RFC 7906
NSA's Cryptographic Message Syntax (CMS) Key Management Attributes
31. Attribute Scope
This section provides an example symmetric key package in order to provide a discussion of the scope of attributes. This is an informative section; it is not a normative portion of this specification. Figure 1 provides the example. All of the concepts apply to either a symmetric key package or an asymmetric key package, with the exception of the key-algorithm attribute, which is only applicable to a symmetric key package. Each of the components is labeled with a number inside parentheses for easy reference: (1) is the ContentInfo that must be present as the outermost layer of encapsulation. It contains no attributes. It is shown for completeness. (2) is a SignedData content type, which includes six signed attributes. Four of the signed attributes are keying material attributes. (3) is a ContentCollection that includes two encapsulated content types: a ContentWithAttributes and an EncryptedKeyPackage. This content type does not provide any attributes. (4) is a ContentWithAttributes content type. It encapsulates a SignedData content type. Four key material attributes are provided. (5) is a SignedData content type. It encapsulates a SymmetricKeyPackage content type. Six signed attributes are provided. Four attributes are key material attributes. (6) is a SymmetricKeyPackage content type, and it includes three key material attributes. Note that the contents of this key package are not encrypted, but the contents are covered by two digital signatures. (7) is an EncryptedKeyPackage content type. It encapsulates a SignedData content type. This content type provides one unprotected attribute. (8) is a SignedData content type. It encapsulates a SymmetricKeyPackage content type. Six signed attributes are provided. Four attributes are key material attributes.
(9) is a SymmetricKeyPackage content type, and it includes three
key material attributes. Note that the contents of this key
package are encrypted; the plaintext keying material is
covered by one digital signature, and the ciphertext keying
material is covered by another digital signature.
SignedData content type (2) includes six signed attributes:
o The content-type attribute contains id-ct-contentCollection to
indicate the type of the encapsulated content, and it has no
further scope.
o The message-digest attribute contains the one-way hash value of
the encapsulated content; it is needed to validate the digital
signature. It has no further scope.
o The classification attribute contains the security label for
all of the plaintext in the encapsulated content. Each
classification attribute is evaluated separately; it has no
further scope. In general, the values of this attribute will
match or dominate the security label values in (4), (5), and
(6). The value of this attribute might not match or dominate
the security label values in (8) and (9) since they are
encrypted. It is possible that these various security label
values are associated with different security policies. To
avoid the processing complexity associated with policy mapping,
comparison is not required.
o The key-package-receivers-v2 attribute indicates the authorized
key package receivers, and it has no further scope. The
additional instances of key-package-receivers-v2 attribute
embedded in (4) are evaluated without regard to the value of
the instance in (2).
o The key-distribution-period attribute contains two date values:
doNotDistBefore and doNotDistAfter. These values must match
all others within the same scope, which in this example is the
key-distribution-period within (4).
o The key-package-type attributes indicates the format of the key
package, and it has no further scope. The key-package-type
attributes values within (5) and (8) are evaluated without
regard to the value of this attribute.
ContentWithAttributes content type (4) includes four attributes:
o The classification attribute contains the security label for
all of the plaintext in the encapsulated content. Each
classification attribute is evaluated separately; it has no
further scope.
o The TSEC-Nomenclature attribute includes only the shortTitle
field, and the value must match all other instances within the
same scope, which appear in (5) and (6). Note that the TSEC-
Nomenclature attribute values in (8) and (9) are not in the
same scope as the TSEC-Nomenclature attribute that appears in
(4).
o The key-package-receivers-v2 attribute indicates the authorized
key package receivers, and it has no further scope. The
enveloping instance of key-package-receivers-v2 attribute value
in (2) is evaluated without regard to the value of this
instance in (4), and has no effect on the value of this
instance in (4).
o The key-distribution-period attribute contains two date values:
doNotDistBefore and doNotDistAfter. These values must match
all others within the same scope, which in this example is the
key-distribution-period within (2).
SignedData content type (5) includes six signed attributes:
o The content-type attribute contains id-ct-KP-skeyPackage to
indicate the type of the encapsulated content, and it has no
further scope.
o The message-digest attribute contains the one-way hash value of
the encapsulated content; it is needed to validate the digital
signature. It has no further scope.
o The classification attribute contains the security label for
all of the plaintext in the encapsulated content. Each
classification attribute is evaluated separately; it has no
further scope.
o The TSEC-Nomenclature attribute includes only the shortTitle
field, and the value must match all other instances within the
same scope, which appear in (6). Since this is within the
scope of (4), these shortTitle field values must match as well.
