| blob | c9d6fd97dafe45ea5bbb802bd12214c43e74c319 |
7 Network Working Group H.J. Lee
8 Request for Comments: 4162 J.H. Yoon
9 Category: Standards Track J.I. Lee
10 KISA
11 August 2005
14 Addition of SEED Cipher Suites to Transport Layer Security (TLS)
16 Status of This Memo
18 This document specifies an Internet standards track protocol for the
19 Internet community, and requests discussion and suggestions for
20 improvements. Please refer to the current edition of the "Internet
21 Official Protocol Standards" (STD 1) for the standardization state
22 and status of this protocol. Distribution of this memo is unlimited.
24 Copyright Notice
26 Copyright (C) The Internet Society (2005).
28 Abstract
30 This document proposes the addition of new cipher suites to the
31 Transport Layer Security (TLS) protocol to support the SEED
32 encryption algorithm as a bulk cipher algorithm.
34 1. Introduction
36 This document proposes the addition of new cipher suites to the TLS
37 protocol [TLS] to support the SEED encryption algorithm as a bulk
38 cipher algorithm.
40 1.1. SEED
42 SEED is a symmetric encryption algorithm that was developed by Korea
43 Information Security Agency (KISA) and a group of experts, beginning
44 in 1998. The input/output block size of SEED is 128-bit and the key
45 length is also 128-bit. SEED has the 16-round Feistel structure. A
46 128-bit input is divided into two 64-bit blocks and the right 64-bit
47 block is an input to the round function with a 64-bit subkey
48 generated from the key scheduling.
58 Lee, et al. Standards Track [Page 1]
59 \f
60 RFC 4162 SEED Cipher Suites to TLS August 2005
63 SEED is easily implemented in various software and hardware because
64 it is designed to increase the efficiency of memory storage and the
65 simplicity of generating keys without degrading the security of the
66 algorithm. In particular, it can be effectively adopted in a
67 computing environment that has a restricted resources such as mobile
68 devices, smart cards, and so on.
70 SEED is a national industrial association standard [TTASSEED] and is
71 widely used in South Korea for electronic commerce and financial
72 services operated on wired & wireless PKI.
74 The algorithm specification and object identifiers are described in
75 [SEED-ALG]. The SEED homepage,
76 http://www.kisa.or.kr/seed/seed_eng.html, contains a wealth of
77 information about SEED, including detailed specification, evaluation
78 report, test vectors, and so on.
80 1.2. Terminology
82 The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
83 "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase,
84 as shown) are to be interpreted as described in [RFC2119].
86 2. Proposed Cipher Suites
88 The new cipher suites proposed here have the following definitions:
90 CipherSuite TLS_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x96};
91 CipherSuite TLS_DH_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x97};
92 CipherSuite TLS_DH_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x98};
93 CipherSuite TLS_DHE_DSS_WITH_SEED_CBC_SHA = { 0x00, 0x99};
94 CipherSuite TLS_DHE_RSA_WITH_SEED_CBC_SHA = { 0x00, 0x9A};
95 CipherSuite TLS_DH_anon_WITH_SEED_CBC_SHA = { 0x00, 0x9B};
97 3. Cipher Suite Definitions
99 3.1. Cipher
101 All the cipher suites described here use SEED in cipher block
102 chaining (CBC) mode as a bulk cipher algorithm. SEED is a 128-bit
103 block cipher with 128-bit key size.
105 3.2. Hash
107 All the cipher suites described here use SHA-1 [SHA-1] in an HMAC
108 construction as described in section 5 of [TLS].
114 Lee, et al. Standards Track [Page 2]
115 \f
116 RFC 4162 SEED Cipher Suites to TLS August 2005
119 3.3. Key Exchange
121 The cipher suites defined here differ in the type of certificate and
122 key exchange method. They use the following options:
124 CipherSuite Key Exchange Algorithm
126 TLS_RSA_WITH_SEED_CBC_SHA RSA
127 TLS_DH_DSS_WITH_SEED_CBC_SHA DH_DSS
128 TLS_DH_RSA_WITH_SEED_CBC_SHA DH_RSA
129 TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE_DSS
130 TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE_RSA
131 TLS_DH_anon_WITH_SEED_CBC_SHA DH_anon
133 For the meanings of the terms RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
134 and DH_anon, please refer to sections 7.4.2 and 7.4.3 of [TLS].
136 4. Security Considerations
138 It is not believed that the new cipher suites are less secure than
139 the corresponding older ones. No security problem has been found on
140 SEED. SEED is robust against known attacks, including differential
141 cryptanalysis, linear cryptanalysis, and related key attacks, etc.
