RFC 2511 BIS (CRMF)

1
RFC 2511 BIS (CRMF)

• Jim Schaad
• Soaring Hawk Security

2
Proof of Possession (POP)

• Provide evidence that the following two
  conditions are met
• I have use of the private key
• My identity is ltyour name heregt
• Owner of key can always produce a false POP for
  somebody else

3
POP - Methods

• Document defines 6 different methods for POP
• Signature Based
• Surrender of private key
• Direct (Challenge Response)
• Indirect (Decrypt Certificate)
• Key Agreement HMAC
• RA Asserts POP is completed

4
POP - Sign

• Sign
• Public Key
• Identity Statement
• Satisfies the POP requirement

5
POP Surrender Private Key

• Encrypt private key for the CA/RA
• Proves key possession only.
• Allows for theft of POP proof.
• Sufficient to do?
• ECA(private key, identity statement)
• Encrypted structure currently not specified.
• CMS? Other? Content?

6
POP Direct/Indirect

• Receive EEE(value)
• Decrypt and return value
• Shows use of key
• Does not show identity
• Does it need to be fixed if so how?

7
POP DH-HMAC

• Produce a shared secret with CA/RA
• HMAC the request with derived key
• Send result with enrollment message
• Proves use of private key
• Proves identity sometimes
• Need to ensure identity is in the hashed value at
  all times

8
Blocking Issues

• POP issues as previously noted
• DH-MAC needs to be extended for other key
  provide algorithm and value
• Protocol Encryption Key Control
• Specifies key, but not any algorithms

9
Blocking Issues

• Reg Token and Authenticator control
• Cant do binary in UTF8 string
• Type has changed but not OID since RFC 2511
• Reg Token algorithm undefined if computed
• Need better distinguishing text

10
Blocking Issues

• Archival
• Key Gen parameter structure not defined
• Key Gen parameter structure not encrypted
• Encryption key not specified
• CA? RA? Users?
• Discovery of encryption algorithms to use

11
Blocking Issues

• RegInfo Control overloads the use of
• Name?ValueName?Value
• xx if and ? Not be used as delimiters

12
Questions