Note that the TSEC-Nomenclature attribute values in (8) and (9)
are not in the same scope.
o The key-purpose attribute specifies the purpose of the key
material. All occurrences within the scope must have the same
value; however, in this example, there are no other occurrences
within the scope. The key-purpose attribute value within (8)
is evaluated without regard to the value of this attribute.
o The key-package-type attribute indicates the format of the key
package, and it has no further scope. The key-package-type
attribute values within (2) and (8) are evaluated without
regard to the value of this attribute.
SymmetricKeyPackage content type (6) includes three keying material
attributes, which could appear in the sKeyPkgAttrs or sKeyAttrs
fields:
o The key-algorithm attribute includes only the keyAlg field, and
it must match all other occurrences within the same scope.
However, there are no other key-algorithm attribute occurrences
in the same scope; the key-algorithm attribute value in (9) is
not in the same scope.
o The classification attribute contains the security label for
all of the plaintext in the key package. Each classification
attribute is evaluated separately; it has no further scope.
o The TSEC-Nomenclature attribute includes the shortTitle field
as well as some of the optional fields. The shortTitle field
value must match the values in (4) and (5), since this content
type is within their scope. Note that the TSEC-Nomenclature
attribute values in (8) and (9) are not in the same scope.
EncryptedKeyPackage content type (7) includes one unprotected
attribute, and the encryption will prevent any intermediary that does
not have the ability to decrypt the content from making any
consistency checks on (8) and (9):
o The content-decryption-key-identifier attribute identifies the
key that is needed to decrypt the encapsulated content; it has
no further scope.
SignedData content type (8) includes six signed attributes:
o The content-type attribute contains id-ct-KP-skeyPackage to
indicate the type of the encapsulated content, and it has no
further scope.
o The message-digest attribute contains the one-way hash value of
the encapsulated content; it is needed to validate the digital
signature. It has no further scope.
o The classification attribute contains the security label for
content. Each classification attribute is evaluated
separately; it has no further scope.
o The TSEC-Nomenclature attribute includes only the shortTitle
field, and the value must match all other instances within the
same scope, which appear in (9). Note that the TSEC-
Nomenclature attribute values in (4), (5), and (6) are not in
the same scope.
o The key-purpose attribute specifies the purpose of the key
material. All occurrences within the scope must have the same
value; however, in this example, there are no other occurrences
within the scope. The key-purpose attribute value within (5)
is evaluated without regard to the value of this attribute.
o The key-package-type attribute indicates the format of the key
package, and it has no further scope. The key-package-type
attribute values within (2) and (5) are evaluated without
regard to the value of this attribute.
SymmetricKeyPackage content type (9) includes three keying material
attributes, which could appear in the sKeyPkgAttrs or sKeyAttrs
fields:
o The key-algorithm attribute includes only the keyAlg field, and
it must match all other occurrences within the same scope.
However, there are no other key-algorithm attribute occurrences
in the same scope; the key-algorithm attribute value in (6) is
not in the same scope.
o The classification attribute contains the security label for
all of the plaintext in the key package. Each classification
attribute is evaluated separately; it has no further scope.
o The TSEC-Nomenclature attribute includes the shortTitle field
as well as some of the optional fields. The shortTitle field
value must match the values in (8), since this content type is
within its scope. Note that the TSEC-Nomenclature attributes
values in (4), (5), and (6) are not in the same scope.
In summary, the scope of an attribute includes the encapsulated content of the CMS content type in which it appears, and some attributes also require consistency checks with other instances that appear within the encapsulated content. Proper recognition of scope is required to accurately perform attribute processing.
