Internet DRAFT - draft-ietf-smime-ibepps
draft-ietf-smime-ibepps
S/MIME Working Group G. Appenzeller
Internet Draft Voltage Security
Expires: December 2006 June 2006
Identity-based Encryption
Parameter and Policy Lookup
<draft-ietf-smime-ibepps-00.txt>
Status of this Document
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware have been
or will be disclosed, and any of which he or she becomes aware will be
disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Abstract
This document describes a protocol to obtain public parameters and
policy information for an identity-based encryption system.
Table of Contents
1. Introduction...................................................2
1.1. Terminology...............................................2
2. Overview.......................................................2
3. Request Method.................................................3
4. Parameter and Policy Format....................................4
5. ASN.1 Module...................................................7
� Appenzeller Expires December 2006 [Page 1]
� Internet-Draft Parameter and Policy Lookup June 2006
6. Security Considerations........................................8
7. IANA Considerations............................................8
8. References.....................................................9
8.1. Normative References......................................9
Author's Address.................................................10
Intellectual Property Statement..................................10
Disclaimer of Validity...........................................10
Copyright Statement..............................................10
Acknowledgment...................................................11
1. Introduction
An identity-based encryption system (IBE) allows the encryption of
messages using a user’s identity plus a set of public parameters.
Theses public parameters are a global piece of data that is generated
together with the master secret of the IBE system when the IBE system
is set up. This document defines a protocol to retrieve public
parameters as well as configuration parameters of the private key
generator (PKG) of an IBE system.
This document does not describe the actual algorithms used for
encryption or the mathematical structure of the public parameters,
they are described in [IBCS]. It also does not describe the
communication protocol to the PKG, which is described in [IBEPKG].
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [KEY].
2. Overview
For an identity-based encryption (IBE) system to operate correctly,
the sender, receiver and the private key generator (PKG) have to
agree on a number of parameters. This protocol specifies how a system
component of an IBE system can retrieve these parameters,
specifically:
1. The Public Parameters of the PKG. The public parameters are part
of the encryption (and in some cases decryption) operation of
the IBE system. Generation of public parameters and the master
secret, as well as the mathematical structure of the public
parameters for the BF and BB1 algorithms are described in
[IBCS].
Appenzeller Expires December 14, 2006 [Page 2]
� Internet-Draft Parameter and Policy Lookup June 2006
2. The URI of the PKG. Knowledge of this URI allows recipients to
request a private key as described in [IBEPKG].
3. The schema to format the identity strings. When issuing a
private key, the PKG often wants to limit who can obtain private
keys. For example for an identity string that contains
“bob@example.com”, only the owner of the identity string should
be able to request the private key. To ensure that the PKG can
interpret the identity string for which a private key is
requested, the encryption engine and the PKG have to use the
same schema for identity strings. Identity schemas are described
in [IBECMS]
A sending or receiving client MUST allow configuration of these
parameters manually, e.g. through editing a configuration file.
However for simplified configuration a client MAY also implement the
PP URI request method described in this document to fetch the system
parameters based on a configured URI. This is especially useful for
federating between IBE systems. By specifying a single URL a client
can be configured to fetch all the relevant parameters for a remote
PKG. These public parameters can then be used to encrypt messages to
recipients who authenticate to and retrieve private keys from that
PKG.
Section 3 of this document outlines the URI request method to
retrieve a parameter block based on a URI. Section 4 describes the
schema of the parameter block itself.
3. Request Method
The configuration URI SHOULD be an HTTPS URL [RFC2616] of the format:
http_URL = "https:" "//" host [ ":" port ] [ abs_path ]
An example URL for ibe system parameters is
https://ibe-0000.example.com/example.com.pem
To retrieve the IBE system parameters, the client SHOULD use the HTTP
GET method as defined in [RFC2616]. The request SHOULD happen over a
secure protocol. The requesting client MUST support either SSL v 3.0
[SSL3] protocol or TLS v 1.1 [TLS]. When requesting the URL the
client MUST only accept the system parameter block if the server
identity was verified successfully by SSL or TLS [RFC2618].
Appenzeller Expires December 14, 2006 [Page 3]
� Internet-Draft Parameter and Policy Lookup June 2006
A successful GET request returns in its body the DER and Base64
encoded ASN.1 structure that is described in the next section.
