The IESG has approved the following document: - 'Use of Password-Based Message Authentication Code 1 (PBMAC1) in PKCS #12 Syntax' (draft-ietf-lamps-rfc9579bis-06.txt) as Informational RFC
This document is the product of the Limited Additional Mechanisms for PKIX and SMIME Working Group. The IESG contact persons are Paul Wouters and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc9579bis/ Technical Summary This document specifies additions and amendments to RFCs 7292 and 8018. It obsoletes the RFC 9579. It defines a way to use the Password-Based Message Authentication Code 1 (PBMAC1), defined in RFC 8018, inside the PKCS #12 syntax. The purpose of this specification is to permit the use of more modern Password-Based Key Derivation Functions (PBKDFs) and allow for regulatory compliance. Working Group Summary There is support in the LAMPS WG for this document. It allows implementations of PKCS#12 that use PBMAC1 to avoid the obsolete SHA-1 hash function. This document changes the specified format of password passed to the key derivation function. Previously it was a BMPString, now it is a UTF8String. It should be noted that the test vectors in RFC 9579 use UTF8String encoding. This also resolves RFC Errata 7974. Document Quality There code is written and deployed. The interoperable code implementing this Internet-Draft is currently shipping in Mozilla NSS, GnuTLS, and OpenSSL. The ASN.1 module compiles without errors. The ASN.1 module is unchanged from RFC 9579. Personnel The Document Shepherd for this document is Russ Housley. The Responsible Area Director is Deb Cooley. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