+------------------------------------------------------------------+ | ContentInfo (1) | |+----------------------------------------------------------------+| || SignedData (2) || ||+--------------------------------------------------------------+|| ||| ContentCollection (3) ||| |||+-----------------------------++-----------------------------+||| |||| ContentWithAttributes (4) || EncryptedKeyPackage (7) |||| ||||+---------------------------+||+---------------------------+|||| ||||| SignedData (5) |||| SignedData (8) ||||| |||||+-------------------------+||||+-------------------------+||||| |||||| SymmetricKeyPackage (6) |||||| SymmetricKeyPackage (9) |||||| |||||| Attributes: |||||| Attributes: |||||| |||||| Key Algorithm |||||| Key Algorithm |||||| |||||| Classification |||||| Classification |||||| |||||| TSEC-Nomenclature |||||| TSEC-Nomenclature |||||| |||||+-------------------------+||||+-------------------------+||||| ||||| Attributes: |||| Attributes: ||||| ||||| Content Type |||| Content Type ||||| ||||| Message Digest |||| Message Digest ||||| ||||| Classification |||| Classification ||||| ||||| TSEC-Nomenclature |||| TSEC-Nomenclature ||||| ||||| Key Purpose |||| Key Purpose ||||| ||||| Key Package Type |||| Key Package Type ||||| ||||+-------------------------- +||+---------------------------+|||| |||| Attributes: || Unprotect Attributes: |||| |||| Classification || Content Decrypt Key ID |||| |||| TSEC-Nomenclature |+-----------------------------+||| |||| Key Package Receivers | ||| |||| Key Distribution Period | ||| |||+-----------------------------+ ||| ||+--------------------------------------------------------------+|| || Attributes: || || Content Type || || Message Digest || || Classification || || Key Package Receivers || || Key Distribution Period || || Key Package Type || |+----------------------------------------------------------------+| +------------------------------------------------------------------+ Figure 1: Example Illustrating Scope of Attributes
32. Security Considerations
The majority of this specification is devoted to the syntax and semantics of key package attributes. It relies on other specifications, especially [RFC2634], [RFC4073], [RFC4108], [RFC5652], [RFC5911], [RFC5912], [RFC5958], [RFC6010], and [RFC6031]; their security considerations apply here. Additionally, cryptographic algorithms are used with CMS protecting content types as specified in [RFC5959], [RFC6160], [RFC6161], and [RFC6162]; the security considerations from those documents apply here as well. This specification also relies upon [RFC5280] for the syntax and semantics of X.509 certificates. Digital signatures provide data integrity or data origin authentication, and encryption provides confidentiality. Security factors outside the scope of this specification greatly affect the assurance provided. The procedures used by Certification Authorities (CAs) to validate the binding of the subject identity to their public key greatly affect the assurance that ought to be placed in the certificate. This is particularly important when issuing certificates to other CAs. The CMS AuthenticatedData content type MUST be used with care since a Message Authentication Code (MAC) is used. The same key is needed to generate the MAC or validate the MAC. Thus, any party with access to the key needed to validate the MAC can generate a replacement that will be acceptable to other recipients. In some situations, returning very detailed error information can provide an attacker with insight into the security processing. Where this is a concern, the implementation should return the most generic error code that is appropriate. However, detailed error codes are very helpful during development, debugging, and interoperability testing. For this reason, implementations may want to have a way to configure the use of generic or detailed error codes.33. References
33.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", RFC 2634, DOI 10.17487/RFC2634, June 1999, <http://www.rfc-editor.org/info/rfc2634>. [RFC4073] Housley, R., "Protecting Multiple Contents with the Cryptographic Message Syntax (CMS)", RFC 4073, DOI 10.17487/RFC4073, May 2005, <http://www.rfc-editor.org/info/rfc4073>. [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages", RFC 4108, DOI 10.17487/RFC4108, August 2005, <http://www.rfc-editor.org/info/rfc4108>. [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type", RFC 5083, DOI 10.17487/RFC5083, November 2007, <http://www.rfc-editor.org/info/rfc5083>. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, <http://www.rfc-editor.org/info/rfc5280>. [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI 10.17487/RFC5652, September 2009, <http://www.rfc-editor.org/info/rfc5652>. [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, DOI 10.17487/RFC5911, June 2010, <http://www.rfc-editor.org/info/rfc5911>. [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, <http://www.rfc-editor.org/info/rfc5912>. [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, DOI 10.17487/RFC5958, August 2010, <http://www.rfc-editor.org/info/rfc5958>. [RFC5959] Turner, S., "Algorithms for Asymmetric Key Package Content Type", RFC 5959, DOI 10.17487/RFC5959, August 2010, <http://www.rfc-editor.org/info/rfc5959>.
[RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic Message Syntax (CMS) Content Constraints Extension", RFC 6010, DOI 10.17487/RFC6010, September 2010, <http://www.rfc-editor.org/info/rfc6010>. [RFC6019] Housley, R., "BinaryTime: An Alternate Format for Representing Date and Time in ASN.1", RFC 6019, DOI 10.17487/RFC6019, September 2010, <http://www.rfc-editor.org/info/rfc6019>. [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax (CMS) Symmetric Key Package Content Type", RFC 6031, DOI 10.17487/RFC6031, December 2010, <http://www.rfc-editor.org/info/rfc6031>. [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax (CMS) Encrypted Key Package Content Type", RFC 6032, DOI 10.17487/RFC6032, December 2010, <http://www.rfc-editor.org/info/rfc6032>. [RFC6160] Turner, S., "Algorithms for Cryptographic Message Syntax (CMS) Protection of Symmetric Key Package Content Types", RFC 6160, DOI 10.17487/RFC6160, April 2011, <http://www.rfc-editor.org/info/rfc6160>. [RFC6162] Turner, S., "Elliptic Curve Algorithms for Cryptographic Message Syntax (CMS) Asymmetric Key Package Content Type", RFC 6162, DOI 10.17487/RFC6162, April 2011, <http://www.rfc-editor.org/info/rfc6162>. [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) and the Public Key Infrastructure Using X.509 (PKIX)", RFC 6268, DOI 10.17487/RFC6268, July 2011, <http://www.rfc-editor.org/info/rfc6268>. [RFC7191] Housley, R., "Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content Types", RFC 7191, DOI 10.17487/RFC7191, April 2014, <http://www.rfc-editor.org/info/rfc7191>. [X.509] ITU-T, "Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks", ITU-T Recommendation X.509 | ISO/IEC 9594-8:2005, 2005.
[X.680] ITU-T, "Information Technology - Abstract Syntax Notation One", ITU-T Recommendation X.680 | ISO/IEC 8824-1:2002, 2002. [X.681] ITU-T, "Information Technology - Abstract Syntax Notation One: Information Object Specification", ITU-T Recommendation X.681 | ISO/IEC 8824-2:2002, 2002. [X.682] ITU-T, "Information Technology - Abstract Syntax Notation One: Constraint Specification", ITU-T Recommendation X.682 | ISO/IEC 8824-3:2002, 2002. [X.683] ITU-T, "Information Technology - Abstract Syntax Notation One: Parameterization of ASN.1 Specifications", ITU-T Recommendation X.683 | ISO/IEC 8824-4:2002, 2002. [X.690] ITU-T, "Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)", ITU-T Recommendation X.690 | ISO/IEC 8825-1:2002, 2002.33.2. Informative References
[RFC5934] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor Management Protocol (TAMP)", RFC 5934, DOI 10.17487/RFC5934, August 2010, <http://www.rfc-editor.org/info/rfc5934>. [X.411] ITU-T, "Information technology - Message Handling Systems (MHS): Message Transfer System: Abstract Service Definition and Procedures", ITU-T Recommendation X.411 | ISO/IEC 10021-4:1999, 1999.
Appendix A. ASN.1 Module
KMAttributes2012 { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) modules(0) 39 } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORT ALL IMPORTS -- From [RFC5911] aa-communityIdentifiers, CommunityIdentifier FROM CMSFirmwareWrapper-2009 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-firmware-wrap-02(40) } -- From [RFC5911] aa-contentHint, ESSSecurityLabel, id-aa-securityLabel FROM ExtendedSecurityServices-2009 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006-02(42) } -- From [RFC5911] [RFC5912] AlgorithmIdentifier{}, SMIME-CAPS, ParamOptions, KEY-WRAP FROM AlgorithmInformation-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } -- From [RFC5912] Name, Certificate FROM PKIX1Explicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }
-- From [RFC5912] GeneralNames, SubjectInfoAccessSyntax, id-pe-subjectInfoAccess FROM PKIX1Implicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) } -- FROM [RFC5912] ATTRIBUTE FROM PKIX-CommonTypes-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } -- From [RFC6010] CMSContentConstraints FROM CMSContentConstraintsCertExtn { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) cmsContentConstr-93(42) } -- From [RFC6268] aa-binarySigningTime, BinaryTime FROM BinarySigningTimeModule-2010 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-binSigningTime-2009(55) } -- From [RFC6268] CertificateChoices, CertificateSet, Attribute {}, aa-contentType, aa-messageDigest FROM CryptographicMessageSyntax-2010 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } -- From [RFC7191] aa-keyPackageIdentifierAndReceiptRequest, SIREntityName FROM KeyPackageReceiptAndErrorModuleV2 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-keyPkgReceiptAndErrV2(63) }
-- From [X.509] certificateExactMatch FROM CertificateExtensions { joint-iso-itu-t ds(5) module(1) certificateExtensions(26) 4 } ; -- ATTRIBUTES -- Replaces SignedAttributesSet information object set from -- [RFC6268]. SignedAttributesSet ATTRIBUTE ::= { aa-contentType | aa-messageDigest | aa-contentHint | aa-communityIdentifiers | aa-binarySigningTime | aa-keyProvince-v2 | aa-keyPackageIdentifierAndReceiptRequest | aa-manifest | aa-keyAlgorithm | aa-userCertificate | aa-keyPackageReceivers-v2 | aa-tsecNomenclature | aa-keyPurpose | aa-keyUse | aa-transportKey | aa-keyDistributionPeriod | aa-keyValidityPeriod | aa-keyDurationPeriod | aa-classificationAttribute | aa-keyPackageType | aa-pkiPath | aa-usefulCertificates, ... } -- Replaces UnsignedAttributes from [RFC6268]. UnsignedAttributes ATTRIBUTE ::= { ... }
-- Replaces UnprotectedEnvAttributes from [RFC6268]. UnprotectedEnvAttributes ATTRIBUTE ::= { aa-contentDecryptKeyIdentifier | aa-certificatePointers | aa-cRLDistributionPoints, ... } -- Replaces UnprotectedEncAttributes from [RFC6268]. UnprotectedEncAttributes ATTRIBUTE ::= { aa-certificatePointers | aa-cRLDistributionPoints, ... } -- Replaces AuthAttributeSet from [RFC6268] AuthAttributeSet ATTRIBUTE ::= { aa-contentType | aa-messageDigest | aa-contentHint | aa-communityIdentifiers | aa-keyProvince-v2 | aa-binarySigningTime | aa-keyPackageIdentifierAndReceiptRequest | aa-manifest | aa-keyAlgorithm | aa-userCertificate | aa-keyPackageReceivers-v2 | aa-tsecNomenclature | aa-keyPurpose | aa-keyUse | aa-transportKey | aa-keyDistributionPeriod | aa-keyValidityPeriod | aa-keyDurationPeriod | aa-classificationAttribute | aa-keyPackageType | aa-pkiPath | aa-usefulCertificates, ... }
-- Replaces UnauthAttributeSet from [RFC6268] UnauthAttributeSet ATTRIBUTE ::= { ... } -- Replaces AuthEnvDataAttributeSet from [RFC6268] AuthEnvDataAttributeSet ATTRIBUTE ::= { aa-certificatePointers | aa-cRLDistributionPoints, ... } -- Replaces UnauthEnvDataAttributeSet from [RFC6268] UnauthEnvDataAttributeSet ATTRIBUTE ::= { ... } -- Replaces OneAsymmetricKeyAttributes from [RFC5958] OneAsymmetricKeyAttributes ATTRIBUTE ::= { aa-userCertificate | aa-tsecNomenclature | aa-keyPurpose | aa-keyUse | aa-transportKey | aa-keyDistributionPeriod | aa-keyValidityPeriod | aa-keyDurationPeriod | aa-classificationAttribute | aa-splitIdentifier | aa-signatureUsage-v3 | aa-otherCertificateFormats | aa-pkiPath | aa-usefulCertificates, ... }
-- Replaces SKeyPkgAttributes from [RFC6031] SKeyPkgAttributes ATTRIBUTE ::= { aa-keyAlgorithm | aa-tsecNomenclature | aa-keyPurpose | aa-keyUse | aa-keyDistributionPeriod | aa-keyValidityPeriod | aa-keyDurationPeriod | aa-classificationAttribute | aa-keyWrapAlgorithm | aa-contentDecryptKeyIdentifier, ... } -- Replaces SKeyAttributes from [RFC6031] SKeyAttributes ATTRIBUTE ::= { aa-keyAlgorithm | aa-tsecNomenclature | aa-keyPurpose | aa-keyUse | aa-keyDistributionPeriod | aa-keyValidityPeriod | aa-keyDurationPeriod | aa-classificationAttribute | aa-splitIdentifier | aa-keyWrapAlgorithm | aa-contentDecryptKeyIdentifier, ... }
