tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 7906

 
 
 

NSA's Cryptographic Message Syntax (CMS) Key Management Attributes

Part 3 of 3, p. 41 to 68
Prev RFC Part

 


prevText      Top      ToC       Page 41 
31.  Attribute Scope

   This section provides an example symmetric key package in order to
   provide a discussion of the scope of attributes.  This is an
   informative section; it is not a normative portion of this
   specification.  Figure 1 provides the example.  All of the concepts
   apply to either a symmetric key package or an asymmetric key package,
   with the exception of the key-algorithm attribute, which is only
   applicable to a symmetric key package.  Each of the components is
   labeled with a number inside parentheses for easy reference:

      (1) is the ContentInfo that must be present as the outermost layer
          of encapsulation.  It contains no attributes.  It is shown for
          completeness.

      (2) is a SignedData content type, which includes six signed
          attributes.  Four of the signed attributes are keying material
          attributes.

      (3) is a ContentCollection that includes two encapsulated content
          types: a ContentWithAttributes and an EncryptedKeyPackage.
          This content type does not provide any attributes.

      (4) is a ContentWithAttributes content type.  It encapsulates a
          SignedData content type.  Four key material attributes are
          provided.

      (5) is a SignedData content type.  It encapsulates a
          SymmetricKeyPackage content type.  Six signed attributes are
          provided.  Four attributes are key material attributes.

      (6) is a SymmetricKeyPackage content type, and it includes three
          key material attributes.  Note that the contents of this key
          package are not encrypted, but the contents are covered by two
          digital signatures.

      (7) is an EncryptedKeyPackage content type.  It encapsulates a
          SignedData content type.  This content type provides one
          unprotected attribute.

      (8) is a SignedData content type.  It encapsulates a
          SymmetricKeyPackage content type.  Six signed attributes are
          provided.  Four attributes are key material attributes.

Top      Up      ToC       Page 42 
      (9) is a SymmetricKeyPackage content type, and it includes three
          key material attributes.  Note that the contents of this key
          package are encrypted; the plaintext keying material is
          covered by one digital signature, and the ciphertext keying
          material is covered by another digital signature.

   SignedData content type (2) includes six signed attributes:

      o  The content-type attribute contains id-ct-contentCollection to
         indicate the type of the encapsulated content, and it has no
         further scope.

      o  The message-digest attribute contains the one-way hash value of
         the encapsulated content; it is needed to validate the digital
         signature.  It has no further scope.

      o  The classification attribute contains the security label for
         all of the plaintext in the encapsulated content.  Each
         classification attribute is evaluated separately; it has no
         further scope.  In general, the values of this attribute will
         match or dominate the security label values in (4), (5), and
         (6).  The value of this attribute might not match or dominate
         the security label values in (8) and (9) since they are
         encrypted.  It is possible that these various security label
         values are associated with different security policies.  To
         avoid the processing complexity associated with policy mapping,
         comparison is not required.

      o  The key-package-receivers-v2 attribute indicates the authorized
         key package receivers, and it has no further scope.  The
         additional instances of key-package-receivers-v2 attribute
         embedded in (4) are evaluated without regard to the value of
         the instance in (2).

      o  The key-distribution-period attribute contains two date values:
         doNotDistBefore and doNotDistAfter.  These values must match
         all others within the same scope, which in this example is the
         key-distribution-period within (4).

      o  The key-package-type attributes indicates the format of the key
         package, and it has no further scope.  The key-package-type
         attributes values within (5) and (8) are evaluated without
         regard to the value of this attribute.

Top      Up      ToC       Page 43 
   ContentWithAttributes content type (4) includes four attributes:

      o  The classification attribute contains the security label for
         all of the plaintext in the encapsulated content.  Each
         classification attribute is evaluated separately; it has no
         further scope.

      o  The TSEC-Nomenclature attribute includes only the shortTitle
         field, and the value must match all other instances within the
         same scope, which appear in (5) and (6).  Note that the TSEC-
         Nomenclature attribute values in (8) and (9) are not in the
         same scope as the TSEC-Nomenclature attribute that appears in
         (4).

      o  The key-package-receivers-v2 attribute indicates the authorized
         key package receivers, and it has no further scope.  The
         enveloping instance of key-package-receivers-v2 attribute value
         in (2) is evaluated without regard to the value of this
         instance in (4), and has no effect on the value of this
         instance in (4).

      o  The key-distribution-period attribute contains two date values:
         doNotDistBefore and doNotDistAfter.  These values must match
         all others within the same scope, which in this example is the
         key-distribution-period within (2).

   SignedData content type (5) includes six signed attributes:

      o  The content-type attribute contains id-ct-KP-skeyPackage to
         indicate the type of the encapsulated content, and it has no
         further scope.

      o  The message-digest attribute contains the one-way hash value of
         the encapsulated content; it is needed to validate the digital
         signature.  It has no further scope.

      o  The classification attribute contains the security label for
         all of the plaintext in the encapsulated content.  Each
         classification attribute is evaluated separately; it has no
         further scope.

      o  The TSEC-Nomenclature attribute includes only the shortTitle
         field, and the value must match all other instances within the
         same scope, which appear in (6).  Since this is within the
         scope of (4), these shortTitle field values must match as well.
         Note that the TSEC-Nomenclature attribute values in (8) and (9)
         are not in the same scope.

