diff options
Diffstat (limited to 'doc/protocol/rfc1423.txt')
-rw-r--r-- | doc/protocol/rfc1423.txt | 787 |
1 files changed, 0 insertions, 787 deletions
diff --git a/doc/protocol/rfc1423.txt b/doc/protocol/rfc1423.txt deleted file mode 100644 index 35d0e01bef..0000000000 --- a/doc/protocol/rfc1423.txt +++ /dev/null @@ -1,787 +0,0 @@ - - - - - - -Network Working Group D. Balenson -Request for Comments: 1423 TIS -Obsoletes: 1115 IAB IRTF PSRG, IETF PEM WG - February 1993 - - - Privacy Enhancement for Internet Electronic Mail: - Part III: Algorithms, Modes, and Identifiers - -Status of This Memo - - This RFC specifies an IAB standards track protocol for the Internet - community, and requests discussion and suggestions for improvements. - Please refer to the current edition of the "IAB Official Protocol - Standards" for the standardization state and status of this protocol. - Distribution of this memo is unlimited. - -Abstract - - This document provides definitions, formats, references, and - citations for cryptographic algorithms, usage modes, and associated - identifiers and parameters used in support of Privacy Enhanced Mail - (PEM) in the Internet community. It is intended to become one member - of the set of related PEM RFCs. This document is organized into four - primary sections, dealing with message encryption algorithms, message - integrity check algorithms, symmetric key management algorithms, and - asymmetric key management algorithms (including both asymmetric - encryption and asymmetric signature algorithms). - - Some parts of this material are cited by other documents and it is - anticipated that some of the material herein may be changed, added, - or replaced without affecting the citing documents. Therefore, - algorithm-specific material has been placed into this separate - document. - - Use of other algorithms and/or modes will require case-by-case study - to determine applicability and constraints. The use of additional - algorithms may be documented first in Prototype or Experimental RFCs. - As experience is gained, these protocols may be considered for - incorporation into the standard. Additional algorithms and modes - approved for use in PEM in this context will be specified in - successors to this document. - -Acknowledgments - - This specification was initially developed by the Internet Research - Task Force's Privacy and Security Research Group (IRTF PSRG) and - subsequently refined based on discussion in the Internet Engineering - - - -Balenson [Page 1] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - Task Force's Privacy Enhanced Mail Working Group (IETF PEM WG). John - Linn contributed significantly to the predecessor of this document - (RFC 1115). I would like to thank the members of the PSRG and PEM - WG, as well as all participants in discussions on the "pem- - dev@tis.com" mailing list, for their contributions to this document. - -Table of Contents - - 1. Message Encryption Algorithms ....................... 2 - 1.1 DES in CBC Mode (DES-CBC) .......................... 2 - 2. Message Integrity Check Algorithms .................. 4 - 2.1 RSA-MD2 Message Digest Algorithm ................... 4 - 2.2 RSA-MD5 Message Digest Algorithm ................... 5 - 3. Symmetric Key Management Algorithms ................. 6 - 3.1 DES in ECB mode (DES-ECB) .......................... 6 - 3.2 DES in EDE mode (DES-EDE) .......................... 7 - 4. Asymmetric Key Management Algorithms ................ 7 - 4.1 Asymmetric Keys .................................... 7 - 4.1.1 RSA Keys ......................................... 7 - 4.2 Asymmetric Encryption Algorithms .................. 9 - 4.2.1 RSAEncryption ................................... 9 - 4.3 Asymmetric Signature Algorithms ................... 10 - 4.3.1 md2WithRSAEncryption ............................ 11 - 5. Descriptive Grammar ................................ 11 - References ............................................. 12 - Patent Statement ....................................... 13 - Security Considerations ................................ 14 - Author's Address ....................................... 