Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)
RFC 5349

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    krb-wg mailing list <ietf-krb-wg@lists.anl.gov>, 
    krb-wg chair <krb-wg-chairs@tools.ietf.org>
Subject: Document Action: 'ECC Support for PKINIT' to 
         Informational RFC 

The IESG has approved the following document:

- 'ECC Support for PKINIT '
   <draft-zhu-pkinit-ecc-05.txt> as an Informational RFC

This document is the product of the Kerberos Working Group. 

The IESG contact persons are Tim Polk and Pasi Eronen.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-zhu-pkinit-ecc-05.txt

Ballot Text

Technical Summary

This document describes the use of Elliptic Curve certificates,
Elliptic Curve signature schemes and Elliptic Curve Diffie-Hellman
(ECDH) key agreement within the framework of PKINIT - the Kerberos
Version 5 extension that provides for the use of public key
cryptography.

Working Group Summary

This document represents the consensus of the Kerberos Working Group.

Document Quality

This document describes an optional mode of operation for the
PKINIT extension to the Kerberos protocol. Several major Kerberos
implementors currently support or plan to support PKINIT, and at
least one has indicated an intent to support the mode of operation
described in this document.

Personnel

The Document Shepard for this document is Jeffrey Hutzelman.
The responsible Area Director is Tim Polk

RFC Editor Note

(1) Please replace all references to [RFC3280] with [RFC5280]

(2) In Section 4, please make the following substitution for the first
sentence of the first paragraph:

OLD:
   The DHSharedSecret is the x-coordinate
   of the shared secret value (an elliptic curve point); DHSharedSecret
   is the output of operation ECSVDP-DH as described in Section 7.2.1 of
   [IEEE1363].

NEW:
   The ECDH shared secret value (an elliptic curve point) is
   calculated using operation ECSVDP-DH as described in Section 7.2.1
   of [IEEE1363]. The x-coordinate of this point is converted to an
   octet string using operation FE2OSP as described in Section 5.5.4
   of [IEEE1363]. This octet string is the DHSharedSecret.
 
(3) In section 7, please make the following substitution for the first
sentence of the first paragraph:

OLD:

  When using ECDH key agreement, the recipient of an elliptic curve
  public key should perform certain checks to avoid the attacks
  described in [ECC-Validation].

NEW:

  When using ECDH key agreement, the recipient of an  elliptic curve
  public key should perform the checks described in IEEE P1363 
  section A16.10. [IEEE1363]

(4) Please remove the reference [ECC-Validation].

(5) In Section 10.1, Normative References, please make the following
substitution:

OLD:
   [RFC3280]  Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
              X.509 Public Key Infrastructure Certificate and
              Certificate Revocation List (CRL) Profile", RFC 3280,
              April 2002.
NEW:
   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation
              List (CRL) Profile", RFC 5280, May 2008.
 
(6) Please move reference [SEC2] from Section 10.1, Normative References,
to Section 10.2, Informative References.
 
(7) In Section 10.2, Informative References, please make the following
substitution:
OLD:
   [LENSTRA]  Tung, B., Neuman, B., and S. Medvinsky, "Public Key
              Cryptography for Initial Authentication in Kerberos",
              August 2004.
NEW:
   [LENSTRA]  Lenstra, A. and E. Verheul, "Selecting Cryptographic Key 
              Sizes", Journal of Cryptology 14 (2001) 255-293.

RFC Editor Note