Top      Up      ToC       Page 44 
      o  The key-purpose attribute specifies the purpose of the key
         material.  All occurrences within the scope must have the same
         value; however, in this example, there are no other occurrences
         within the scope.  The key-purpose attribute value within (8)
         is evaluated without regard to the value of this attribute.

      o  The key-package-type attribute indicates the format of the key
         package, and it has no further scope.  The key-package-type
         attribute values within (2) and (8) are evaluated without
         regard to the value of this attribute.

   SymmetricKeyPackage content type (6) includes three keying material
   attributes, which could appear in the sKeyPkgAttrs or sKeyAttrs
   fields:

      o  The key-algorithm attribute includes only the keyAlg field, and
         it must match all other occurrences within the same scope.
         However, there are no other key-algorithm attribute occurrences
         in the same scope; the key-algorithm attribute value in (9) is
         not in the same scope.

      o  The classification attribute contains the security label for
         all of the plaintext in the key package.  Each classification
         attribute is evaluated separately; it has no further scope.

      o  The TSEC-Nomenclature attribute includes the shortTitle field
         as well as some of the optional fields.  The shortTitle field
         value must match the values in (4) and (5), since this content
         type is within their scope.  Note that the TSEC-Nomenclature
         attribute values in (8) and (9) are not in the same scope.

   EncryptedKeyPackage content type (7) includes one unprotected
   attribute, and the encryption will prevent any intermediary that does
   not have the ability to decrypt the content from making any
   consistency checks on (8) and (9):

      o  The content-decryption-key-identifier attribute identifies the
         key that is needed to decrypt the encapsulated content; it has
         no further scope.

   SignedData content type (8) includes six signed attributes:

      o  The content-type attribute contains id-ct-KP-skeyPackage to
         indicate the type of the encapsulated content, and it has no
         further scope.

Top      Up      ToC       Page 45 
      o  The message-digest attribute contains the one-way hash value of
         the encapsulated content; it is needed to validate the digital
         signature.  It has no further scope.

      o  The classification attribute contains the security label for
         content.  Each classification attribute is evaluated
         separately; it has no further scope.

      o  The TSEC-Nomenclature attribute includes only the shortTitle
         field, and the value must match all other instances within the
         same scope, which appear in (9).  Note that the TSEC-
         Nomenclature attribute values in (4), (5), and (6) are not in
         the same scope.

      o  The key-purpose attribute specifies the purpose of the key
         material.  All occurrences within the scope must have the same
         value; however, in this example, there are no other occurrences
         within the scope.  The key-purpose attribute value within (5)
         is evaluated without regard to the value of this attribute.

      o  The key-package-type attribute indicates the format of the key
         package, and it has no further scope.  The key-package-type
         attribute values within (2) and (5) are evaluated without
         regard to the value of this attribute.

   SymmetricKeyPackage content type (9) includes three keying material
   attributes, which could appear in the sKeyPkgAttrs or sKeyAttrs
   fields:

      o  The key-algorithm attribute includes only the keyAlg field, and
         it must match all other occurrences within the same scope.
         However, there are no other key-algorithm attribute occurrences
         in the same scope; the key-algorithm attribute value in (6) is
         not in the same scope.

      o  The classification attribute contains the security label for
         all of the plaintext in the key package.  Each classification
         attribute is evaluated separately; it has no further scope.

      o  The TSEC-Nomenclature attribute includes the shortTitle field
         as well as some of the optional fields.  The shortTitle field
         value must match the values in (8), since this content type is
         within its scope.  Note that the TSEC-Nomenclature attributes
         values in (4), (5), and (6) are not in the same scope.

Top      Up      ToC       Page 46 
   In summary, the scope of an attribute includes the encapsulated
   content of the CMS content type in which it appears, and some
   attributes also require consistency checks with other instances that
   appear within the encapsulated content.  Proper recognition of scope
   is required to accurately perform attribute processing.

Top      Up      ToC       Page 47 
   +------------------------------------------------------------------+
   | ContentInfo (1)                                                  |
   |+----------------------------------------------------------------+|
   || SignedData (2)                                                 ||
   ||+--------------------------------------------------------------+||
   ||| ContentCollection (3)                                        |||
   |||+-----------------------------++-----------------------------+|||
   |||| ContentWithAttributes (4)   || EncryptedKeyPackage (7)     ||||
   ||||+---------------------------+||+---------------------------+||||
   ||||| SignedData (5)            |||| SignedData (8)            |||||
   |||||+-------------------------+||||+-------------------------+|||||
   |||||| SymmetricKeyPackage (6) |||||| SymmetricKeyPackage (9) ||||||
   |||||| Attributes:             |||||| Attributes:             ||||||
   ||||||  Key Algorithm          ||||||  Key Algorithm          ||||||
   ||||||  Classification         ||||||  Classification         ||||||
   ||||||  TSEC-Nomenclature      ||||||  TSEC-Nomenclature      ||||||
   |||||+-------------------------+||||+-------------------------+|||||
   ||||| Attributes:               |||| Attributes:               |||||
   |||||  Content Type             ||||  Content Type             |||||
   |||||  Message Digest           ||||  Message Digest           |||||
   |||||  Classification           ||||  Classification           |||||
   |||||  TSEC-Nomenclature        ||||  TSEC-Nomenclature        |||||
   |||||  Key Purpose              ||||  Key Purpose              |||||
   |||||  Key Package Type         ||||  Key Package Type         |||||
   ||||+-------------------------- +||+---------------------------+||||
   |||| Attributes:                 || Unprotect Attributes:       ||||
   ||||  Classification             ||  Content Decrypt Key ID     ||||
   ||||  TSEC-Nomenclature          |+-----------------------------+|||
   ||||  Key Package Receivers      |                               |||
   ||||  Key Distribution Period    |                               |||
   |||+-----------------------------+                               |||
   ||+--------------------------------------------------------------+||
   || Attributes:                                                    ||
   ||  Content Type                                                  ||
   ||  Message Digest                                                ||
   ||  Classification                                                ||
   ||  Key Package Receivers                                         ||
   ||  Key Distribution Period                                       ||
   ||  Key Package Type                                              ||
   |+----------------------------------------------------------------+|
   +------------------------------------------------------------------+

