rfc9879.original.xml		rfc9879.xml
	<?xml version='1.0' encoding='utf-8'?>		<?xml version='1.0' encoding='UTF-8'?>
	<!DOCTYPE rfc [		<!DOCTYPE rfc [
	<!ENTITY nbsp "&#160;">		<!ENTITY nbsp "&#160;">
	<!ENTITY zwsp "&#8203;">		<!ENTITY zwsp "&#8203;">
	<!ENTITY nbhy "&#8209;">		<!ENTITY nbhy "&#8209;">
	<!ENTITY wj "&#8288;">		<!ENTITY wj "&#8288;">
	]>		]>
	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-i etf-lamps-rfc9579bis-06" ipr="trust200902" updates="7292, 8018" obsoletes="9579" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" ver sion="3">		<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-i etf-lamps-rfc9579bis-06" number="9879" consensus="true" submissionType="IETF" ip r="trust200902" updates="7292, 8018" obsoletes="9579" xml:lang="en" tocInclude=" true" tocDepth="4" symRefs="true" sortRefs="true" version="3">
	<front>		<front>
	<title abbrev="PBMAC1 in PKCS #12">Use of Password-Based Message		<title abbrev="PBMAC1 in PKCS #12">Use of Password-Based Message
	Authentication Code 1 (PBMAC1) in PKCS #12 Syntax</title>		Authentication Code 1 (PBMAC1) in PKCS #12 Syntax</title>
			<seriesInfo name="RFC" value="9879"/>
	<author fullname="Alicja Kario" initials="A." surname="Kario">		<author fullname="Alicja Kario" initials="A." surname="Kario">
	<organization>Red Hat, Inc.</organization>		<organization>Red Hat, Inc.</organization>
	<address>		<address>
	<postal>		<postal>
	<street>Purkynova 115</street>		<street>Purkynova 115</street>
	<city>Brno</city>		<city>Brno</city>
	<code>61200</code>		<code>61200</code>
	<country>Czech Republic</country>		<country>Czech Republic</country>
	</postal>		</postal>
	<email>hkario@redhat.com</email>		<email>hkario@redhat.com</email>
	</address>		</address>
	</author>		</author>
	<date day="25" month="April" year="2025"/>		<date month="September" year="2025"/>
	<area>SEC</area>		<area>SEC</area>
	<workgroup>lamps</workgroup>		<workgroup>lamps</workgroup>
	<keyword>pbmac1</keyword>		<keyword>pbmac1</keyword>
	<keyword>pkcs12</keyword>		<keyword>pkcs12</keyword>
	<keyword>pbkdf2</keyword>		<keyword>pbkdf2</keyword>
	<abstract>		<abstract>
	<t>This document specifies additions and amendments to		<t>This document specifies additions and amendments to
	skipping to change at line 60 ¶		skipping to change at line 61 ¶
	<name>Introduction</name>		<name>Introduction</name>
	<t>The PKCS #12 format <xref target="RFC7292" format="default"/> is widely used		<t>The PKCS #12 format <xref target="RFC7292" format="default"/> is widely used
	for the interoperable transfer of certificate, key, and other		for the interoperable transfer of certificate, key, and other
	miscellaneous secrets between machines, applications, browsers, etc.		miscellaneous secrets between machines, applications, browsers, etc.
	Unfortunately, <xref target="RFC7292" format="default"/> mandates the us e		Unfortunately, <xref target="RFC7292" format="default"/> mandates the us e
	of a PKCS #12 specific password-based key derivation function		of a PKCS #12 specific password-based key derivation function
	that only allows for change of the underlying message digest function.</ t>		that only allows for change of the underlying message digest function.</ t>
	<section anchor="Changes" numbered="true" toc="default">		<section anchor="Changes" numbered="true" toc="default">
	<name>Changes since RFC 9579</name>		<name>Changes since RFC 9579</name>
	<t>This document changes the specified format of password passed to		<t>This document changes the specified format of the password passed t
	the key derivation function. Previously it was a BMPString, now		o
			the key derivation function. Previously, it was a BMPString, but now
	it's declared as a UTF8String. It should be noted that the		it's declared as a UTF8String. It should be noted that the
	test vectors attached to <xref target="RFC9579" format="default"/>		test vectors attached to <xref target="RFC9579" format="default"/>
	use UTF8String encoding. This resolves		use UTF8String encoding. This resolves
	<xref target="Err7974" format="default"/>.		<xref target="Err7974" format="default"/>.