4. Parameter and Policy Format
The IBE System parameters are a set of
IBESysParams ::= SEQUENCE {
version INTEGER,
districtName UTF8String,
districtSerial INTEGER,
validity Validity,
ibePublicParameters IBEPublicParameters,
ibeIdentitySchema OBJECT IDENTIFIER,
ibeParamExtensions IBEParamExtensions
}
The version specifies the version of the parameter format. For the
format described in this standard it MUST be set to 2 The district
name is a UTF8String that MUST be a valid domain name as defined by
[RFC1035]. The districtSerial is a serial number. If new parameters
are published for a district, it MUST be increased.
The Validity is identical to the Validity definition for an X.509
certificate:
Validity ::= SEQUENCE {
notBefore CertificateValidityDate,
notAfter CertificateValidityDate
}
CertificateValidityDate ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime
}
A client SHOULD verify if system parameters that it obtains are
currently valid and SHOULD not use these parameters if they are not
valid.
IBEPublicParameters is a set of public parameters that correspond to
encryption algorithms that the PKG associated with this district
understands.
Appenzeller Expires December 14, 2006 [Page 4]
� Internet-Draft Parameter and Policy Lookup June 2006
IBEPublicParameters ::= SEQUENCE OF IBEPublicParameter
IBEPublicParameter ::= SEQUENCE {
ibeAlgorithm OBJECT IDENTIFIER,
publicParameterData OCTET STRING
}
The ibeAlgorithm OID specifies an IBE algorithm. The
publicParameterData is a DER encoded ASN.1 structure that contains
the actual cryptographic parameters. Its specific structure depends
on the algorithm. The OIDs for two IBE algorithms, the Boneh-Franklin
and Boneh-Boyen algorithms and their publicParameterData structures
are defined in [IBCS].
The IBESysParams of a district MUST contain at least one algorithm
and MAY contain several algorithms. It MUST NOT contain two or more
IBEPublicParameter entries with the same algorithm. A client that
wants to use IBESysParams can chose any of the algorithms specified
in the publicParameterData structure. If a client does not support
any of the supported algorithms it MUST generate an error message.A
client MUST implement at least the Boneh-Franklin algorithm and MAY
implement the Boneh-Boyens and other algorithms.
ibeIdentitySchema is an OID that defines the type of identities that
are used with this district. The OIDs and the required and optional
fields for each OID are described in [IBECMS].
IBEParamExtensions is a set of extensions that are defined the same
way as X.509 extensions.
IBEParamExtensions ::= SEQUENCE OF Extensions
Extension ::= SEQUENCE {
id OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
value OCTET STRING
}
ibeParamExt OBJECT IDENTIFIER ::= {
ibcs ibcs3(3) parameter-extensions(2)
}
The contents of the octet string are defined by the specific
extension type. The System Parameters of a district MAY have any
number of extensions, including zero. A client that encounters an
Appenzeller Expires December 14, 2006 [Page 5]
� Internet-Draft Parameter and Policy Lookup June 2006
extension SHOULD fail if the extension is critical and SHOULD ignore
it silently if the extension is not critical.
The Extension pkgURL as defined in section 5 defines the URL of the
Private Key Generator of the district. If the PKG is publicly
accessible, this extension SHOULD be present to allow the automatic
retrieval of private keys for recipients of encrypted messages. For
this extension the OCTET STRING contains a UTF8String with the full
URL of the key server.
Appenzeller Expires December 14, 2006 [Page 6]
� Internet-Draft Parameter and Policy Lookup June 2006
5. ASN.1 Module
This section defines the ASN.1 module for the encodings discussed in
section 4.