-- Replaces ContentAttributeSet from [RFC6268] ContentAttributeSet ATTRIBUTE ::= { aa-communityIdentifiers | aa-keyPackageIdentifierAndReceiptRequest | aa-keyAlgorithm | aa-keyPackageReceivers-v2 | aa-tsecNomenclature | aa-keyPurpose | aa-keyUse | aa-transportKey | aa-keyDistributionPeriod | aa-transportKey | aa-keyDistributionPeriod | aa-keyValidityPeriod | aa-keyDurationPeriod | aa-classificationAttribute | aa-keyPackageType | aa-pkiPath | aa-usefulCertificates, ... } -- Content Type, Message Digest, Content Hint, and Binary Signing -- Time are imported from [RFC6268]. -- Community Identifiers is imported from [RFC5911]. -- Key Province aa-keyProvince-v2 ATTRIBUTE ::= { TYPE KeyProvinceV2 IDENTIFIED BY id-aa-KP-keyProvinceV2 } id-aa-KP-keyProvinceV2 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) attributes(5) 71 } KeyProvinceV2 ::= OBJECT IDENTIFIER -- Manifest Attribute aa-manifest ATTRIBUTE ::= { TYPE Manifest IDENTIFIED BY id-aa-KP-manifest } id-aa-KP-manifest OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) attributes(5) 72 }
Manifest ::= SEQUENCE SIZE (1..MAX) OF ShortTitle
-- Key Algorithm Attribute
aa-keyAlgorithm ATTRIBUTE ::= {
TYPE KeyAlgorithm
IDENTIFIED BY id-kma-keyAlgorithm }
id-kma-keyAlgorithm OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 1 }
KeyAlgorithm ::= SEQUENCE {
keyAlg OBJECT IDENTIFIER,
checkWordAlg [1] OBJECT IDENTIFIER OPTIONAL,
crcAlg [2] OBJECT IDENTIFIER OPTIONAL }
-- User Certificate Attribute
aa-userCertificate ATTRIBUTE ::= {
TYPE Certificate
EQUALITY MATCHING RULE certificateExactMatch
IDENTIFIED BY id-at-userCertificate }
id-at-userCertificate OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) ds(5) attributes(4) 36 }
-- Key Package Receivers Attribute
aa-keyPackageReceivers-v2 ATTRIBUTE ::= {
TYPE KeyPkgReceiversV2
IDENTIFIED BY id-kma-keyPkgReceiversV2 }
id-kma-keyPkgReceiversV2 OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 16 }
KeyPkgReceiversV2 ::= SEQUENCE SIZE (1..MAX) OF KeyPkgReceiver
KeyPkgReceiver ::= CHOICE {
sirEntity [0] SIREntityName,
community [1] CommunityIdentifier }
-- TSEC Nomenclature Attribute
aa-tsecNomenclature ATTRIBUTE ::= {
TYPE TSECNomenclature
IDENTIFIED BY id-kma-TSECNomenclature }
id-kma-TSECNomenclature OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 3 }
TSECNomenclature ::= SEQUENCE {
shortTitle ShortTitle,
editionID EditionID OPTIONAL,
registerID RegisterID OPTIONAL,
segmentID SegmentID OPTIONAL }
ShortTitle ::= PrintableString
EditionID ::= CHOICE {
char CHOICE {
charEdition [1] CharEdition,
charEditionRange [2] CharEditionRange },
num CHOICE {
numEdition [3] NumEdition,
numEditionRange [4] NumEditionRange } }
CharEdition ::= PrintableString
CharEditionRange ::= SEQUENCE {
firstCharEdition CharEdition,
lastCharEdition CharEdition }
NumEdition ::= INTEGER (0..308915776)
NumEditionRange ::= SEQUENCE {
firstNumEdition NumEdition,
lastNumEdition NumEdition }
RegisterID ::= CHOICE {
register [5] Register,
registerRange [6] RegisterRange }
Register ::= INTEGER (0..2147483647)
RegisterRange ::= SEQUENCE {
firstRegister Register,
lastRegister Register }
SegmentID ::= CHOICE {
segmentNumber [7] SegmentNumber,
segmentRange [8] SegmentRange }
SegmentNumber ::= INTEGER (1..127)
SegmentRange ::= SEQUENCE {
firstSegment SegmentNumber,
lastSegment SegmentNumber }
-- Key Purpose Attribute
aa-keyPurpose ATTRIBUTE ::= {
TYPE KeyPurpose
IDENTIFIED BY id-kma-keyPurpose }
id-kma-keyPurpose OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 13 }
KeyPurpose ::= ENUMERATED {
n-a (0), -- Not Applicable
a (65), -- Operational
b (66), -- Compatible Multiple Key
l (76), -- Logistics Combinations
m (77), -- Maintenance
r (82), -- Reference
s (83), -- Sample
t (84), -- Training
v (86), -- Developmental
x (88), -- Exercise
z (90), -- "On the Air" Testing
... -- Expect additional key purpose values -- }
-- Key Use Attribute
aa-keyUse ATTRIBUTE ::= {
TYPE KeyUse
IDENTIFIED BY id-kma-keyUse }
id-kma-keyUse OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 14 }