            Figure 1: Example Illustrating Scope of Attributes

Top      Up      ToC       Page 48 
32.  Security Considerations

   The majority of this specification is devoted to the syntax and
   semantics of key package attributes.  It relies on other
   specifications, especially [RFC2634], [RFC4073], [RFC4108],
   [RFC5652], [RFC5911], [RFC5912], [RFC5958], [RFC6010], and [RFC6031];
   their security considerations apply here.  Additionally,
   cryptographic algorithms are used with CMS protecting content types
   as specified in [RFC5959], [RFC6160], [RFC6161], and [RFC6162]; the
   security considerations from those documents apply here as well.

   This specification also relies upon [RFC5280] for the syntax and
   semantics of X.509 certificates.  Digital signatures provide data
   integrity or data origin authentication, and encryption provides
   confidentiality.

   Security factors outside the scope of this specification greatly
   affect the assurance provided.  The procedures used by Certification
   Authorities (CAs) to validate the binding of the subject identity to
   their public key greatly affect the assurance that ought to be placed
   in the certificate.  This is particularly important when issuing
   certificates to other CAs.

   The CMS AuthenticatedData content type MUST be used with care since a
   Message Authentication Code (MAC) is used.  The same key is needed to
   generate the MAC or validate the MAC.  Thus, any party with access to
   the key needed to validate the MAC can generate a replacement that
   will be acceptable to other recipients.

   In some situations, returning very detailed error information can
   provide an attacker with insight into the security processing.  Where
   this is a concern, the implementation should return the most generic
   error code that is appropriate.  However, detailed error codes are
   very helpful during development, debugging, and interoperability
   testing.  For this reason, implementations may want to have a way to
   configure the use of generic or detailed error codes.

33.  References

33.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

Top      Up      ToC       Page 49 
   [RFC2634]  Hoffman, P., Ed., "Enhanced Security Services for S/MIME",
              RFC 2634, DOI 10.17487/RFC2634, June 1999,
              <http://www.rfc-editor.org/info/rfc2634>.

   [RFC4073]  Housley, R., "Protecting Multiple Contents with the
              Cryptographic Message Syntax (CMS)", RFC 4073,
              DOI 10.17487/RFC4073, May 2005,
              <http://www.rfc-editor.org/info/rfc4073>.

   [RFC4108]  Housley, R., "Using Cryptographic Message Syntax (CMS) to
              Protect Firmware Packages", RFC 4108,
              DOI 10.17487/RFC4108, August 2005,
              <http://www.rfc-editor.org/info/rfc4108>.

   [RFC5083]  Housley, R., "Cryptographic Message Syntax (CMS)
              Authenticated-Enveloped-Data Content Type", RFC 5083,
              DOI 10.17487/RFC5083, November 2007,
              <http://www.rfc-editor.org/info/rfc5083>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <http://www.rfc-editor.org/info/rfc5280>.

   [RFC5652]  Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
              RFC 5652, DOI 10.17487/RFC5652, September 2009,
              <http://www.rfc-editor.org/info/rfc5652>.

   [RFC5911]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for
              Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911,
              DOI 10.17487/RFC5911, June 2010,
              <http://www.rfc-editor.org/info/rfc5911>.

   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
              DOI 10.17487/RFC5912, June 2010,
              <http://www.rfc-editor.org/info/rfc5912>.

   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
              DOI 10.17487/RFC5958, August 2010,
              <http://www.rfc-editor.org/info/rfc5958>.

   [RFC5959]  Turner, S., "Algorithms for Asymmetric Key Package Content
              Type", RFC 5959, DOI 10.17487/RFC5959, August 2010,
              <http://www.rfc-editor.org/info/rfc5959>.

Top      Up      ToC       Page 50 
   [RFC6010]  Housley, R., Ashmore, S., and C. Wallace, "Cryptographic
              Message Syntax (CMS) Content Constraints Extension",
              RFC 6010, DOI 10.17487/RFC6010, September 2010,
              <http://www.rfc-editor.org/info/rfc6010>.

   [RFC6019]  Housley, R., "BinaryTime: An Alternate Format for
              Representing Date and Time in ASN.1", RFC 6019,
              DOI 10.17487/RFC6019, September 2010,
              <http://www.rfc-editor.org/info/rfc6019>.

