diff options
Diffstat (limited to 'crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt')
-rw-r--r-- | crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt new file mode 100644 index 0000000..2583a84 --- /dev/null +++ b/crypto/heimdal/doc/standardisation/draft-ietf-cat-kerb-des3-hmac-sha1-00.txt @@ -0,0 +1,127 @@ + + + + + + +Network Working Group M. Horowitz +<draft-ietf-cat-kerb-des3-hmac-sha1-00.txt> Cygnus Solutions +Internet-Draft November, 1996 + + + Triple DES with HMAC-SHA1 Kerberos Encryption Type + +Status of this Memo + + This document is an Internet-Draft. Internet-Drafts are working + documents of the Internet Engineering Task Force (IETF), its areas, + and its working groups. Note that other groups may also distribute + working documents as Internet-Drafts. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as ``work in progress.'' + + To learn the current status of any Internet-Draft, please check the + ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow + Directories on ds.internic.net (US East Coast), nic.nordu.net + (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific + Rim). + + Distribution of this memo is unlimited. Please send comments to the + <cat-ietf@mit.edu> mailing list. + +Abstract + + This document defines a new encryption type and a new checksum type + for use with Kerberos V5 [RFC1510]. This encryption type is based on + the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message + authentication algorithm. + + The des3-cbc-hmac-sha1 encryption type has been assigned the value 7. + The hmac-sha1-des3 checksum type has been assigned the value 12. + + +Encryption Type des3-cbc-hmac-sha1 + + EncryptedData using this type must be generated as described in + [Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC + mode. The keyed hash algorithm is HMAC-SHA1. Unless otherwise + specified, a zero IV must be used. If the length of the input data + is not a multiple of the block size, zero octets must be used to pad + the plaintext to the next eight-octet boundary. The counfounder must + be eight random octets (one block). + + +Checksum Type hmac-sha1-des3 + + Checksums using this type must be generated as described in + [Horowitz96]. The keyed hash algorithm is HMAC-SHA1. + + + +Horowitz [Page 1] + +Internet Draft Kerberos Triple DES with HMAC-SHA1 November, 1996 + + +Common Requirements + + Where the Triple DES key is represented as an EncryptionKey, it shall + be represented as three DES keys, with parity bits, concatenated + together. The key shall be represented with the most significant bit + first. + + When keys are generated by the derivation function, a key length of + 168 bits shall be used. The output bit string will be converted to a + valid Triple DES key by inserting DES parity bits after every seventh + bit. + + Any implementation which implements either of the encryption or + checksum types in this document must support both. + + +Security Considerations + + This entire document defines encryption and checksum types for use + with Kerberos V5. + + +References + + [Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft- + horowitz-kerb-key-derivation-00.txt, November 1996. + [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC: + Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac- + md5-01.txt, August, 1996. + [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network + Authentication Service (V5)", RFC 1510, September 1993. + + +Author's Address + + Marc Horowitz + Cygnus Solutions + 955 Massachusetts Avenue + Cambridge, MA 02139 + + Phone: +1 617 354 7688 + Email: marc@cygnus.com + + + + + + + + + + + + + + + +Horowitz [Page 2] + |