14 - -1. Message Encryption Algorithms - - This section identifies the alternative message encryption algorithms - and modes that shall be used to encrypt message text and, when - asymmetric key management is employed in an ENCRYPTED PEM message, for - encryption of message signatures. Character string identifiers are - assigned and any parameters required by the message encryption - algorithm are defined for incorporation in an encapsulated "DEK- - Info:" header field. - - Only one alternative is currently defined in this category. - -1.1 DES in CBC Mode (DES-CBC) - - Message text and, if required, message signatures are encrypted using - the Data Encryption Standard (DES) algorithm in the Cipher Block - Chaining (CBC) mode of operation. The DES algorithm is defined in - FIPS PUB 46-1 [1], and is equivalent to the Data Encryption Algorithm - (DEA) provided in ANSI X3.92-1981 [2]. The CBC mode of operation of - - - -Balenson [Page 2] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - DES is defined in FIPS PUB 81 [3], and is equivalent to those - provided in ANSI X3.106 [4] and in ISO IS 8372 [5]. The character - string "DES-CBC" within an encapsulated PEM header field indicates - the use of this algorithm/mode combination. - - The input to the DES CBC encryption process shall be padded to a - multiple of 8 octets, in the following manner. Let n be the length - in octets of the input. Pad the input by appending 8-(n mod 8) - octets to the end of the message, each having the value 8-(n mod 8), - the number of octets being added. In hexadecimal, the possible - paddings are: 01, 0202, 030303, 04040404, 0505050505, 060606060606, - 07070707070707, and 0808080808080808. All input is padded with 1 to - 8 octets to produce a multiple of 8 octets in length. The padding - can be removed unambiguously after decryption. - - The DES CBC encryption process requires a 64-bit cryptographic key. - A new, pseudorandom key shall be generated for each ENCRYPTED PEM - message. Of the 64 bits, 56 are used directly by the DES CBC - process, and 8 are odd parity bits, with one parity bit occupying the - right-most bit of each octet. When symmetric key management is - employed, the setting and checking of odd parity bits is encouraged, - since these bits could detect an error in the decryption of a DES key - encrypted under a symmetric key management algorithm (e.g., DES ECB). - When asymmetric key management is employed, the setting of odd parity - bits is encouraged, but the checking of odd parity bits is - discouraged, in order to facilitate interoperability, and since an - error in the decryption of a DES key can be detected by other means - (e.g., an incorrect PKCS #1 encryption-block format). In all cases, - the encrypted form of a DES key shall carry all 64 bits of the key, - including the 8 parity bits, though those bits may have no meaning. - - The DES CBC encryption process also requires a 64-bit Initialization - Vector (IV). A new, pseudorandom IV shall be generated for each - ENCRYPTED PEM message. Section 4.3.1 of [7] provides rationale for - this requirement, even given the fact that individual DES keys are - generated for individual messages. The IV is transmitted with the - message within an encapsulated PEM header field. - - When this algorithm/mode combination is used for message text - encryption, the "DEK-Info:" header field carries exactly two - arguments. The first argument identifies the DES CBC algorithm/mode - using the character string defined above. The second argument - contains the IV, represented as a contiguous string of 16 ASCII - hexadecimal digits. - - When symmetric key management is employed with this algorithm/mode - combination, a symmetrically encrypted DES key will be represented in - the third argument of a "Key-Info:" header field as a contiguous - - - -Balenson [Page 3] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - string of 16 ASCII hexadecimal digits (corresponding to a 64-bit - key). - - To avoid any potential ambiguity regarding the ordering of the octets - of a DES key that is input as a data value to another encryption - process (e.g., RSAEncryption), the following holds true. The first - (or left-most displayed, if one thinks in terms of a key's "print" - representation) (For purposes of discussion in this document, data - values are normalized in terms of their "print" representation. For a - octet stream, the "first" octet would appear as the one on the "left", - and the "last" octet would appear on the "right".) octet of the key - (i.e., bits 1-8 per FIPS PUB 46-1), when considered as a data value, - has numerical weight 2**56. The last (or right-most displayed) octet - (i.e., bits 57-64 per FIPS PUB 46-1) has numerical weight 2**0. - -2. Message Integrity Check Algorithms - - This section identifies the alternative algorithms that