summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt')
-rw-r--r--crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt127
1 files changed, 127 insertions, 0 deletions
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt
new file mode 100644
index 0000000..2583a84
--- /dev/null
+++ b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt
@@ -0,0 +1,127 @@
+
+
+
+
+
+
+Network Working Group M. Horowitz
+<draft-ietf-cat-kerb-des3-hmac-sha1-00.txt> Cygnus Solutions
+Internet-Draft November, 1996
+
+
+ Triple DES with HMAC-SHA1 Kerberos Encryption Type
+
+Status of this Memo
+
+ This document is an Internet-Draft. Internet-Drafts are working
+ documents of the Internet Engineering Task Force (IETF), its areas,
+ and its working groups. Note that other groups may also distribute
+ working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as ``work in progress.''
+
+ To learn the current status of any Internet-Draft, please check the
+ ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
+ Directories on ds.internic.net (US East Coast), nic.nordu.net
+ (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
+ Rim).
+
+ Distribution of this memo is unlimited. Please send comments to the
+ <cat-ietf@mit.edu> mailing list.
+
+Abstract
+
+ This document defines a new encryption type and a new checksum type
+ for use with Kerberos V5 [RFC1510]. This encryption type is based on
+ the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message
+ authentication algorithm.
+
+ The des3-cbc-hmac-sha1 encryption type has been assigned the value 7.
+ The hmac-sha1-des3 checksum type has been assigned the value 12.
+
+
+Encryption Type des3-cbc-hmac-sha1
+
+ EncryptedData using this type must be generated as described in
+ [Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC
+ mode. The keyed hash algorithm is HMAC-SHA1. Unless otherwise
+ specified, a zero IV must be used. If the length of the input data
+ is not a multiple of the block size, zero octets must be used to pad
+ the plaintext to the next eight-octet boundary. The counfounder must
+ be eight random octets (one block).
+
+
+Checksum Type hmac-sha1-des3
+
+ Checksums using this type must be generated as described in
+ [Horowitz96]. The keyed hash algorithm is HMAC-SHA1.
+
+
+
+Horowitz [Page 1]
+
+Internet Draft Kerberos Triple DES with HMAC-SHA1 November, 1996
+
+
+Common Requirements
+
+ Where the Triple DES key is represented as an EncryptionKey, it shall
+ be represented as three DES keys, with parity bits, concatenated
+ together. The key shall be represented with the most significant bit
+ first.
+
+ When keys are generated by the derivation function, a key length of
+ 168 bits shall be used. The output bit string will be converted to a
+ valid Triple DES key by inserting DES parity bits after every seventh
+ bit.
+
+ Any implementation which implements either of the encryption or
+ checksum types in this document must support both.
+
+
+Security Considerations
+
+ This entire document defines encryption and checksum types for use
+ with Kerberos V5.
+
+
+References
+
+ [Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
+ horowitz-kerb-key-derivation-00.txt, November 1996.
+ [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
+ Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
+ md5-01.txt, August, 1996.
+ [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
+ Authentication Service (V5)", RFC 1510, September 1993.
+
+
+Author's Address
+
+ Marc Horowitz
+ Cygnus Solutions
+ 955 Massachusetts Avenue
+ Cambridge, MA 02139
+
+ Phone: +1 617 354 7688
+ Email: marc@cygnus.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Horowitz [Page 2]
+
OpenPOWER on IntegriCloud