	</t>		</t>
	</section>		</section>
	</section>		</section>
	<section numbered="true" toc="default">		<section numbered="true" toc="default">
	<name>Rationale</name>		<name>Rationale</name>
	skipping to change at line 105 ¶		skipping to change at line 106 ¶
	format="default"/> <xref target="x681" format="default"/> <xref		format="default"/> <xref target="x681" format="default"/> <xref
	target="x682" format="default"/> <xref target="x683" format="default"/>		target="x682" format="default"/> <xref target="x683" format="default"/>
	<xref target="x690" format="default"/> that can be combined with the		<xref target="x690" format="default"/> that can be combined with the
	ASN.1 modules in <xref target="RFC7292" format="default"/> and <xref		ASN.1 modules in <xref target="RFC7292" format="default"/> and <xref
	target="RFC8018" format="default"/> to incorporate additional MAC		target="RFC8018" format="default"/> to incorporate additional MAC
	algorithms.</t>		algorithms.</t>
	</section>		</section>
	<section numbered="true" toc="default">		<section numbered="true" toc="default">
	<name>Requirements Language</name>		<name>Requirements Language</name>
	<t>		<t>
	The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",		The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
	"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>		IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
	",		NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
	"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",		RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
	"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",		"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
	"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to		be interpreted as
	be		described in BCP&nbsp;14 <xref target="RFC2119"/> <xref target="RFC8174"/>
	interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> <xref		when, and only when, they appear in all capitals, as shown here.
	target="RFC8174"/> when, and only when, they appear in all capitals, as
	shown here.
	</t>		</t>
	</section>		</section>
	<section numbered="true" toc="default">		<section numbered="true" toc="default">
	<name>Embedding PBMAC1 in PKCS #12</name>		<name>Embedding PBMAC1 in PKCS #12</name>
	<t>The MacData structure in the PFX		<t>The MacData structure in the PFX
	object, as described in item #3 in <xref target="RFC7292"		object, as described in item #3 in <xref target="RFC7292"
	sectionFormat="of" section="4"/>, is updated to include the following PBMA C1-specific		sectionFormat="of" section="4"/>, is updated to include the following PBMA C1-specific
	guidance:		guidance:
	skipping to change at line 179 ¶		skipping to change at line 177 ¶
	SHA-256 HMAC should also include KDF parameters that generate a 32-octet key. In particular, when using the PBKDF2, implementations		SHA-256 HMAC should also include KDF parameters that generate a 32-octet key. In particular, when using the PBKDF2, implementations
	<bcp14>MUST</bcp14> include the keyLength field in the encoded PBKDF2-pa rams.		<bcp14>MUST</bcp14> include the keyLength field in the encoded PBKDF2-pa rams.
	Implementations <bcp14>MUST NOT</bcp14> accept PBKDF2 KDF with PBKDF2-pa rams that		Implementations <bcp14>MUST NOT</bcp14> accept PBKDF2 KDF with PBKDF2-pa rams that
	omit the keyLength field.		omit the keyLength field.
	</t>		</t>
	</section>		</section>
	<section numbered="true" toc="default">		<section numbered="true" toc="default">
	<name>Password Encoding</name>		<name>Password Encoding</name>
	<t>As documented in <xref target="RFC7292" sectionFormat="of"		<t>As documented in <xref target="RFC7292" sectionFormat="of"
	section="B.1"/>, the handling of password encoding in the underlying		section="B.1"/>, the handling of password encoding in the underlying
	standards is underspecified. However, unlike with Password Based		standards is underspecified. However, unlike with Password-Based
	Encryption Scheme 1 (PBES1) <xref target="RFC8018"/>		Encryption Scheme 1 (PBES1) <xref target="RFC8018"/>
	when used in the context of PKCS #12 or the MAC algorithm described		when used in the context of PKCS #12 or the MAC algorithm described
	in <xref target="RFC7292"/> (which use BMPString with NULL-termination),		in <xref target="RFC7292"/> (which use BMPString with NULL termination),
	all passwords used with PBMAC1		all passwords used with PBMAC1
	<bcp14>MUST</bcp14> be created from UTF-8 <xref target="RFC3629"/>		<bcp14>MUST</bcp14> be created from UTF-8
	encoding without a NULL		encoding <xref target="RFC3629"/> without a NULL
	terminator or Byte Order Mark (BOM).		terminator or Byte Order Mark (BOM).