   [RFC6031]  Turner, S. and R. Housley, "Cryptographic Message Syntax
              (CMS) Symmetric Key Package Content Type", RFC 6031,
              DOI 10.17487/RFC6031, December 2010,
              <http://www.rfc-editor.org/info/rfc6031>.

   [RFC6032]  Turner, S. and R. Housley, "Cryptographic Message Syntax
              (CMS) Encrypted Key Package Content Type", RFC 6032,
              DOI 10.17487/RFC6032, December 2010,
              <http://www.rfc-editor.org/info/rfc6032>.

   [RFC6160]  Turner, S., "Algorithms for Cryptographic Message Syntax
              (CMS) Protection of Symmetric Key Package Content Types",
              RFC 6160, DOI 10.17487/RFC6160, April 2011,
              <http://www.rfc-editor.org/info/rfc6160>.

   [RFC6162]  Turner, S., "Elliptic Curve Algorithms for Cryptographic
              Message Syntax (CMS) Asymmetric Key Package Content Type",
              RFC 6162, DOI 10.17487/RFC6162, April 2011,
              <http://www.rfc-editor.org/info/rfc6162>.

   [RFC6268]  Schaad, J. and S. Turner, "Additional New ASN.1 Modules
              for the Cryptographic Message Syntax (CMS) and the Public
              Key Infrastructure Using X.509 (PKIX)", RFC 6268,
              DOI 10.17487/RFC6268, July 2011,
              <http://www.rfc-editor.org/info/rfc6268>.

   [RFC7191]  Housley, R., "Cryptographic Message Syntax (CMS) Key
              Package Receipt and Error Content Types", RFC 7191,
              DOI 10.17487/RFC7191, April 2014,
              <http://www.rfc-editor.org/info/rfc7191>.

   [X.509]    ITU-T, "Information technology - Open Systems
              Interconnection - The Directory: Public-key and attribute
              certificate frameworks", ITU-T Recommendation X.509 |
              ISO/IEC 9594-8:2005, 2005.

Top      Up      ToC       Page 51 
   [X.680]    ITU-T, "Information Technology - Abstract Syntax Notation
              One", ITU-T Recommendation X.680 | ISO/IEC 8824-1:2002,
              2002.

   [X.681]    ITU-T, "Information Technology - Abstract Syntax Notation
              One: Information Object Specification", ITU-T
              Recommendation X.681 | ISO/IEC 8824-2:2002, 2002.

   [X.682]    ITU-T, "Information Technology - Abstract Syntax Notation
              One: Constraint Specification", ITU-T Recommendation X.682
              | ISO/IEC 8824-3:2002, 2002.

   [X.683]    ITU-T, "Information Technology - Abstract Syntax Notation
              One: Parameterization of ASN.1 Specifications", ITU-T
              Recommendation X.683 | ISO/IEC 8824-4:2002, 2002.

   [X.690]    ITU-T, "Information Technology - ASN.1 encoding rules:
              Specification of Basic Encoding Rules (BER), Canonical
              Encoding Rules (CER) and Distinguished Encoding Rules
              (DER)", ITU-T Recommendation X.690 | ISO/IEC 8825-1:2002,
              2002.

33.2.  Informative References

   [RFC5934]  Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
              Management Protocol (TAMP)", RFC 5934,
              DOI 10.17487/RFC5934, August 2010,
              <http://www.rfc-editor.org/info/rfc5934>.

   [X.411]    ITU-T, "Information technology - Message Handling Systems
              (MHS): Message Transfer System: Abstract Service
              Definition and Procedures", ITU-T Recommendation X.411 |
              ISO/IEC 10021-4:1999, 1999.

Top      Up      ToC       Page 52 
Appendix A.  ASN.1 Module

   KMAttributes2012
     { joint-iso-itu-t(2) country(16) us(840) organization(1)
       gov(101) dod(2) infosec(1) modules(0) 39 }

   DEFINITIONS IMPLICIT TAGS ::=

   BEGIN

   -- EXPORT ALL

   IMPORTS

   -- From [RFC5911]

   aa-communityIdentifiers, CommunityIdentifier
     FROM CMSFirmwareWrapper-2009
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-cms-firmware-wrap-02(40) }

   -- From [RFC5911]

   aa-contentHint, ESSSecurityLabel, id-aa-securityLabel
     FROM ExtendedSecurityServices-2009
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-ess-2006-02(42) }

   -- From [RFC5911] [RFC5912]

   AlgorithmIdentifier{}, SMIME-CAPS, ParamOptions, KEY-WRAP
     FROM AlgorithmInformation-2009
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-algorithmInformation-02(58) }

   -- From [RFC5912]

   Name, Certificate
     FROM PKIX1Explicit-2009
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkix1-explicit-02(51) }

Top      Up      ToC       Page 53 
   -- From [RFC5912]

   GeneralNames, SubjectInfoAccessSyntax, id-pe-subjectInfoAccess
     FROM PKIX1Implicit-2009
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkix1-implicit-02(59) }

   -- FROM [RFC5912]

   ATTRIBUTE
     FROM PKIX-CommonTypes-2009
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkixCommon-02(57) }

   -- From [RFC6010]

   CMSContentConstraints
     FROM CMSContentConstraintsCertExtn
       { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) id-mod(0)
          cmsContentConstr-93(42) }

   -- From [RFC6268]

   aa-binarySigningTime, BinaryTime
     FROM BinarySigningTimeModule-2010
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-binSigningTime-2009(55) }

   -- From [RFC6268]

   CertificateChoices, CertificateSet, Attribute {},
   aa-contentType, aa-messageDigest
     FROM CryptographicMessageSyntax-2010
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-cms-2009(58) }

   -- From [RFC7191]

   aa-keyPackageIdentifierAndReceiptRequest, SIREntityName
     FROM KeyPackageReceiptAndErrorModuleV2
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-keyPkgReceiptAndErrV2(63) }

Top      Up      ToC       Page 54 
   -- From [X.509]

   certificateExactMatch
     FROM CertificateExtensions
       { joint-iso-itu-t ds(5) module(1) certificateExtensions(26) 4 }

   ;

   -- ATTRIBUTES

   -- Replaces SignedAttributesSet information object set from
   -- [RFC6268].

   SignedAttributesSet ATTRIBUTE ::= {
     aa-contentType                           |
     aa-messageDigest                         |
     aa-contentHint                           |
     aa-communityIdentifiers                  |
     aa-binarySigningTime                     |
     aa-keyProvince-v2                        |
     aa-keyPackageIdentifierAndReceiptRequest |
     aa-manifest                              |
     aa-keyAlgorithm                          |
     aa-userCertificate                       |
     aa-keyPackageReceivers-v2                |
     aa-tsecNomenclature                      |
     aa-keyPurpose                            |
     aa-keyUse                                |
     aa-transportKey                          |
     aa-keyDistributionPeriod                 |
     aa-keyValidityPeriod                     |
     aa-keyDurationPeriod                     |
     aa-classificationAttribute               |
     aa-keyPackageType                        |
     aa-pkiPath                               |
     aa-usefulCertificates,
     ... }

   -- Replaces UnsignedAttributes from [RFC6268].

   UnsignedAttributes ATTRIBUTE ::= {
      ...
      }

Top      Up      ToC       Page 55 
   -- Replaces UnprotectedEnvAttributes from [RFC6268].

   UnprotectedEnvAttributes ATTRIBUTE ::= {
     aa-contentDecryptKeyIdentifier |
     aa-certificatePointers         |
     aa-cRLDistributionPoints,
     ...
     }

   -- Replaces UnprotectedEncAttributes from [RFC6268].

   UnprotectedEncAttributes ATTRIBUTE ::= {
     aa-certificatePointers |
     aa-cRLDistributionPoints,
     ...
     }

   -- Replaces AuthAttributeSet from [RFC6268]

   AuthAttributeSet ATTRIBUTE ::= {
     aa-contentType                           |
     aa-messageDigest                         |
     aa-contentHint                           |
     aa-communityIdentifiers                  |
     aa-keyProvince-v2                        |
     aa-binarySigningTime                     |
     aa-keyPackageIdentifierAndReceiptRequest |
     aa-manifest                              |
     aa-keyAlgorithm                          |
     aa-userCertificate                       |
     aa-keyPackageReceivers-v2                |
     aa-tsecNomenclature                      |
     aa-keyPurpose                            |
     aa-keyUse                                |
     aa-transportKey                          |
     aa-keyDistributionPeriod                 |
     aa-keyValidityPeriod                     |
     aa-keyDurationPeriod                     |
     aa-classificationAttribute               |
     aa-keyPackageType                        |
     aa-pkiPath                               |
     aa-usefulCertificates,
     ... }

Top      Up      ToC       Page 56 
   -- Replaces UnauthAttributeSet from [RFC6268]

   UnauthAttributeSet ATTRIBUTE ::= {
     ...
     }

   -- Replaces AuthEnvDataAttributeSet from [RFC6268]

   AuthEnvDataAttributeSet ATTRIBUTE ::= {
     aa-certificatePointers |
     aa-cRLDistributionPoints,
     ...
     }

    -- Replaces UnauthEnvDataAttributeSet from [RFC6268]

   UnauthEnvDataAttributeSet ATTRIBUTE ::= {
     ...
     }

   -- Replaces OneAsymmetricKeyAttributes from [RFC5958]

   OneAsymmetricKeyAttributes ATTRIBUTE ::= {
     aa-userCertificate            |
     aa-tsecNomenclature           |
     aa-keyPurpose                 |
     aa-keyUse                     |
     aa-transportKey               |
     aa-keyDistributionPeriod      |
     aa-keyValidityPeriod          |
     aa-keyDurationPeriod          |
     aa-classificationAttribute    |
     aa-splitIdentifier            |
     aa-signatureUsage-v3          |
     aa-otherCertificateFormats    |
     aa-pkiPath                    |
     aa-usefulCertificates,
     ... }

Top      Up      ToC       Page 57 
   -- Replaces SKeyPkgAttributes from [RFC6031]

   SKeyPkgAttributes ATTRIBUTE ::= {
     aa-keyAlgorithm                |
     aa-tsecNomenclature            |
     aa-keyPurpose                  |
     aa-keyUse                      |
     aa-keyDistributionPeriod       |
     aa-keyValidityPeriod           |
     aa-keyDurationPeriod           |
     aa-classificationAttribute     |
     aa-keyWrapAlgorithm            |
     aa-contentDecryptKeyIdentifier,
     ... }

   -- Replaces SKeyAttributes from [RFC6031]

   SKeyAttributes ATTRIBUTE ::= {
     aa-keyAlgorithm                |
     aa-tsecNomenclature            |
     aa-keyPurpose                  |
     aa-keyUse                      |
     aa-keyDistributionPeriod       |
     aa-keyValidityPeriod           |
     aa-keyDurationPeriod           |
     aa-classificationAttribute     |
     aa-splitIdentifier             |
     aa-keyWrapAlgorithm            |
     aa-contentDecryptKeyIdentifier,
     ... }

Top      Up      ToC       Page 58 
   -- Replaces ContentAttributeSet from [RFC6268]

   ContentAttributeSet ATTRIBUTE ::= {
     aa-communityIdentifiers                  |
     aa-keyPackageIdentifierAndReceiptRequest |
     aa-keyAlgorithm                          |
     aa-keyPackageReceivers-v2                |
     aa-tsecNomenclature                      |
     aa-keyPurpose                            |
     aa-keyUse                                |
     aa-transportKey                          |
     aa-keyDistributionPeriod                 |
     aa-transportKey                          |
     aa-keyDistributionPeriod                 |
     aa-keyValidityPeriod                     |
     aa-keyDurationPeriod                     |
     aa-classificationAttribute               |
     aa-keyPackageType                        |
     aa-pkiPath                               |
     aa-usefulCertificates,
     ... }

   -- Content Type, Message Digest, Content Hint, and Binary Signing
   -- Time are imported from [RFC6268].
   -- Community Identifiers is imported from [RFC5911].

   -- Key Province

   aa-keyProvince-v2 ATTRIBUTE ::= {
     TYPE KeyProvinceV2
     IDENTIFIED BY id-aa-KP-keyProvinceV2 }

   id-aa-KP-keyProvinceV2 OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) attributes(5) 71 }

   KeyProvinceV2 ::= OBJECT IDENTIFIER

   -- Manifest Attribute

   aa-manifest ATTRIBUTE ::= {
     TYPE Manifest
     IDENTIFIED BY id-aa-KP-manifest }

   id-aa-KP-manifest OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) attributes(5) 72 }

Top      Up      ToC       Page 59 
   Manifest ::= SEQUENCE SIZE (1..MAX) OF ShortTitle

   -- Key Algorithm Attribute

   aa-keyAlgorithm ATTRIBUTE ::= {
     TYPE KeyAlgorithm
     IDENTIFIED BY id-kma-keyAlgorithm }

   id-kma-keyAlgorithm  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 1 }

   KeyAlgorithm ::= SEQUENCE {
     keyAlg            OBJECT IDENTIFIER,
     checkWordAlg  [1] OBJECT IDENTIFIER OPTIONAL,
     crcAlg        [2] OBJECT IDENTIFIER OPTIONAL }

   -- User Certificate Attribute

   aa-userCertificate ATTRIBUTE ::= {
     TYPE Certificate
     EQUALITY MATCHING RULE certificateExactMatch
     IDENTIFIED BY id-at-userCertificate }

   id-at-userCertificate OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) ds(5) attributes(4) 36 }

   -- Key Package Receivers Attribute

   aa-keyPackageReceivers-v2 ATTRIBUTE ::= {
     TYPE KeyPkgReceiversV2
     IDENTIFIED BY id-kma-keyPkgReceiversV2 }

   id-kma-keyPkgReceiversV2  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 16 }

   KeyPkgReceiversV2 ::= SEQUENCE SIZE (1..MAX) OF KeyPkgReceiver

   KeyPkgReceiver ::= CHOICE {
     sirEntity  [0] SIREntityName,
     community  [1] CommunityIdentifier }

Top      Up      ToC       Page 60 
   -- TSEC Nomenclature Attribute

   aa-tsecNomenclature ATTRIBUTE ::= {
     TYPE TSECNomenclature
     IDENTIFIED BY id-kma-TSECNomenclature }

   id-kma-TSECNomenclature  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 3 }

   TSECNomenclature ::= SEQUENCE {
     shortTitle  ShortTitle,
     editionID   EditionID OPTIONAL,
     registerID  RegisterID OPTIONAL,
     segmentID   SegmentID OPTIONAL }

   ShortTitle ::= PrintableString

   EditionID ::= CHOICE {
     char CHOICE {
       charEdition      [1] CharEdition,
       charEditionRange [2] CharEditionRange },
     num CHOICE {
       numEdition       [3] NumEdition,
       numEditionRange  [4] NumEditionRange } }

   CharEdition ::= PrintableString

   CharEditionRange ::= SEQUENCE {
     firstCharEdition  CharEdition,
     lastCharEdition   CharEdition }

   NumEdition ::= INTEGER (0..308915776)

   NumEditionRange ::= SEQUENCE {
     firstNumEdition  NumEdition,
     lastNumEdition   NumEdition }

   RegisterID ::= CHOICE {
     register       [5] Register,
     registerRange  [6] RegisterRange }

   Register ::= INTEGER (0..2147483647)

   RegisterRange ::= SEQUENCE {
     firstRegister  Register,
     lastRegister   Register }

Top      Up      ToC       Page 61 
   SegmentID ::= CHOICE {
     segmentNumber  [7] SegmentNumber,
     segmentRange   [8] SegmentRange }

   SegmentNumber ::= INTEGER (1..127)

   SegmentRange ::= SEQUENCE {
     firstSegment  SegmentNumber,
     lastSegment   SegmentNumber }