142 SEED has gone through wide public scrutinizing procedures.
143 Especially, it has been evaluated and also considered
144 cryptographically secure by trustworthy organizations such as ISO/IEC
145 JTC 1/SC 27 and Japan CRYPTREC (Cryptography Research and Evaluation
146 Committees) [ISOSEED] [CRYPTREC]. SEED has been submitted to several
147 other standardization bodies such as ISO (ISO/IEC 18033-3) and IETF
148 S/MIME Mail Security [SEED-SMIME]; and it is under consideration.
149 For further security considerations, the reader is encouraged to read
150 [SEED-EVAL].
152 For other security considerations, please refer to the security of
153 the corresponding older cipher suites described in [TLS] and
154 [AES-TLS].
170 Lee, et al. Standards Track [Page 3]
171 \f
172 RFC 4162 SEED Cipher Suites to TLS August 2005
175 5. References
177 5.1. Normative References
179 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
180 Requirement Levels", BCP 14, RFC 2119, March 1997.
182 [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
183 RFC 2246, January 1999.
185 [TTASSEED] Telecommunications Technology Association (TTA), South
186 Korea, "128-bit Symmetric Block Cipher (SEED)",
187 TTAS.KO-12.0004, September 1998, (In Korean)
188 http://www.tta.or.kr/English/new/main/index.htm.
190 5.2. Informative References
192 [AES-TLS] Chown, P., "Advanced Encryption Standard (AES)
193 Ciphersuites for Transport Layer Security (TLS)", RFC
194 3268, June 2002.
196 [CRYPTREC] Information-technology Promotion Agency (IPA), Japan,
197 CRYPTREC. "SEED Evaluation Report", February 2002,
198 http://www.kisa.or.kr/seed/seed_eng.html.
200 [ISOSEED] ISO/IEC JTC 1/SC 27, "National Body contributions on NP
201 18033 'Encryption Algorithms' in Response to SC 27 N2563
202 (ATT.3 Korea Contribution)", ISO/IEC JTC 1/SC 27 N2656r1
203 (n2656_3.zip), October 2000.
205 [SEED-EVAL] KISA, "Self Evaluation Report",
206 http://www.kisa.or.kr/seed/seed_eng.html.
208 [SEED-ALG] Park, J., Lee, S., Kim, J., and J. Lee, "The SEED
209 Encryption Algorithm", RFC 4009, February 2005.
211 [SEED-SMIME] Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED
212 Encryption Algorithm in Cryptographic Message Syntax
213 (CMS)", RFC 4010, February 2005.
215 [SHA-1] FIPS PUB 180-1, "Secure Hash Standard", National
216 Institute of Standards and Technology, U.S. Department
217 of Commerce, April 17, 1995.
226 Lee, et al. Standards Track [Page 4]
227 \f
228 RFC 4162 SEED Cipher Suites to TLS August 2005
231 Authors' Addresses
233 Hyangjin Lee
234 Korea Information Security Agency
236 Phone: +82-2-405-5446
237 Fax : +82-2-405-5319
238 EMail: jiinii@kisa.or.kr
241 Jaeho Yoon
242 Korea Information Security Agency
244 Phone: +82-2-405-5434
245 Fax : +82-2-405-5219
246 EMail: jhyoon@kisa.or.kr
249 Jaeil Lee
250 Korea Information Security Agency
252 Phone: +82-2-405-5300
253 Fax : +82-2-405-5219
254 EMail: jilee@kisa.or.kr
282 Lee, et al. Standards Track [Page 5]
283 \f
284 RFC 4162 SEED Cipher Suites to TLS August 2005
287 Full Copyright Statement
289 Copyright (C) The Internet Society (2005).
291 This document is subject to the rights, licenses and restrictions
292 contained in BCP 78, and except as set forth therein, the authors
293 retain all their rights.
295 This document and the information contained herein are provided on an
296 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
297 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
298 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
299 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
300 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
301 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
303 Intellectual Property
305 The IETF takes no position regarding the validity or scope of any
306 Intellectual Property Rights or other rights that might be claimed to
307 pertain to the implementation or use of the technology described in
308 this document or the extent to which any license under such rights
309 might or might not be available; nor does it represent that it has
310 made any independent effort to identify any such rights. Information
311 on the procedures with respect to rights in RFC documents can be
312 found in BCP 78 and BCP 79.
314 Copies of IPR disclosures made to the IETF Secretariat and any
315 assurances of licenses to be made available, or the result of an
316 attempt made to obtain a general license or permission for the use of
317 such proprietary rights by implementers or users of this
318 specification can be obtained from the IETF on-line IPR repository at
319 http://www.ietf.org/ipr.
321 The IETF invites any interested party to bring to its attention any
322 copyrights, patents or patent applications, or other proprietary
323 rights that may cover technology that may be required to implement
324 this standard. Please address the information to the IETF at ietf-
325 ipr@ietf.org.
327 Acknowledgement
329 Funding for the RFC Editor function is currently provided by the
330 Internet Society.
338 Lee, et al. Standards Track [Page 6]
339 \f