shall be used - to compute Message Integrity Check (MIC) values for PEM messages. - Character string identifiers and ASN.1 object identifiers are - assigned for incorporation in encapsulated "MIC-Info:" and "Key- - Info:" header fields to indicate the choice of MIC algorithm - employed. - - A compliant PEM implementation shall be able to process all of the - alternative MIC algorithms defined here on incoming messages. It is - a sender option as to which alternative is employed on an outbound - message. - -2.1 RSA-MD2 Message Digest Algorithm - - The RSA-MD2 message digest is computed using the algorithm defined in - RFC 1319 [9]. ( An error has been identified in RFC 1319. The - statement in the text of Section 3.2 which reads "Set C[j] to S[c xor - L]" should read "Set C[j] to S[c xor L] xor C[j]". Note that the C - source code in the appendix of RFC 1319 is correct.) The character - string "RSA-MD2" within an encapsulated PEM header field indicates the - use of this algorithm. Also, as defined in RFC 1319, the ASN.1 object - identifier - - md2 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) US(840) rsadsi(113549) - digestAlgorithm(2) 2 - } - - identifies this algorithm. When this object identifier is used with - the ASN.1 type AlgorithmIdentifier, the parameters component of that - type is the ASN.1 type NULL. - - - -Balenson [Page 4] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - The RSA-MD2 message digest algorithm accepts as input a message of - any length and produces as output a 16-octet quantity. When - symmetric key management is employed, an RSA-MD2 MIC is encrypted by - splitting the MIC into two 8-octet halves, independently encrypting - each half, and concatenating the results. - - When symmetric key management is employed with this MIC algorithm, - the symmetrically encrypted MD2 message digest is represented in a - the fourth argument of a "Key-Info:" header field as a contiguous - string of 32 ASCII hexadecimal digits (corresponding to a 128-bit MD2 - message digest). - - To avoid any potential ambiguity regarding the ordering of the octets - of an MD2 message digest that is input as a data value to another - encryption process (e.g., RSAEncryption), the following holds true. - The first (or left-most displayed, if one thinks in terms of a - digest's "print" representation) octet of the digest (i.e., digest[0] - as specified in RFC 1319), when considered as an RSA data value, has - numerical weight 2**120. The last (or right-most displayed) octet - (i.e., digest[15] as specified in RFC 1319) has numerical weight - 2**0. - -2.2 RSA-MD5 Message Digest Algorithm - - The RSA-MD5 message digest is computed using the algorithm defined in - RFC 1321 [10]. The character string "RSA-MD5" within an encapsulated - PEM header field indicates the use of this algorithm. Also, as - defined in RFC 1321, the object identifier - - md5 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) US(840) rsadsi(113549) - digestAlgorithm(2) 5 - } - - identifies this algorithm. When this object identifier is used with - the ASN.1 type AlgorithmIdentifier, the parameters component of that - type is the ASN.1 type NULL. - - The RSA-MD5 message digest algorithm accepts as input a message of - any length and produces as output a 16-octet quantity. When - symmetric key management is employed, an RSA-MD5 MIC is encrypted by - splitting the MIC into two 8-octet halves, independently encrypting - each half, and concatenating the results. - - When symmetric key management is employed with this MIC algorithm, - the symmetrically encrypted MD5 message digest is represented in the - fourth argument of a "Key-Info:" header field as a contiguous string - of 32 ASCII hexadecimal digits (corresponding to a 128-bit MD5 - - - -Balenson [Page 5] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - message digest). - - To avoid any potential ambiguity regarding the ordering of the octets - of a MD5 message digest that is input as an RSA data value to the RSA - encryption process, the following holds true. The first (or left- - most displayed, if one thinks in terms of a digest's "print" - representation) octet of the digest (i.e., the low-order octet of A - as specified in RFC 1321), when considered as an RSA data value, has - numerical weight 2**120. The last (or right-most displayed) octet - (i.e., the high-order octet of D as specified in RFC 1321) has - numerical weight 2**0. - -3. Symmetric Key Management Algorithms - - This section