FYI,
Carl-Uno
-----Original Message-----
From: John Banes [mailto:jbanes at microsoft.com]
Sent: Saturday, February 20, 1999 8:24 PM
To: IETF Transport Layer Security WG
Subject: TLS 56-bit export cipher suites
This document describes several new cipher suites to be used with the
Transport Layer Security (TLS) protocol. Recent changes in US export
regulations permit the export of software programs using 56-bit data
encryption and 1024-bit key exchange. The cipher suites described in this
document take full advantage of these new regulations.
We are planning to include support for these cipher suites in the next
version of Windows.
Regards,
John Banes
Windows NT Security (schannel)
---
You are currently subscribed to ietf-tls as: [cmanros at cp10.es.xerox.coM]
To unsubscribe, forward this message to
leave-ietf-tls-641F at lists.consensus.com
-------------- next part --------------
Transport Layer Security Working Group John Banes
INTERNET-DRAFT Richard Harrington
Expires July, 1999 Microsoft Corporation
January 15, 1999
56-bit Export Cipher Suites For TLS
draft-ietf-tls-56-bit-ciphersuites-00.txt
1. Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or made obsolete by other documents at
any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as work in progress.
To learn the current status of any Internet-Draft, please check the
1id-abstracts.txt listing contained in the Internet Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
2. Introduction
This document describes several new cipher suites to be used with the
Transport Layer Security (TLS) protocol. Recent changes in US export
regulations permit the export of software programs using 56-bit data
encryption and 1024-bit key exchange. The cipher suites described in
this document take full advantage of these new regulations.
3. The CipherSuites
The following values define the CipherSuite codes used in the client
hello and server hello messages.
The following CipherSuite definitions require that the server
provide an RSA certificate that can be used for key exchange. The
server may request either an RSA or a DSS signature-capable
certificate in the certificate request message.
CipherSuite TLS_RSA_EXPORT56_WITH_RC4_56_MD5 = { 0x00,0x60 };
CipherSuite TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 = { 0x00,0x61 };
CipherSuite TLS_RSA_EXPORT56_WITH_DES_CBC_SHA = { 0x00,0x62 };
Banes Expires July, 1999 [Page 1]
INTERNET-DRAFT 56-bit Export TLS January 15, 1999
The following CipherSuite definitions are used for
server-authenticated (and optionally client-authenticated)
Diffie-Hellman. DHE denotes ephemeral Diffie-Hellman, where the
Diffie-Hellman parameters are signed by a DSS certificate, which
has been signed by the CA.
CipherSuite TLS_DHE_DSS_EXPORT56_WITH_DES_CBC_SHA = { 0x00,0x63 };
4. CipherSuite definitions
CipherSuite Is Key Cipher Hash
Exportable Exchange
TLS_RSA_EXPORT56_WITH_RC4_56_MD5 * RSA_EXPORT56 RC4_56 MD5
TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 * RSA_EXPORT56 RC2_56 MD5
TLS_RSA_EXPORT56_WITH_DES_CBC_56_SHA * RSA_EXPORT56 RC2_56 SHA
TLS_DHE_DSS_EXPORT56_WITH_DES_CBC_SHA * DHE_DSS_EXPORT56 DES_CBC SHA
* Indicates IsExportable is True
Key
Exchange
Algorithm Description Key size limit
RSA_EXPORT56 RSA key exchange RSA = 1024 bits
DHE_DSS_EXPORT56 Ephemeral DH with DSS signatures DH = 1024 bits
Key size limit
The key size limit gives the size of the largest public key that
can be legally used for encryption in cipher suites that are
exportable.
Key Expanded Effective IV Block
Cipher Type Material Key Material Key Bits Size Size
RC2_CBC_56 Block 7 16 56 8 8
RC4_56 Stream 7 16 56 0 N/A
DES_CBC Block 8 8 56 8 8
5. Implementation Notes
When an RSA_EXPORT56 cipher suite is used, and the server's RSA key
is larger than 1024 bits in length, then the server must send a
server key exchange message to the client. This message is to
contain a temporary RSA key, signed by the server. This temporary
RSA key should be the maximum allowable length (i.e., 1024 bits).
Servers with a large RSA key will often maintain two temporary RSA
Banes Expires July, 1999 [Page 2]
INTERNET-DRAFT 56-bit Export TLS January 15, 1999
keys: a 512-bit key used to support the RSA_EXPORT cipher suites,
and a 1024-bit key used to support the RSA_EXPORT56 cipher suites.
When 56-bit DES keys are derived for an export cipher suite, the
additional export key derivation step must be performed. That is,
the final read and write DES keys are not taken directly from the
key_block.
6. References
[TLS] T. Dierks, C. Allen, The TLS Protocol,
<draft-ietf-tls-protocol-06.txt>, November 1998.
7. Authors
John Banes Richard Harrington
Microsoft Corp. Microsoft Corp.
jbanes at microsoft.comrichha at microsoft.com
Banes Expires July, 1999 [Page 3]