From: http://www.ietf.org/internet-drafts/draft-hoyer-keyprov-pskc-algorithm-profiles-00.txt Title: Additional Portable Symmetric Key Container (PSKC) Algorithm Profiles Reference: IETF KEYPROV Working Group, Internet Draft 'draft-hoyer-keyprov-pskc-algorithm-profiles-00.txt' Date: December 24, 2008 I-D Tracker: http://ietfreport.isoc.org/idref/draft-hoyer-keyprov-pskc-algorithm-profiles/ Tools: http://tools.ietf.org/html/draft-hoyer-keyprov-pskc-algorithm-profiles-00 Announcement: http://article.gmane.org/gmane.ietf.announce/29081/match=ietf+announce+xml See also: IETF Provisioning of Symmetric Keys (KEYPROV) Working Group http://www.ietf.org/html.charters/keyprov-charter.html Portable Symmetric Key Container http://tools.ietf.org/html/draft-ietf-keyprov-portable-symmetric-key-container-06 Provisioning of Symmetric Keys Status Pages http://tools.ietf.org/wg/keyprov KEYPROV Working Group Discussion Archive http://www.ietf.org/mail-archive/web/keyprov/current/index.html IETF Security Area http://tools.ietf.org/area/sec/ One-Time Password Specifications (OTPS) http://www.rsa.com/node.aspx?id=2917 ============================================================================== keyprov P. Hoyer Internet-Draft ActivIdentity Intended status: Informational M. Pei Expires: June 27, 2009 VeriSign S. Machani Diversinet A. Doherty RSA, The Security Division of EMC December 24, 2008 Additional Portable Symmetric Key Container (PSKC) Algorithm Profiles draft-hoyer-keyprov-pskc-algorithm-profiles-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 27, 2009. Copyright Notice Copyright (c) 2008 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Hoyer, et al. Expires June 27, 2009 [Page 1] Internet-Draft Additional PSKC Algorithm Profiles December 2008 Abstract The Portable Symmetric Key Container (PSKC) contains a number of XML elements and XML attributes carrying keys and related information. Not all algorithms, however, are able to use all elements and for other algorithm certain information is mandatory. This lead to the introduction of PSKC algorithm profiles that provide further description about the mandatory and optional information elements and their semantic, including extensions that may be needed. The main PSKC specification defines two PSKC algorithm profiles, namely "HOTP" and "PIN". This document extends the initial set and specifies nine further algorithm profiles for PKSC. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. OCRA (OATH Challenge Response Algorithm) . . . . . . . . . . . 5 4. TOTP (OATH Time based OTP) . . . . . . . . . . . . . . . . . . 7 5. SecurID-AES . . . . . . . . . . . . . . . . . . . . . . . . . 9 6. SecurID-AES-Counter . . . . . . . . . . . . . . . . . . . . . 11 7. SecurID-ALGOR . . . . . . . . . . . . . . . . . . . . . . . . 13 8. ActivIdentity-3DES . . . . . . . . . . . . . . . . . . . . . . 15 9. ActivIdentity-AES . . . . . . . . . . . . . . . . . . . . . . 18 10. ActivIdentity-DES . . . . . . . . . . . . . . . . . . . . . . 21 11. ActivIdentity-EVENT . . . . . . . . . . . . . . . . . . . . . 24 12. Security Considerations . . . . . . . . . . . . . . . . . . . 26 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28 15. Normative References . . . . . . . . . . . . . . . . . . . . . 29 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 Hoyer, et al. Expires June 27, 2009 [Page 2] Internet-Draft Additional PSKC Algorithm Profiles December 2008 1. Introduction This document specifies a set of algorithm profiles for PKSC, namely OCRA (OATH Challenge Response Algorithm) TOTP (OATH Time based OTP) SecurID-AES SecurID-AES-Counter SecurID-ALGOR ActivIdentity-3DES ActivIdentity-AES ActivIdentity-DES ActivIdentity-EVENT [Editor's Note: The content of this document was created by moving a number of PSKC algorithm profiles from draft-ietf-keyprov-portable-symmetric-key-container-06.txt into this document. Since draft-ietf-keyprov-portable-symmetric-key-container-07.txt had experienced a number of changes the description and the examples in this document are likely to be out-of-sync. Re-alignment will be provided in a future version.] Hoyer, et al. Expires June 27, 2009 [Page 3] Internet-Draft Additional PSKC Algorithm Profiles December 2008 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Hoyer, et al. Expires June 27, 2009 [Page 4] Internet-Draft Additional PSKC Algorithm Profiles December 2008 3. OCRA (OATH Challenge Response Algorithm) Common Name: OCRA Class: OTP URI: http://www.ietf.org/keyprov/pskc#OCRA-1:(ocra_suite_parameters) - e.g. http://www.ietf.org/keyprov/pskc#OCRA-1:HOTP-SHA512-8:C-QN08 Algorithm Definition: http://www.ietf.org/internet-drafts/ draft-mraihi-mutual-oath-hotp-variants-07.txt Identifier Definition (this RFC) Registrant Contact: IESG Profile of XML attributes and subelements of the entity: For a of this algorithm, the subelements MUST be present. The "CR" attribute of the MUST be set "true" and it MUST be the only attribute set. The element and of the MUST be present. For the elements of a of this algorithm, the following subelements MUST be present in either the element itself or an commonly shared element. * Counter * Time If the element