Pasi Eronen
[Ballot discuss]
Section 4:
> The DHSharedSecret is the x-coordinate of the shared secret value
> (an elliptic curve point); DHSharedSecret is the output of …
[Ballot discuss]
Section 4:
> The DHSharedSecret is the x-coordinate of the shared secret value
> (an elliptic curve point); DHSharedSecret is the output of operation
> ECSVDP-DH as described in Section 7.2.1 of [IEEE1363].

This text needs some clarification (DHSharedSecret can't be both the
x-coordinate of some point and the output of the ECSVDP-DH operation;
and the text needs to say how the x-coordinate is converted to an
octet string).

Suggested rephrasing: The ECDH shared secret value (an elliptic curve
point) is calculated using operation ECSVDP-DH as described in Section
7.2.1 of [IEEE1363]. The x-coordinate of this point is converted to an
octet string using operation FE2OSP as described in Section 5.5.4 of
[IEEE1363]. This octet string is the DHSharedSecret.

Section 7:
> When using ECDH key agreement, the recipient of an elliptic curve
> public key should perform certain checks to avoid the attacks
> described in [ECC-Validation].

Do we have any better reference for the "certain checks"; e.g.
something in IEEE P1363 or X9.62/63?
2008-06-05
04 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2008-06-05
04 Russ Housley
[Ballot comment]
The document refers to RFC 3280.  Please update the reference to
  point to RFC 5280.  I can't think of any …
[Ballot comment]
The document refers to RFC 3280.  Please update the reference to
  point to RFC 5280.  I can't think of any reason why a reference to
  the older document is preferable.
2008-06-05
04 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2008-06-05
04 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2008-06-04
04 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2008-06-03
04 Chris Newman
[Ballot comment]
Having a normative reference to the publication of a consortium with only
one listed member seems questionable to me.  However, that reference
seems …
[Ballot comment]
Having a normative reference to the publication of a consortium with only
one listed member seems questionable to me.  However, that reference
seems unnecessary given the FIPS-186-2 reference so I suppose it's
mostly harmless for an informational RFC.
2008-06-03
04 Chris Newman
[Ballot comment]
Having a normative reference to the publication of a consortium with only
one listed member seems questionable to me.  However, that reference
seems …
[Ballot comment]
Having a normative reference to the publication of a consortium with only
one listed member seems questionable to me.  However, that reference
seems unnecessary given the FIPS-186-2 reference so I suppose it's
mostly harmless for an infromational RFC.
2008-06-03
04 Chris Newman [Ballot Position Update] Position for Chris Newman has been changed to No Objection from Discuss by Chris Newman
2008-06-03
04 Chris Newman [Ballot Position Update] New position, Discuss, has been recorded by Chris Newman
2008-06-03
04 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2008-06-02
04 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2008-05-29
04 Tim Polk [Ballot Position Update] New position, Yes, has been recorded for Tim Polk
2008-05-29
04 Tim Polk Ballot has been issued by Tim Polk
2008-05-29
04 Tim Polk Created "Approve" ballot
2008-05-29
04 Tim Polk State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Tim Polk
2008-05-29
04 Tim Polk Placed on agenda for telechat - 2008-06-05 by Tim Polk
2008-03-28
04 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Scott Kelly.
2008-03-07
04 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2008-03-05
04 Amanda Baber IANA Last Call comments:

As described in the IANA Considerations section, we understand this document
to have NO IANA Actions.
2008-02-25
04 Samuel Weiler Request for Last Call review by SECDIR is assigned to Scott Kelly
2008-02-25
04 Samuel Weiler Request for Last Call review by SECDIR is assigned to Scott Kelly
2008-02-22
04 Amy Vezza Last call sent
2008-02-22
04 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2008-02-22
04 Tim Polk State Changes to Last Call Requested from Publication Requested by Tim Polk
2008-02-22
04 Tim Polk Last Call was requested by Tim Polk
2008-02-22
04 (System) Ballot writeup text was added
2008-02-22
04 (System) Last call text was added
2008-02-22
04 (System) Ballot approval text was added
2008-01-28
04 Tim Polk Responsible AD has been changed to Tim Polk from Sam Hartman
2007-11-15
04 Dinara Suleymanova
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, …
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

>> The Document Shepard for this document is Jeffrey Hutzelman,
>> <jhutz@cmu.edu>. I have reviewed this document, and I believe
>> it is ready for IETF-wide review and publication as a
>> Proposed Standard.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

>> This document has received review both within the working group
>> and from key experts outside the working group. Any issues raised
>> have been resolved.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

>> This document adds support for use of elliptic curve crypto to
>> an existing protocol. As such, it does require some review by
>> individuals with expertise in that area. I believe that there
>> has been sufficient review, but of course, more is always welcome.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

>> I have no concerns. This document is a fairly straightforward
>> specification of an optional feature for PKINIT. No IPR
>> disclosures related to this document have been filed.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

>> There is concensus within the working group to publish this
>> document. While there has not been broad interest in working
>> on this document, there has been support from several active
>> WG members, and there have been no objections to moving forward.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

>> There have been no expressions of discontent.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

>> This document has been run through the idnits tool, and was
>> reviewed manually for compliance with requirements not checked
>> by the automatic tool. No additional formal review criteria
>> apply to this document.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

>> References have been split appropriately. There is presently
>> a normative downreference to RFC 3278, an informational RFC
>> specifying the use of elliptic curve cryptography (ECC) with
>> the Cryptographic Message Syntax (CMS). This is a key reference,
>> as PKINIT makes use of CMS messages, and the present document
>> describes how to use PKINIT with ECC.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC2434]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

>> This document requires no IANA actions. It specifies
>> protocol extensions to allow the use of new cryptographic
>> algorithms, all of which are identified by OID's assigned
>> elsewhere.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

>> No part of this document is written in a formal language
>> requiring such verification.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:


Technical Summary

This document describes the use of Elliptic Curve certificates,
Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman
(ECDH) key agreement within the framework of PKINIT - the Kerberos
Version 5 extension that provides for the use of public key
cryptography.


Working Group Summary

This document represents the consensus of the Kerberos Working Group.


Document Quality

This document describes an optional mode of operation for the
PKINIT extension to the Kerberos protocol. Several major Kerberos
implementors currently support or plan to support PKINIT, and at
least one has indicated an intent to support the mode of operation
described in this document.


Personnel

The Document Shepard for this document is Jeffrey Hutzelman.
The responsible Area Director is Sam Hartman.
2007-11-15
04 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2007-10-24
04 (System) New version available: draft-zhu-pkinit-ecc-04.txt
2007-09-06
04 (System) Document has expired
2007-03-05
03 (System) New version available: draft-zhu-pkinit-ecc-03.txt
2006-09-14
02 (System) New version available: draft-zhu-pkinit-ecc-02.txt
2006-03-05
01 (System) New version available: draft-zhu-pkinit-ecc-01.txt
2005-09-14
00 (System) New version available: draft-zhu-pkinit-ecc-00.txt