1
2
3
4
5
6
7Network Working Group                                        M. Horowitz
8<draft-ietf-cat-kerb-des3-hmac-sha1-00.txt>             Cygnus Solutions
9Internet-Draft                                            November, 1996
10
11
12           Triple DES with HMAC-SHA1 Kerberos Encryption Type
13
14Status of this Memo
15
16   This document is an Internet-Draft.  Internet-Drafts are working
17   documents of the Internet Engineering Task Force (IETF), its areas,
18   and its working groups.  Note that other groups may also distribute
19   working documents as Internet-Drafts.
20
21   Internet-Drafts are draft documents valid for a maximum of six months
22   and may be updated, replaced, or obsoleted by other documents at any
23   time.  It is inappropriate to use Internet-Drafts as reference
24   material or to cite them other than as ``work in progress.''
25
26   To learn the current status of any Internet-Draft, please check the
27   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
28   Directories on ds.internic.net (US East Coast), nic.nordu.net
29   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
30   Rim).
31
32   Distribution of this memo is unlimited.  Please send comments to the
33   <cat-ietf@mit.edu> mailing list.
34
35Abstract
36
37   This document defines a new encryption type and a new checksum type
38   for use with Kerberos V5 [RFC1510].  This encryption type is based on
39   the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message
40   authentication algorithm.
41
42   The des3-cbc-hmac-sha1 encryption type has been assigned the value 7.
43   The hmac-sha1-des3 checksum type has been assigned the value 12.
44
45
46Encryption Type des3-cbc-hmac-sha1
47
48   EncryptedData using this type must be generated as described in
49   [Horowitz96].  The encryption algorithm is Triple DES in Outer-CBC
50   mode.  The keyed hash algorithm is HMAC-SHA1.  Unless otherwise
51   specified, a zero IV must be used.  If the length of the input data
52   is not a multiple of the block size, zero octets must be used to pad
53   the plaintext to the next eight-octet boundary.  The counfounder must
54   be eight random octets (one block).
55
56
57Checksum Type hmac-sha1-des3
58
59   Checksums using this type must be generated as described in
60   [Horowitz96].  The keyed hash algorithm is HMAC-SHA1.
61
62
63
64Horowitz                                                        [Page 1]
65
66Internet Draft     Kerberos Triple DES with HMAC-SHA1     November, 1996
67
68
69Common Requirements
70
71   Where the Triple DES key is represented as an EncryptionKey, it shall
72   be represented as three DES keys, with parity bits, concatenated
73   together.  The key shall be represented with the most significant bit
74   first.
75
76   When keys are generated by the derivation function, a key length of
77   168 bits shall be used.  The output bit string will be converted to a
78   valid Triple DES key by inserting DES parity bits after every seventh
79   bit.
80
81   Any implementation which implements either of the encryption or
82   checksum types in this document must support both.
83
84
85Security Considerations
86
87   This entire document defines encryption and checksum types for use
88   with Kerberos V5.
89
90
91References
92
93   [Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
94      horowitz-kerb-key-derivation-00.txt, November 1996.
95   [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
96      Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
97      md5-01.txt, August, 1996.
98   [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
99      Authentication Service (V5)", RFC 1510, September 1993.
100
101
102Author's Address
103
104   Marc Horowitz
105   Cygnus Solutions
106   955 Massachusetts Avenue
107   Cambridge, MA 02139
108
109   Phone: +1 617 354 7688
110   Email: marc@cygnus.com
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126Horowitz                                                        [Page 2]
127
128