IBEPP { joint-iso-itu(2) country(16) us(840) organization(1)
identicrypt(114334) ibcs(1) pps(4) version(1) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
IMPORTS IBEIdentitySchema
FROM BFCMS
{ joint-iso-itu(2) country(16) us(840) organization(1)
identicrypt(114334) ibcs(1) cms(4) module(5) version(1)
};
ibcs OBJECT IDENTIFIER ::= {
joint-iso-itu(2) country(16) us(840) organization(1)
identicrypt(114334) ibcs(1)
}
-- The IBE System parameters consist of a set of public parameters
-- for the encryption algorithms supported by the district,
-- the identity schema, the URL of the PKG and further optional
-- parameters
IBESysParams ::= SEQUENCE {
version INTEGER,
districtName UTF8String,
districtSerial INTEGER,
validity Validity,
ibePublicParameters IBEPublicParameters,
ibeIdentitySchema OBJECT IDENTIFIER,
ibeParamExtensions IBEParamExtensions
}
-- Validity designates the time interval for which these parameters
-- are valid. It is defined the same as in X.509
Validity ::= SEQUENCE {
notBefore CertificateValidityDate,
notAfter CertificateValidityDate
}
CertificateValidityDate ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime
Appenzeller Expires December 14, 2006 [Page 7]
� Internet-Draft Parameter and Policy Lookup June 2006
}
-- Public Parameters for the IBE Algorithm
-- ibeAlgorithm is the algorithm OID from IBCS, e.g. "bb" or "bf"
-- publicParameterData is a DER encoded ASN.1 public parameter
-- block, e.g. BFPublicParamaters, BBPublicParamaters
IBEPublicParameters ::= SEQUENCE OF IBEPublicParameter
IBEPublicParameter ::= SEQUENCE {
ibeAlgorithm OBJECT IDENTIFIER,
publicParameterData OCTET STRING
}
-- Extensions are defined the same as in X.509
IBEParamExtensions ::= SEQUENCE OF Extension
Extension ::= SEQUENCE {
id OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
value OCTET STRING
}
ibeParamExt OBJECT IDENTIFIER ::= {
ibcs ibcs3(3) parameter-extensions(2)
}
-- Defined Extensions:
-- pkgURL: URL of the PKG, value is a UTF8String
pkgURL OBJECT IDENTIFIER ::= { ibeParamExt pkgURL(1) }
END
6. Security Considerations
This entire document relates to security considerations.
7. IANA Considerations
No further action by the IANA is necessary for the protocols
described in this document.
Appenzeller Expires December 14, 2006 [Page 8]
� Internet-Draft Parameter and Policy Lookup June 2006
8. References
8.1. Normative References
[CMS] R. Housley, “Cryptographic Message Syntax,” RFC 3369, August
2002.
[KEY] S. Brander, “Key Words for Use in RFCs to Indicate Requirement
Levels,” BCP 14, RFC 2119, March 1997.
[P1363] IEEE P1363.3, “Standards Specifications for Public-Key
Cryptography,” 2001.
[SSL3] A. Frier, P. Karlton, and P. Kocher, "The SSL 3.0 Protocol",
Netscape Communications Corp., Nov 18, 1996.
[TLS] T. Dierks, E. Rescorla, “The Transport Layer Security Protocol
Version 1.1,” RFC 4346, April 2006.
[X509] ITU-T Recommendation X.509 (1997 E): Information Technology -
Open Systems Interconnection - The Directory: Authentication
Framework, June 1997.
[IBEARCH] L. Martin, M. Schertler, “Identity-based Encryption
Architecture,” draft-ietf-smime-ibearch-00.txt.
[IBCS] X. Boyen, L. Martin, “Identity-Based Cryptography Standard
(IBCS) #1: Supersingular Curve Implementations of the BF and
BB1 Cryptosystems,” draft-ietf-smime-ibcs-00.txt.
[IBECMS] M. Schertler, L. Martin, “Using the Boneh-Franklin identity-
based encryption algorithm with the Cryptographic Message
Syntax (CMS),” draft-ietf-smime-bfibecms-01.txt.
[IBEPKG] G. Appezeller “Private Key Request protocol for Identity-
Based Encryption,” draft-ietf-smime-ibepkg-00.txt.
[RFC2396] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396, August
1998.Author's Address
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frysyk, H., Masinter,
L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol
-- HTTP/1.1", RFC 2616, June 1999.
Appenzeller Expires December 14, 2006 [Page 9]
� Internet-Draft Parameter and Policy Lookup June 2006
Author's Address
Guido Appenzeller
Voltage Security
1070 Arastradero Rd Suite 100
Palo Alto CA 94304
Phone: +1 650 543 1280
Email: guido@voltage.com
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006).
Appenzeller Expires December 14, 2006 [Page 10]
� Internet-Draft Parameter and Policy Lookup June 2006
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Appenzeller Expires December 14, 2006 [Page 11]
�
