1 INTERNET DRAFT K. Raeburn
2 Kerberos Working Group MIT
3 Document: draft-ietf-krb-wg-sha1-00.txt October 18, 2004
7 Unkeyed SHA-1 Checksum Specification
12 By submitting this Internet-Draft, I certify that any applicable
13 patent or other IPR claims of which I am aware have been disclosed,
14 or will be disclosed, and any of which I become aware will be
15 disclosed, in accordance with RFC 3668.
18 Internet-Drafts are working documents of the Internet Engineering
19 Task Force (IETF), its areas, and its working groups. Note that
20 other groups may also distribute working documents as Internet-
24 Internet-Drafts are draft documents valid for a maximum of six months
25 and may be updated, replaced, or obsoleted by other documents at any
26 time. It is inappropriate to use Internet-Drafts as reference
27 material or to cite them other than a "work in progress."
30 The list of current Internet-Drafts can be accessed at
31 http://www.ietf.org/1id-abstracts.html
34 The list of Internet-Draft Shadow Directories can be accessed at
35 http://www.ietf.org/shadow.html
41 Copyright (C) The Internet Society (2004). All Rights Reserved.
47 The Kerberos cryptosystem specification requires a profile detailing
48 several operations for a new checksum type for ensuring the integrity
49 of data in Kerberos and related protocol exchanges. This document
50 specifies the use of a simple unkeyed checksum type based on SHA-1.
61 INTERNET DRAFT October 2004
68 The Kerberos cryptosystem specification requires a profile detailing
69 several operations for a new checksum type for ensuring the integrity
70 of data in Kerberos and related protocol exchanges. This document
71 specifies the use of a simple unkeyed checksum type based on SHA-1.
74 (...to be expanded on a bit, describe PKINIT use...)
77 2. Checksum Definition
80 The SHA-1 Kerberos checksum type calculates a checksum using the
81 SHA-1 hash algorithm. This algorithm takes as input a message of
82 arbitrary length, and produces as output a 160-bit (20 octet) hash
86 Any general specification of a Kerberos checksum value to be computed
87 must include the encryption key and a key usage value [KCRYPTO].
88 Both of these values are ignored for the SHA-1 checksum type, thus
89 this checksum algorithm may be used with any encryption key type.
92 The parameters for the Kerberos checksum profile for this type are
98 ----------------------------------------------
99 associated cryptosystem any
105 verify_mic get_mic and compare
109 The sha1 checksum algorithm is assigned a checksum type number of 14.
112 3. Security Considerations
115 Unkeyed checksum types should be used with caution, in limited
116 circumstances where the lack of a key does not provide an avenue for
117 an attacker to compromise the integrity of the data being conveyed.
118 Even when encrypted, the use of unkeyed checksums may allow some
119 forms of attack; this is discussed in the Security Considerations
120 section of [KCRYPTO].
123 The use of unkeyed checksums for integrity protection should be done
131 INTERNET DRAFT October 2004
135 4. IANA Considerations
138 The Kerberos checksum type values 10 and 14 have both been reserved
139 for "sha1 (unkeyed)" per [KCRYPTO], the latter with intent to use it
140 with this specification, and the former on the basis of speculation
141 that some implementation might have used that value for the same
145 XXX...mention PKINIT above as the intended use?
148 IANA is directed to assign the Kerberos checksum type value 14 to
149 "sha1" with a reference to this document.
152 As no supporting information has been found regarding any existing
153 experimental use of or specification for Kerberos checksum type 10,
154 IANA is directed to delete that registry entry, leaving the value
155 available for future assignment.
162 Raeburn, K., "Encryption and Checksum Specifications for Kerberos
163 5", draft-ietf-krb-wg-crypto-07.txt, February 2004.
165 NIST, "Secure Hash Standard", FIPS PUB 180-1, April 1995.
168 Informative References
172 Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The Kerberos
173 Network Authentication Service (V5)", draft-ietf-krb-wg-kerberos-
174 clarifications-07.txt, September 2004.
176 Tung, B., Neuman, C., Hur, M., Medvinsky, A., Medvinsky, S., Wray,
177 J., and J. Trostle, "Public Key Cryptography for Initial
178 Authentication in Kerberos", draft-ietf-cat-kerberos-pk-
179 init-20.txt, July 2004.
186 Massachusetts Institute of Technology
187 77 Massachusetts Avenue
198 INTERNET DRAFT October 2004
202 Full Copyright Statement
205 Copyright (C) The Internet Society 2004. This document is subject to
206 the rights, licenses and restrictions contained in BCP 78, and except
207 as set forth therein, the authors retain all their rights.
213 This document and the information contained herein are provided on an
214 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
215 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
216 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
217 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
218 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
219 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.