IPP> FW: TLS 56-bit export cipher suites

IPP> FW: TLS 56-bit export cipher suites

Manros, Carl-Uno B cmanros at cp10.es.xerox.com
Mon Feb 22 20:42:46 EST 1999


FYI,

Carl-Uno

-----Original Message-----
From: John Banes [mailto:jbanes at microsoft.com] 
Sent: Saturday, February 20, 1999 8:24 PM
To: IETF Transport Layer Security WG
Subject: TLS 56-bit export cipher suites


This document describes several new cipher suites to be used with the
Transport Layer Security (TLS) protocol.  Recent changes in US export
regulations permit the export of software programs using 56-bit data
encryption and 1024-bit key exchange.  The cipher suites described in this
document take full advantage of these new regulations.

We are planning to include support for these cipher suites in the next
version of Windows.

Regards,

John Banes
Windows NT Security (schannel)



---
You are currently subscribed to ietf-tls as: [cmanros at cp10.es.xerox.coM]
To unsubscribe, forward this message to
leave-ietf-tls-641F at lists.consensus.com

-------------- next part --------------






Transport Layer Security Working Group                        John Banes
INTERNET-DRAFT                                        Richard Harrington
Expires July, 1999                                 Microsoft Corporation
                                                        January 15, 1999

                   56-bit Export Cipher Suites For TLS
                draft-ietf-tls-56-bit-ciphersuites-00.txt

1.  Status of this Memo

   This document is an Internet-Draft. Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or made obsolete by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as work in progress.

   To learn the current status of any Internet-Draft, please check the
   1id-abstracts.txt listing contained in the Internet Drafts Shadow
   Directories on ds.internic.net (US East Coast), nic.nordu.net
   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
   Rim).

2.  Introduction

   This document describes several new cipher suites to be used with the 
   Transport Layer Security (TLS) protocol.  Recent changes in US export
   regulations permit the export of software programs using 56-bit data
   encryption and 1024-bit key exchange.  The cipher suites described in
   this document take full advantage of these new regulations.

3. The CipherSuites

   The following values define the CipherSuite codes used in the client
   hello and server hello messages.

   The following CipherSuite definitions require that the server
   provide an RSA certificate that can be used for key exchange. The
   server may request either an RSA or a DSS signature-capable
   certificate in the certificate request message.

    CipherSuite TLS_RSA_EXPORT56_WITH_RC4_56_MD5       = { 0x00,0x60 };
    CipherSuite TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5   = { 0x00,0x61 };
    CipherSuite TLS_RSA_EXPORT56_WITH_DES_CBC_SHA      = { 0x00,0x62 };


Banes                      Expires July, 1999                 [Page 1]
INTERNET-DRAFT             56-bit Export TLS          January 15, 1999


   The following CipherSuite definitions are used for
   server-authenticated (and optionally client-authenticated)
   Diffie-Hellman.  DHE denotes ephemeral Diffie-Hellman, where the
   Diffie-Hellman parameters are signed by a DSS certificate, which
   has been signed by the CA. 

    CipherSuite TLS_DHE_DSS_EXPORT56_WITH_DES_CBC_SHA  = { 0x00,0x63 };


4. CipherSuite definitions

CipherSuite                      Is       Key            Cipher     Hash
                             Exportable Exchange

TLS_RSA_EXPORT56_WITH_RC4_56_MD5      * RSA_EXPORT56     RC4_56     MD5
TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5  * RSA_EXPORT56     RC2_56     MD5
TLS_RSA_EXPORT56_WITH_DES_CBC_56_SHA  * RSA_EXPORT56     RC2_56     SHA
TLS_DHE_DSS_EXPORT56_WITH_DES_CBC_SHA * DHE_DSS_EXPORT56 DES_CBC    SHA

* Indicates IsExportable is True

      Key
      Exchange
      Algorithm         Description                        Key size limit
      
      RSA_EXPORT56      RSA key exchange                   RSA = 1024 bits
      DHE_DSS_EXPORT56  Ephemeral DH with DSS signatures   DH = 1024 bits

   Key size limit
       The key size limit gives the size of the largest public key that
       can be legally used for encryption in cipher suites that are
       exportable.

                         Key      Expanded   Effective   IV    Block
    Cipher       Type  Material Key Material  Key Bits  Size   Size
    
    RC2_CBC_56   Block    7         16          56        8      8
    RC4_56       Stream   7         16          56        0     N/A
    DES_CBC      Block    8          8          56        8      8


5. Implementation Notes

   When an RSA_EXPORT56 cipher suite is used, and the server's RSA key
   is larger than 1024 bits in length, then the server must send a
   server key exchange message to the client. This message is to
   contain a temporary RSA key, signed by the server. This temporary
   RSA key should be the maximum allowable length (i.e., 1024 bits).

   Servers with a large RSA key will often maintain two temporary RSA


Banes                      Expires July, 1999                 [Page 2]
INTERNET-DRAFT             56-bit Export TLS          January 15, 1999


   keys: a 512-bit key used to support the RSA_EXPORT cipher suites,
   and a 1024-bit key used to support the RSA_EXPORT56 cipher suites.

   When 56-bit DES keys are derived for an export cipher suite, the
   additional export key derivation step must be performed. That is,
   the final read and write DES keys are not taken directly from the
   key_block.

6. References

   [TLS] T. Dierks, C. Allen, The TLS Protocol, 
   <draft-ietf-tls-protocol-06.txt>, November 1998.

7. Authors

   John Banes                         Richard Harrington
   Microsoft Corp.                    Microsoft Corp.
   jbanes at microsoft.com               richha at microsoft.com


































Banes                      Expires July, 1999                 [Page 3]



More information about the Ipp mailing list