KeyUse ::= ENUMERATED {
n-a (0), -- Not Applicable
ffk (1), -- FIREFLY/CROSSTALK Key (Basic Format)
kek (2), -- Key Encryption Key
kpk (3), -- Key Production Key
msk (4), -- Message Signature Key
qkek (5), -- QUADRANT Key Encryption Key
tek (6), -- Traffic Encryption Key
tsk (7), -- Transmission Security Key
trkek (8), -- Transfer Key Encryption Key
nfk (9), -- Netted FIREFLY Key
effk (10), -- FIREFLY Key (Enhanced Format)
ebfk (11), -- FIREFLY Key (Enhanceable Basic Format)
aek (12), -- Algorithm Encryption Key
wod (13), -- Word of Day
kesk (246), -- Key Establishment Key
eik (247), -- Entity Identification Key
ask (248), -- Authority Signature Key
kmk (249), -- Key Modifier Key
rsk (250), -- Revocation Signature Key
csk (251), -- Certificate Signature Key
sak (252), -- Symmetric Authentication Key
rgk (253), -- Random Generation Key
cek (254), -- Certificate Encryption Key
exk (255), -- Exclusion Key
... -- Expect additional key use values -- }
-- Transport Key Attribute
aa-transportKey ATTRIBUTE ::= {
TYPE TransOp
IDENTIFIED BY id-kma-transportKey }
id-kma-transportKey OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 15 }
TransOp ::= ENUMERATED {
transport (1),
operational (2) }
-- Key Distribution Period Attribute
aa-keyDistributionPeriod ATTRIBUTE ::= {
TYPE KeyDistPeriod
IDENTIFIED BY id-kma-keyDistPeriod }
id-kma-keyDistPeriod OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 5 }
KeyDistPeriod ::= SEQUENCE {
doNotDistBefore [0] BinaryTime OPTIONAL,
doNotDistAfter BinaryTime }
-- Key Validity Period Attribute
aa-keyValidityPeriod ATTRIBUTE ::= {
TYPE KeyValidityPeriod
IDENTIFIED BY id-kma-keyValidityPeriod }
id-kma-keyValidityPeriod OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 6 }
KeyValidityPeriod ::= SEQUENCE {
doNotUseBefore BinaryTime,
doNotUseAfter BinaryTime OPTIONAL }
-- Key Duration Attribute
aa-keyDurationPeriod ATTRIBUTE ::= {
TYPE KeyDuration
IDENTIFIED BY id-kma-keyDuration }
id-kma-keyDuration OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 7 }
KeyDuration ::= CHOICE {
hours [0] INTEGER (1..ub-KeyDuration-hours),
days INTEGER (1..ub-KeyDuration-days),
weeks [1] INTEGER (1..ub-KeyDuration-weeks),
months [2] INTEGER (1..ub-KeyDuration-months),
years [3] INTEGER (1..ub-KeyDuration-years) }
ub-KeyDuration-hours INTEGER ::= 96
ub-KeyDuration-days INTEGER ::= 732
ub-KeyDuration-weeks INTEGER ::= 104
ub-KeyDuration-months INTEGER ::= 72
ub-KeyDuration-years INTEGER ::= 100
-- Classification Attribute -- The attribute syntax is imported from [RFC6268]. The term -- "classification" is used in this document, but the term "security -- label" is used in [RFC2634]. The terms have the same meaning. aa-classificationAttribute ATTRIBUTE ::= { TYPE Classification IDENTIFIED BY id-aa-KP-classification } id-aa-KP-classification OBJECT IDENTIFIER ::= id-aa-securityLabel Classification ::= ESSSecurityLabel id-enumeratedRestrictiveAttributes OBJECT IDENTIFIER ::= { 2 16 840 1 101 2 1 8 3 4 } id-enumeratedPermissiveAttributes OBJECT IDENTIFIER ::= { 2 16 840 1 101 2 1 8 3 1 } EnumeratedTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeList SET OF SecurityAttribute } SecurityAttribute ::= INTEGER (0..MAX) -- Split Identifier Attribute aa-splitIdentifier ATTRIBUTE ::= { TYPE SplitID IDENTIFIED BY id-kma-splitID } id-kma-splitID OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) dod(2) infosec(1) keying-material-attributes(13) 11 } SplitID ::= SEQUENCE { half ENUMERATED { a(0), b(1) }, combineAlg AlgorithmIdentifier {COMBINE-ALGORITHM, {CombineAlgorithms}} OPTIONAL }
COMBINE-ALGORITHM ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Params OPTIONAL,
¶mPresence ParamOptions DEFAULT absent,
&smimeCaps SMIME-CAPS OPTIONAL
}
WITH SYNTAX {
IDENTIFIER &id
[PARAMS [TYPE &Params] ARE ¶mPresence]
[SMIME-CAPS &smimeCaps]
}
CombineAlgorithms COMBINE-ALGORITHM ::= {
...
}
-- Key Package Type Attribute
aa-keyPackageType ATTRIBUTE ::= {
TYPE KeyPkgType
IDENTIFIED BY id-kma-keyPkgType }
id-kma-keyPkgType OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 12 }
KeyPkgType ::= OBJECT IDENTIFIER
-- Signature Usage Attribute
aa-signatureUsage-v3 ATTRIBUTE ::= {
TYPE SignatureUsage
IDENTIFIED BY id-kma-sigUsageV3 }
id-kma-sigUsageV3 OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 22 }
SignatureUsage ::= CMSContentConstraints
-- Other Certificate Format Attribute
aa-otherCertificateFormats ATTRIBUTE ::= {
TYPE CertificateChoices
IDENTIFIED BY id-kma-otherCertFormats }
id-kma-otherCertFormats OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 19 }
-- PKI Path Attribute
aa-pkiPath ATTRIBUTE ::= {
TYPE PkiPath
IDENTIFIED BY id-at-pkiPath }
id-at-pkiPath OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) ds(5) attributes(4) 70 }
PkiPath ::= SEQUENCE SIZE (1..MAX) OF Certificate
-- Useful Certificates Attribute
aa-usefulCertificates ATTRIBUTE ::= {
TYPE CertificateSet
IDENTIFIED BY id-kma-usefulCerts }
id-kma-usefulCerts OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 20 }
-- Key Wrap Attribute
aa-keyWrapAlgorithm ATTRIBUTE ::= {
TYPE AlgorithmIdentifier{KEY-WRAP, {KeyEncryptionAlgorithmSet}}
IDENTIFIED BY id-kma-keyWrapAlgorithm }
id-kma-keyWrapAlgorithm OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) keying-material-attributes(13) 21 }
KeyEncryptionAlgorithmSet KEY-WRAP ::= { ... }
-- Content Decryption Key Identifier Attribute
aa-contentDecryptKeyIdentifier ATTRIBUTE ::= {
TYPE ContentDecryptKeyID
IDENTIFIED BY id-aa-KP-contentDecryptKeyID }
id-aa-KP-contentDecryptKeyID OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) attributes(5) 66 }
ContentDecryptKeyID::= OCTET STRING
-- Certificate Pointers Attribute
aa-certificatePointers ATTRIBUTE ::= {
TYPE SubjectInfoAccessSyntax
IDENTIFIED BY id-pe-subjectInfoAccess }
-- CRL Pointers Attribute
aa-cRLDistributionPoints ATTRIBUTE ::= {
TYPE GeneralNames
IDENTIFIED BY id-aa-KP-crlPointers }
id-aa-KP-crlPointers OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) attributes (5) 70 }
-- ExtendedErrorCodes
id-errorCodes OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
dod(2) infosec(1) errorCodes(22) }
id-missingKeyType OBJECT IDENTIFIER ::= {
id-errorCodes 1 }
id-privacyMarkTooLong OBJECT IDENTIFIER ::= {
id-errorCodes 2 }
id-unrecognizedSecurityPolicy OBJECT IDENTIFIER ::= {
id-errorCodes 3 }
END
Authors' Addresses
Paul Timmel National Information Assurance Research Laboratory National Security Agency Email: pstimme@nsa.gov Russ Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 United States Email: housley@vigilsec.com Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 United States Email: turners@ieca.com