IPP Mail Archive: IPP> FW: TLS 56-bit export cipher suites

IPP Mail Archive: IPP> FW: TLS 56-bit export cipher suites

IPP> FW: TLS 56-bit export cipher suites

Manros, Carl-Uno B (cmanros@cp10.es.xerox.com)
Mon, 22 Feb 1999 17:42:46 -0800

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01BE5ECD.CFEF1954
Content-Type: text/plain;
charset="iso-8859-1"

FYI,

Carl-Uno

-----Original Message-----
From: John Banes [mailto:jbanes@microsoft.com]
Sent: Saturday, February 20, 1999 8:24 PM
To: IETF Transport Layer Security WG
Subject: TLS 56-bit export cipher suites

This document describes several new cipher suites to be used with the
Transport Layer Security (TLS) protocol. Recent changes in US export
regulations permit the export of software programs using 56-bit data
encryption and 1024-bit key exchange. The cipher suites described in this
document take full advantage of these new regulations.

We are planning to include support for these cipher suites in the next
version of Windows.

Regards,

John Banes
Windows NT Security (schannel)

---
You are currently subscribed to ietf-tls as: [cmanros@cp10.es.xerox.coM]
To unsubscribe, forward this message to
leave-ietf-tls-641F@lists.consensus.com

------_=_NextPart_000_01BE5ECD.CFEF1954 Content-Type: text/plain; name="draft-ietf-tls-56-bit-ciphersuites-00.txt" Content-Disposition: attachment; filename="draft-ietf-tls-56-bit-ciphersuites-00.txt" Content-Location: ATT-0-72A60B26BCCAD211A2D000805F15CE85-d raft-ie.txt Content-Transfer-Encoding: quoted-printable

Transport Layer Security Working Group John = Banes INTERNET-DRAFT Richard = Harrington Expires July, 1999 Microsoft = Corporation January 15, = 1999

56-bit Export Cipher Suites For TLS draft-ietf-tls-56-bit-ciphersuites-00.txt

1. Status of this Memo

This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six = months and may be updated, replaced, or made obsolete by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as work in progress.

To learn the current status of any Internet-Draft, please check the 1id-abstracts.txt listing contained in the Internet Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).

2. Introduction

This document describes several new cipher suites to be used with = the=20 Transport Layer Security (TLS) protocol. Recent changes in US = export regulations permit the export of software programs using 56-bit data encryption and 1024-bit key exchange. The cipher suites described = in this document take full advantage of these new regulations.

3. The CipherSuites

The following values define the CipherSuite codes used in the client hello and server hello messages.

The following CipherSuite definitions require that the server provide an RSA certificate that can be used for key exchange. The server may request either an RSA or a DSS signature-capable certificate in the certificate request message.

CipherSuite TLS_RSA_EXPORT56_WITH_RC4_56_MD5 =3D { 0x00,0x60 = }; CipherSuite TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 =3D { 0x00,0x61 = }; CipherSuite TLS_RSA_EXPORT56_WITH_DES_CBC_SHA =3D { 0x00,0x62 = };

Banes Expires July, 1999 [Page 1] =0CINTERNET-DRAFT 56-bit Export TLS January 15, = 1999

The following CipherSuite definitions are used for server-authenticated (and optionally client-authenticated) Diffie-Hellman. DHE denotes ephemeral Diffie-Hellman, where the Diffie-Hellman parameters are signed by a DSS certificate, which has been signed by the CA.=20

CipherSuite TLS_DHE_DSS_EXPORT56_WITH_DES_CBC_SHA =3D { 0x00,0x63 = };

4. CipherSuite definitions

CipherSuite Is Key Cipher = Hash Exportable Exchange

TLS_RSA_EXPORT56_WITH_RC4_56_MD5 * RSA_EXPORT56 RC4_56 MD5 TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 * RSA_EXPORT56 RC2_56 MD5 TLS_RSA_EXPORT56_WITH_DES_CBC_56_SHA * RSA_EXPORT56 RC2_56 SHA TLS_DHE_DSS_EXPORT56_WITH_DES_CBC_SHA * DHE_DSS_EXPORT56 DES_CBC SHA

* Indicates IsExportable is True

Key Exchange Algorithm Description Key size = limit =20 RSA_EXPORT56 RSA key exchange RSA =3D 1024 = bits DHE_DSS_EXPORT56 Ephemeral DH with DSS signatures DH =3D 1024 = bits

Key size limit The key size limit gives the size of the largest public key that can be legally used for encryption in cipher suites that are exportable.

Key Expanded Effective IV Block Cipher Type Material Key Material Key Bits Size Size =20 RC2_CBC_56 Block 7 16 56 8 8 RC4_56 Stream 7 16 56 0 N/A DES_CBC Block 8 8 56 8 8

5. Implementation Notes

When an RSA_EXPORT56 cipher suite is used, and the server's RSA key is larger than 1024 bits in length, then the server must send a server key exchange message to the client. This message is to contain a temporary RSA key, signed by the server. This temporary RSA key should be the maximum allowable length (i.e., 1024 bits).

Servers with a large RSA key will often maintain two temporary RSA

Banes Expires July, 1999 [Page 2] =0CINTERNET-DRAFT 56-bit Export TLS January 15, = 1999

keys: a 512-bit key used to support the RSA_EXPORT cipher suites, and a 1024-bit key used to support the RSA_EXPORT56 cipher suites.

When 56-bit DES keys are derived for an export cipher suite, the additional export key derivation step must be performed. That is, the final read and write DES keys are not taken directly from the key_block.

6. References

[TLS] T. Dierks, C. Allen, The TLS Protocol,=20 <draft-ietf-tls-protocol-06.txt>, November 1998.

7. Authors

John Banes Richard Harrington Microsoft Corp. Microsoft Corp. jbanes@microsoft.com richha@microsoft.com

Banes Expires July, 1999 [Page 3]

------_=_NextPart_000_01BE5ECD.CFEF1954--