   -- Key Purpose Attribute

   aa-keyPurpose ATTRIBUTE ::= {
     TYPE KeyPurpose
     IDENTIFIED BY id-kma-keyPurpose }

   id-kma-keyPurpose  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 13 }

   KeyPurpose ::= ENUMERATED {
     n-a    (0),   -- Not Applicable
     a     (65),   -- Operational
     b     (66),   -- Compatible Multiple Key
     l     (76),   -- Logistics Combinations
     m     (77),   -- Maintenance
     r     (82),   -- Reference
     s     (83),   -- Sample
     t     (84),   -- Training
     v     (86),   -- Developmental
     x     (88),   -- Exercise
     z     (90),   -- "On the Air" Testing
     ... -- Expect additional key purpose values -- }

   -- Key Use Attribute

   aa-keyUse ATTRIBUTE ::= {
     TYPE KeyUse
     IDENTIFIED BY id-kma-keyUse }

   id-kma-keyUse  OBJECT IDENTIFIER ::=
      { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        dod(2) infosec(1) keying-material-attributes(13) 14 }

Top      Up      ToC       Page 62 
   KeyUse ::= ENUMERATED {
     n-a    (0),    -- Not Applicable
     ffk    (1),    -- FIREFLY/CROSSTALK Key (Basic Format)
     kek    (2),    -- Key Encryption Key
     kpk    (3),    -- Key Production Key
     msk    (4),    -- Message Signature Key
     qkek   (5),    -- QUADRANT Key Encryption Key
     tek    (6),    -- Traffic Encryption Key
     tsk    (7),    -- Transmission Security Key
     trkek  (8),    -- Transfer Key Encryption Key
     nfk    (9),    -- Netted FIREFLY Key
     effk  (10),    -- FIREFLY Key (Enhanced Format)
     ebfk  (11),    -- FIREFLY Key (Enhanceable Basic Format)
     aek   (12),    -- Algorithm Encryption Key
     wod   (13),    -- Word of Day
     kesk (246),    -- Key Establishment Key
     eik  (247),    -- Entity Identification Key
     ask  (248),    -- Authority Signature Key
     kmk  (249),    -- Key Modifier Key
     rsk  (250),    -- Revocation Signature Key
     csk  (251),    -- Certificate Signature Key
     sak  (252),    -- Symmetric Authentication Key
     rgk  (253),    -- Random Generation Key
     cek  (254),    -- Certificate Encryption Key
     exk  (255),    -- Exclusion Key
     ... -- Expect additional key use values -- }

   -- Transport Key Attribute

   aa-transportKey ATTRIBUTE ::= {
     TYPE TransOp
     IDENTIFIED BY id-kma-transportKey }

   id-kma-transportKey  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 15 }

   TransOp ::= ENUMERATED {
     transport    (1),
     operational  (2) }

   -- Key Distribution Period Attribute

   aa-keyDistributionPeriod ATTRIBUTE ::= {
     TYPE KeyDistPeriod
     IDENTIFIED BY id-kma-keyDistPeriod }

Top      Up      ToC       Page 63 
   id-kma-keyDistPeriod  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 5 }

   KeyDistPeriod ::= SEQUENCE {
     doNotDistBefore  [0] BinaryTime OPTIONAL,
     doNotDistAfter       BinaryTime }

   -- Key Validity Period Attribute

   aa-keyValidityPeriod ATTRIBUTE ::= {
     TYPE KeyValidityPeriod
     IDENTIFIED BY id-kma-keyValidityPeriod }

   id-kma-keyValidityPeriod  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 6 }

   KeyValidityPeriod ::= SEQUENCE {
     doNotUseBefore  BinaryTime,
     doNotUseAfter   BinaryTime OPTIONAL }

   -- Key Duration Attribute

   aa-keyDurationPeriod ATTRIBUTE ::= {
     TYPE KeyDuration
     IDENTIFIED BY id-kma-keyDuration }

   id-kma-keyDuration  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 7 }

   KeyDuration ::= CHOICE {
     hours   [0] INTEGER (1..ub-KeyDuration-hours),
     days        INTEGER (1..ub-KeyDuration-days),
     weeks   [1] INTEGER (1..ub-KeyDuration-weeks),
     months  [2] INTEGER (1..ub-KeyDuration-months),
     years   [3] INTEGER (1..ub-KeyDuration-years) }

   ub-KeyDuration-hours  INTEGER ::=  96
   ub-KeyDuration-days   INTEGER ::= 732
   ub-KeyDuration-weeks  INTEGER ::= 104
   ub-KeyDuration-months INTEGER ::=  72
   ub-KeyDuration-years  INTEGER ::= 100

Top      Up      ToC       Page 64 
   -- Classification Attribute

   -- The attribute syntax is imported from [RFC6268].  The term
   -- "classification" is used in this document, but the term "security
   -- label" is used in [RFC2634].  The terms have the same meaning.

   aa-classificationAttribute ATTRIBUTE ::= {
     TYPE Classification
     IDENTIFIED BY id-aa-KP-classification }

   id-aa-KP-classification OBJECT IDENTIFIER ::= id-aa-securityLabel

   Classification ::= ESSSecurityLabel

   id-enumeratedRestrictiveAttributes OBJECT IDENTIFIER ::=
     { 2 16 840 1 101 2 1 8 3 4 }

   id-enumeratedPermissiveAttributes OBJECT IDENTIFIER ::=
     { 2 16 840 1 101 2 1 8 3 1 }