identifies the alternative algorithms and modes that - shall be used when symmetric key management is employed, to encrypt - data encryption keys (DEKs) and message integrity check (MIC) values. - Character string identifiers are assigned for incorporation in - encapsulated "Key-Info:" header fields to indicate the choice of - algorithm employed. - - All alternatives presently defined in this category correspond to - different usage modes of the DES algorithm, rather than to other - algorithms. - - When symmetric key management is employed, the symmetrically - encrypted DEK and MIC, carried in the third and fourth arguments of a - "Key-Info:" header field, respectively, are each represented as a - string of contiguous ASCII hexadecimal digits. The manner in which - to use the following symmetric encryption algorithms and the length - of the symmetrically encrypted DEK and MIC may vary depending on the - length of the underlying DEK and MIC. Section 1, Message Encryption - Algorithms, and Section 2, Message Integrity Check Algorithms, - provide information on the proper manner in which a DEK and MIC, - respectively, are symmetrically encrypted when the size of the DEK or - MIC is not equal to the symmetric encryption algorithm's input block - size. These sections also provide information on the proper format - and length of the symmetrically encrypted DEK and MIC, respectively. - -3.1 DES in ECB Mode (DES-ECB) - - The DES algorithm in Electronic Codebook (ECB) mode [1][3] is used - for DEK and MIC encryption when symmetric key management is employed. - The character string "DES-ECB" within an encapsulated PEM header - field indicates use of this algorithm/mode combination. - - A compliant PEM implementation supporting symmetric key management - shall support this algorithm/mode combination. - - - -Balenson [Page 6] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - -3.2 DES in EDE Mode (DES-EDE) - - The DES algorithm in Encrypt-Decrypt-Encrypt (EDE) multiple - encryption mode, as defined by ANSI X9.17 [6] for encryption and - decryption with pairs of 64-bit keys, may be used for DEK and MIC - encryption when symmetric key management is employed. The character - string "DES-EDE" within an encapsulated a PEM header field indicates - use of this algorithm/mode combination. - - A compliant PEM implementation supporting symmetric key management - may optionally support this algorithm/mode combination. - -4. Asymmetric Key Management Algorithms - - This section identifies the alternative asymmetric keys and the - alternative asymmetric key management algorithms with which those - keys shall be used, namely the asymmetric encryption algorithms with - which DEKs and MICs are encrypted, and the asymmetric signature - algorithms with which certificates and certificate revocation lists - (CRLs) are signed. - -4.1 Asymmetric Keys - - This section describes the asymmetric keys that shall be used with - the asymmetric encryption algorithms and the signature algorithms - described later. ASN.1 object identifiers are identified for - incorporation in a public-key certificate to identify the - algorithm(s) with which the accompanying public key is to be - employed. - -4.1.1 RSA Keys - - An RSA asymmetric key pair is comprised of matching public and - private keys. - - An RSA public key consists of an encryption exponent e and an - arithmetic modulus n, which are both public quantities typically - carried in a public-key certificate. For the value of e, Annex C to - X.509 suggests the use of Fermat's Number F4 (65537 decimal, or - 1+2**16) as a value "common to the whole environment in order to - reduce transmission capacity and complexity of transformation", i.e., - the value can be transmitted as 3 octets and at most seventeen (17) - multiplications are required to effect exponentiation. As an - alternative, the number three (3) can be employed as the value for e, - requiring even less octets for transmission and yielding even faster - exponentiation. For purposes of PEM, the value of e shall be either - F4 or the number three (3). The use of the number three (3) for the - value of e is encouraged, to permit rapid certificate validation. - - - -Balenson [Page 7] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - An RSA private key consists of a decryption exponent d, which should - be kept secret, and the arithmetic modulus n. Other values may be - stored with a private key to facilitate efficient private key - operations (see PKCS #1 [11]). - - For purposes of PEM, the modulus n may vary in size from 508 to 1024 - bits. - - Two ASN.1 object identifiers have been defined to identify RSA public - keys. In Annex H of X.509 [8], the object identifier - - rsa OBJECT IDENTIFIER ::= { - joint-iso-ccitt(2) ds(5) algorithm(8) - encryptionAlgorithm(1) 1 - } - - is defined to identify an RSA public key. A single parameter, - KeySize, the length of the public key modulus in bits, is defined for - use in conjunction with this object identifier. When this object - identifier is used with the ASN.1 type AlgorithmIdentifier, the - parameters component of that type is the number of bits in the - modulus, ASN.1 encoded as an INTEGER. - - Alternatively, in PKCS #1 [11], the ASN.1 object identifier - - rsaEncryption OBJECT IDENTIFIER ::= { - iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) - pkcs-1(1) 1 - } - - is defined to identify both an RSA public key and the RSAEncryption - process. There are no parameters defined in conjunction with this - object identifier, hence, when it is used with the ASN.1 type - AlgorithmIdentifier, the parameters component of that type is the - ASN.1 type NULL. - - A compliant PEM implementation may optionally generate an RSA - public-key certificate that identifies the enclosed RSA public key - (within the SubjectPublicKeyInformation component) with either the - "rsa" or the "rsaEncryption" object identifier. Use of the "rsa" - object identifier is encouraged, since it is, in some sense, more - generic in its identification of a key, without indicating how the - key will be used. However, to facilitate interoperability, a - compliant PEM implementation shall accept RSA public-key certificates - that identify the enclosed RSA public key with either the "rsa" or - the "rsaEncryption" object identifier. In all cases, an RSA public - key identified in an RSA public-key certificate with either the "rsa" - or "rsaEncryption" object identifier, shall be used according to the - - - -Balenson [Page 8] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - procedures defined below for asymmetric encryption algorithms and - asymmetric signature algorithms. - -4.2 Asymmetric Encryption Algorithms - - This section identifies the alternative algorithms that shall be used - when asymmetric key management is employed, to encrypt DEKs and MICs. - Character string identifiers are assigned for incorporation in "MIC- - Info:" and "Key-Info:" header fields to indicate the choice of - algorithm employed. - - Only one alternative is presently defined in this category. - -4.2.1 RSAEncryption - - The RSAEncryption public-key encryption algorithm, defined in PKCS #1 - [11], is used for DEK and MIC encryption when asymmetric key - management is employed. The character string "RSA" within a "MIC- - Info:" or "Key-Info:" header field indicates the use of this - algorithm. - - All PEM implementations supporting asymmetric key management shall - support this algorithm. - - As described in PKCS #1, all quantities input as data values to the - RSAEncryption process shall be properly justified and padded to the - length of the modulus prior to the encryption process. In general, - an RSAEncryption input value is formed by concatenating a leading - NULL octet, a block type BT, a padding string PS, a NULL octet, and - the data quantity D, that is, - - RSA input value = 0x00 || BT || PS || 0x00 || D. - - To prepare a DEK for RSAEncryption, the PKCS #1 "block type 02" - encryption-block formatting scheme is employed. The block type BT is - a single octet containing the value 0x02 and the padding string PS is - one or more octets (enough octets to make the length of the complete - RSA input value equal to the length of the modulus) each containing a - pseudorandomly generated, non-zero value. For multiple recipient - messages, a different, pseudorandom padding string should be used for - each recipient. The data quantity D is the DEK itself, which is - right-justified within the RSA input such that the last (or rightmost - displayed, if one thinks in terms of the "print" representation) - octet of the DEK is aligned with the right-most, or least- - significant, octet of the RSA input. Proceeding to the left, each of - the remaining octets of the DEK, up through the first (or left-most - displayed) octet, are each aligned in the next more significant octet - of the RSA input. - - - -Balenson [Page 9] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - To prepare a MIC for