Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

Published bySamuel Cross Modified over 9 years ago

Similar presentations

Presentation on theme: "CMS Interoperability Matrix Jim Schaad Soaring Hawk Security."— Presentation transcript:

1 CMS Interoperability Matrix Jim Schaad Soaring Hawk Security

2 Status for RFC 3369 Errata for ASN.1 module Report document is started Signed Data –FINISHED Encrypted Data –FINISHED

3 Status for RFC 3370 Key Derivation Algorithms –PBKDF2 Message Authentication Code Algorithms –HMAC with SHA-1 Need final ruling from IESG if these are blocking advancement.

4 Questions

5 RSA PSS and CMS Jim Schaad Soaring Hawk Security

6 Overview PSS is a “new” signature algorithm for RSA key pairs Parameters –Digest Hash Algorithm (H1) –Internal Hash Algorithm (H2) –Internal Mask Generation Function (MGF) MGF Hash Algorithm (H3) –Salt Length (should be length of H2)

7 Requirements H1 and H2 SHOULD be the same H2 and H3 RECOMMENDED to be the same

8 Resolved Issues Should key identifier and signature identifier be the same OID –Will be the case for PSS PSS Parameter comparison –MUST do comparisons if the parameters are present in the certificate.

9 Questions

10 RSA KEM Jim Schaad Soaring Hawk Security for Burt Kaliski

11 Algorithm Review Generate random value z range 0…n-1 Encrypt z with recip. pub. key c=E(z) Derive a KEK k = KDF(z) Encrypt CEK with KEK wk = KEK k (cek) EncryptedKeyValue c || wk

12 CMS Details Use key transport option id-kts2-basic OID ::= { x9-44 schemes(2) kts2-basic(7) } KTS2-Parms ::= SEQUENCE { kas [0] KTS2-KeyAgreementScheme, kws [1] KTS2-SymmetricKeyWrappingScheme, labelMethod [2] KTS2-LabelMethod }

13 id-kas1-basic OID ::= { x9-44 schemes(2) kas1-basic(1) } KAS1-Parms ::= SEQUENCE { sves [0] KAS1- SecretValueEncapsulationScheme, kdf [1] KAS1-KeyDerivationFunction, otherInfoMethod [2] KAS1-OtherInfoMethod }

14 Open Issues Matching rules on usage SMimeCapabilities Single ASN.1 module

15 Questions

16 ESSbis Jim Schaad Soaring Hawk Security

17 Changes Separate the functions of –Receipt Behavior id-aa-receiptPolicy –ML Loop Detection id-aa-mlExpandHistory Rewrite processing rules Move id-aa-contentIdentifier and id-aa- contentReference to section 4

18 ReceiptPolicy ReceiptPolicy ::= CHOICE { none [0] NULL, insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames } id-aa-receiptPolicy OBJECT IDENTIFIER ::= {id-aa XX}

19 MLAExpandHistory MLAExpandHistory ::= SEQUENCE SIZE (1..ub-ml-expansion-history) OF MLAData id-aa-mlExpandHistory OBJECT IDENTIFIER ::= {id-aa(2) XX} ub-ml-expansion-history INTEGER ::= 64 MLAData ::= SEQUENCE { mailListIdentifier EntityIdentifier, expansionTime GeneralizedTime }

20 Status First draft to be published next week Open questions on some nested cases for receipt processing behavior Open questions on MLA attribute propigations

21 Questions

Download ppt "CMS Interoperability Matrix Jim Schaad Soaring Hawk Security."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
Web security: SSL and TLS

Web security: SSL and TLS
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptography and Network Security

Cryptography and Network Security
JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.

JOSE Open Issue Discussion Chairs Jim Schaad. Process Room vote for Closure – Three Choices for topics We adopt the change We reject the change We discuss.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:

1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:
Lecture 13 Message Signing

Lecture 13 Message Signing
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.

BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Similar presentations

Ads by Google