   EnumeratedTag ::= SEQUENCE {
     tagName          OBJECT IDENTIFIER,
     attributeList    SET OF SecurityAttribute }

   SecurityAttribute ::= INTEGER (0..MAX)

   -- Split Identifier Attribute

   aa-splitIdentifier ATTRIBUTE ::= {
     TYPE SplitID
     IDENTIFIED BY id-kma-splitID }

   id-kma-splitID  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 11 }

   SplitID ::= SEQUENCE {
     half        ENUMERATED { a(0), b(1) },
     combineAlg  AlgorithmIdentifier
                   {COMBINE-ALGORITHM, {CombineAlgorithms}}  OPTIONAL }

Top      Up      ToC       Page 65 
   COMBINE-ALGORITHM ::= CLASS {
     &id                OBJECT IDENTIFIER UNIQUE,
     &Params            OPTIONAL,
     &paramPresence     ParamOptions DEFAULT absent,
     &smimeCaps         SMIME-CAPS OPTIONAL
   }
   WITH SYNTAX {
     IDENTIFIER &id
     [PARAMS [TYPE &Params] ARE &paramPresence]
     [SMIME-CAPS &smimeCaps]
   }

   CombineAlgorithms COMBINE-ALGORITHM ::= {
     ...
     }

   -- Key Package Type Attribute

   aa-keyPackageType ATTRIBUTE ::= {
     TYPE KeyPkgType
     IDENTIFIED BY id-kma-keyPkgType }

   id-kma-keyPkgType  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 12 }

   KeyPkgType ::= OBJECT IDENTIFIER

   -- Signature Usage Attribute

   aa-signatureUsage-v3 ATTRIBUTE ::= {
     TYPE SignatureUsage
     IDENTIFIED BY id-kma-sigUsageV3 }

   id-kma-sigUsageV3  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 22 }

   SignatureUsage ::= CMSContentConstraints

   -- Other Certificate Format Attribute

   aa-otherCertificateFormats ATTRIBUTE ::= {
     TYPE CertificateChoices
     IDENTIFIED BY id-kma-otherCertFormats }

Top      Up      ToC       Page 66 
   id-kma-otherCertFormats OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 19 }

   -- PKI Path Attribute

   aa-pkiPath ATTRIBUTE ::= {
     TYPE PkiPath
     IDENTIFIED BY id-at-pkiPath }

   id-at-pkiPath OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) ds(5) attributes(4) 70 }

   PkiPath ::= SEQUENCE SIZE (1..MAX) OF Certificate

   -- Useful Certificates Attribute

   aa-usefulCertificates ATTRIBUTE ::= {
     TYPE CertificateSet
     IDENTIFIED BY id-kma-usefulCerts }

   id-kma-usefulCerts OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 20 }

   -- Key Wrap Attribute

   aa-keyWrapAlgorithm ATTRIBUTE ::= {
     TYPE AlgorithmIdentifier{KEY-WRAP, {KeyEncryptionAlgorithmSet}}
     IDENTIFIED BY id-kma-keyWrapAlgorithm }

   id-kma-keyWrapAlgorithm OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) keying-material-attributes(13) 21 }

   KeyEncryptionAlgorithmSet KEY-WRAP ::= { ... }

   -- Content Decryption Key Identifier Attribute

   aa-contentDecryptKeyIdentifier ATTRIBUTE ::= {
     TYPE ContentDecryptKeyID
     IDENTIFIED BY id-aa-KP-contentDecryptKeyID }

   id-aa-KP-contentDecryptKeyID OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) attributes(5) 66 }

   ContentDecryptKeyID::= OCTET STRING

Top      Up      ToC       Page 67 
   -- Certificate Pointers Attribute

   aa-certificatePointers ATTRIBUTE ::= {
     TYPE SubjectInfoAccessSyntax
     IDENTIFIED BY id-pe-subjectInfoAccess }

   -- CRL Pointers Attribute

   aa-cRLDistributionPoints ATTRIBUTE ::= {
     TYPE GeneralNames
     IDENTIFIED BY id-aa-KP-crlPointers }

   id-aa-KP-crlPointers  OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) attributes (5) 70 }

   -- ExtendedErrorCodes

   id-errorCodes OBJECT IDENTIFIER ::=
     { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       dod(2) infosec(1) errorCodes(22) }

   id-missingKeyType OBJECT IDENTIFIER ::= {
     id-errorCodes 1 }

   id-privacyMarkTooLong OBJECT IDENTIFIER ::= {
     id-errorCodes 2 }

   id-unrecognizedSecurityPolicy OBJECT IDENTIFIER ::= {
     id-errorCodes 3 }

   END

Top      Up      ToC       Page 68 
Authors' Addresses

   Paul Timmel
   National Information Assurance Research Laboratory
   National Security Agency

   Email: pstimme@nsa.gov


   Russ Housley
   Vigil Security, LLC
   918 Spring Knoll Drive
   Herndon, VA 20170
   United States

   Email: housley@vigilsec.com


   Sean Turner
   IECA, Inc.
   3057 Nutley Street, Suite 106
   Fairfax, VA 22031
   United States

   Email: turners@ieca.com