RSAEncryption, the PKCS #1 "block type 01" - encryption-block formatting scheme is employed. The block type BT is - a single octet containing the value 0x01 and the padding string PS is - one or more octets (enough octets to make the length of the complete - RSA input value equal to the length of the modulus) each containing - the value 0xFF. The data quantity D is comprised of the MIC and the - MIC algorithm identifier which are ASN.1 encoded as the following - sequence. - - SEQUENCE { - digestAlgorithm AlgorithmIdentifier, - digest OCTET STRING - } - - The ASN.1 type AlgorithmIdentifier is defined in X.509 as follows. - - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL - } - - An RSA input block is encrypted using the RSA algorithm with the - first (or left-most) octet taken as the most significant octet, and - the last (or right-most) octet taken as the least significant octet. - The resulting RSA output block is interpreted in a similar manner. - - When RSAEncryption is used to encrypt a DEK, the second argument in a - "MIC-Info:" header field, an asymmetrically encrypted DEK, is - represented using the printable encoding technique defined in Section - 4.3.2.4 of RFC 1421 [12]. - - When RSAEncryption is used to sign a MIC, the third argument in a - "MIC-Info:" header field, an asymmetrically signed MIC, is - represented using the printable encoding technique defined in Section - 4.3.2.4 of RFC 1421. - -4.3 Asymmetric Signature Algorithms - - This section identifies the alternative algorithms which shall be - used to asymmetrically sign certificates and certificate revocation - lists (CRLs) in accordance with the SIGNED macro defined in Annex G - of X.509. ASN.1 object identifiers are identified for incorporation - in certificates and CRLs to indicate the choice of algorithm - employed. - - Only one alternative is presently defined in this category. - - - - - -Balenson [Page 10] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - -4.3.1 md2WithRSAEncryption - - The md2WithRSAEncryption signature algorithm is used to sign - certificates and CRLs. The algorithm is defined in PKCS #1 [11]. It - combines the RSA-MD2 message digest algorithm described here in - Section 2.2 with the RSAEncryption asymmetric encryption algorithm - described here in Section 4.2.1. As defined in PKCS #1, the ASN.1 - object identifier - - md2WithRSAEncryption OBJECT IDENTIFIER ::= { - iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) - pkcs-1(1) 2 - } - - identifies this algorithm. When this object identifier is used with - the ASN.1 type AlgorithmIdentifier, the parameters component of that - type is the ASN.1 type NULL. - - There is some ambiguity in X.509 regarding the definition of the - SIGNED macro and, in particular, the representation of a signature in - a certificate or a CRL. The interpretation selected for PEM requires - that the data to be signed (in our case, an MD2 message digest) is - first ASN.1 encoded as an OCTET STRING and the result is encrypted - (in our case, using RSAEncryption) to form the signed quantity, which - is then ASN.1 encoded as a BIT STRING. - -5. Descriptive Grammar - - ; Addendum to PEM BNF representation, using RFC 822 notation - ; Provides specification for official PEM cryptographic algorithms, - ; modes, identifiers and formats. - - ; Imports <hexchar> and <encbin> from RFC [1421] - - <dekalgid> ::= "DES-CBC" - <ikalgid> ::= "DES-EDE" / "DES-ECB" / "RSA" - <sigalgid> ::= "RSA" - <micalgid> ::= "RSA-MD2" / "RSA-MD5" - - <dekparameters> ::= <DESCBCparameters> - <DESCBCparameters> ::= <IV> - <IV> ::= <hexchar16> - - <symencdek> ::= <DESECBencDESCBC> / <DESEDEencDESCBC> - <DESECBencDESCBC> ::= <hexchar16> - <DESEDEencDESCBC> ::= <hexchar16> - - <symencmic> ::= <DESECBencRSAMD2> / <DESECBencRSAMD5> - - - -Balenson [Page 11] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - <DESECBencRSAMD2> ::= 2*2<hexchar16> - <DESECBencRSAMD5> ::= 2*2<hexchar16> - - <asymsignmic> ::= <RSAsignmic> - <RSAsignmic> ::= <encbin> - - <asymencdek> ::= <RSAencdek> - <RSAencdek> ::= <encbin> - - <hexchar16> ::= 16*16<hexchar> - -References - - [1] Federal Information Processing Standards Publication (FIPS PUB) - 46-1, Data Encryption Standard, Reaffirmed 1988 January 22 - (supersedes FIPS PUB 46, 1977 January 15). - - [2] ANSI X3.92-1981, American National Standard Data Encryption - Algorithm, American National Standards Institute, Approved 30 - December 1980. - - [3] Federal Information Processing Standards Publication (FIPS PUB) - 81, DES Modes of Operation, 1980 December 2. - - [4] ANSI X3.106-1983, American National Standard for Information - Systems - Data Encryption Algorithm - Modes of Operation, - American National Standards Institute, Approved 16 May 1983. - - [5] ISO 8372, Information Processing Systems: Data Encipherment: - Modes of Operation of a 64-bit Block Cipher. - - [6] ANSI X9.17-1985, American National Standard, Financial - Institution Key Management (Wholesale), American Bankers - Association, April 4, 1985, Section 7.2. - - [7] Voydock, V. L. and Kent, S. T., "Security Mechanisms in High- - Level Network Protocols", ACM Computing Surveys, Vol. 15, No. 2, - June 1983, pp. 135-171. - - [8] CCITT Recommendation X.509, "The Directory - Authentication - Framework", November 1988, (Developed in collaboration, and - technically aligned, with ISO 9594-8). - - [9] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319, RSA - Laboratories, April 1992. - - [10] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, MIT - Laboratory for Computer Science and RSA Data Security, Inc., - - - -Balenson [Page 12] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - April 1992. - - [11] PKCS #1: RSA Encryption Standard, Version 1.4, RSA Data Security, - Inc., June 3, 1991. - - [12] Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part - I: Message Encryption and Authentication Procedures", RFC 1421, - DEC, February 1993. - - [13] Kent, S., "Privacy Enhancement for Internet Electronic Mail: Part - II: Certificate-Based Key Management", RFC 1422, BBN, February - 1993. - - [14] Kaliski, B., "Privacy Enhancement for Internet Electronic Mail: - Part IV: Key Certification and Related Services", RFC 1424, RSA - Laboratories, February 1993. - -Patent Statement - - This version of Privacy Enhanced Mail (PEM) relies on the use of - patented public key encryption technology for authentication and - encryption. The Internet Standards Process as defined in RFC 1310 - requires a written statement from the Patent holder that a license - will be made available to applicants under reasonable terms and - conditions prior to approving a specification as a Proposed, Draft or - Internet Standard. - - The Massachusetts Institute of Technology and the Board of Trustees - of the Leland Stanford Junior University have granted Public Key - Partners (PKP) exclusive sub-licensing rights to the following - patents issued in the United States, and all of their corresponding - foreign patents: - - Cryptographic Apparatus and Method - ("Diffie-Hellman")............................... No. 4,200,770 - - Public Key Cryptographic Apparatus - and Method ("Hellman-Merkle").................... No. 4,218,582 - - Cryptographic Communications System and - Method ("RSA")................................... No. 4,405,829 - - Exponential Cryptographic Apparatus - and Method ("Hellman-Pohlig").................... No. 4,424,414 - - These patents are stated by PKP to cover all known methods of - practicing the art of Public Key encryption, including the variations - collectively known as El Gamal. - - - -Balenson [Page 13] - -RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993 - - - Public Key Partners has provided written assurance to the Internet - Society that parties will be able to obtain, under reasonable, - nondiscriminatory terms, the right to use the technology covered by - these patents. This assurance is documented in RFC 1170 titled - "Public Key Standards and Licenses". A copy of the written assurance - dated April 20, 1990, may be obtained from the Internet Assigned - Number Authority (IANA). - - The Internet Society, Internet Architecture Board, Internet - Engineering Steering Group and the Corporation for National Research - Initiatives take no position on the validity or scope of the patents - and patent applications, nor on the appropriateness of the terms of - the assurance. The Internet Society and other groups mentioned above - have not made any determination as to any other intellectual property - rights which may apply to the practice of this standard. Any further - consideration of these matters is the user's own responsibility. - -Security Considerations - - This entire document is about security. - -Author's Address - - David Balenson - Trusted Information Systems - 3060 Washington Road - Glenwood, Maryland 21738 - - Phone: 301-854-6889 - EMail: balenson@tis.com - - - - - - - - - - - - - - - - - - - - - -Balenson [Page 14] -
\ No newline at end of file |