	</t>		</t>
	</section>		</section>
	<section numbered="true" toc="default">		<section numbered="true" toc="default">
	<name>Deprecated Algorithms</name>		<name>Deprecated Algorithms</name>
	<t>While attacks against SHA-1 HMACs are not considered practical		<t>While attacks against SHA-1 HMACs are not considered practical
	<xref target="RFC6194" format="default"/> to limit the number of alg orithms needed		<xref target="RFC6194" format="default"/> to limit the number of alg orithms needed
	for interoperability, implementations of this specification		for interoperability, implementations of this specification
	<bcp14>SHOULD NOT</bcp14> use PBKDF2 with the SHA-1 HMAC. In additio n,		<bcp14>SHOULD NOT</bcp14> use PBKDF2 with the SHA-1 HMAC. In additio n,
	implementations <bcp14>MUST NOT</bcp14> use any other message digest functions		implementations <bcp14>MUST NOT</bcp14> use any other message digest functions
	with an output of 160 bits or less.</t>		with an output of 160 bits or less.</t>
	</section>		</section>
	<section anchor="IANA" numbered="true" toc="default">		<section anchor="IANA" numbered="true" toc="default">
	<name>IANA Considerations</name>		<name>IANA Considerations</name>
	<t>IANA has registered the following object identifier in the		<t>IANA has registered the following object identifier in the
	"SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry. See <xref target="asn1-module"/> for the ASN.1 module. </t>		"SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry. See <xref target="asn1-module"/> for the ASN.1 module. </t>
	<!-- [rfced] please remove the following parargaph -->
	<t>We ask IANA to update the reference to point to this new document.</t>		<t>IANA has updated the reference to point to this document.</t>
	<table anchor="iana-table">		<table anchor="iana-table">
	<name></name>		<name></name>
	<thead>		<thead>
	<tr>		<tr>
	<th>Decimal</th>		<th>Decimal</th>
	<th>Description</th>		<th>Description</th>
	<th>Reference</th>		<th>Reference</th>
	</tr>		</tr>
	</thead>		</thead>
	<tbody>		<tbody>
	<tr>		<tr>
	<td>76</td>		<td>76</td>
	<td>id-pkcs12-pbmac1-2023</td>		<td>id-pkcs12-pbmac1-2023</td>
	<td>[this document]</td>		<td>RFC 9879</td>
	</tr>		</tr>
	</tbody>		</tbody>
	</table>		</table>
	</section>		</section>
	<section anchor="Security" numbered="true" toc="default">		<section anchor="Security" numbered="true" toc="default">
	<name>Security Considerations</name>		<name>Security Considerations</name>
	<t>Except for the use of different key derivation functions, this document		<t>Except for the use of different key derivation functions, this document
	doesn't change how the integrity protection on PKCS #12 objects is		doesn't change how the integrity protection on PKCS #12 objects is
	computed; therefore, all the security considerations from		computed; therefore, all the security considerations from
	<xref target="RFC7292" format="default"/> apply.		<xref target="RFC7292" format="default"/> apply.
	skipping to change at line 338 ¶		skipping to change at line 336 ¶
	<date month="February" year="2021"/>		<date month="February" year="2021"/>
	</front>		</front>
	<seriesInfo name="ITU-T Recommendation" value="X.690"/>		<seriesInfo name="ITU-T Recommendation" value="X.690"/>
	<seriesInfo name="ISO/IEC" value="8825-1:2021" />		<seriesInfo name="ISO/IEC" value="8825-1:2021" />
	</reference>		</reference>
	<reference anchor="SHA2" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf">		<reference anchor="SHA2" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf">
	<front>		<front>
	<title>Secure Hash Standard (SHS)</title>		<title>Secure Hash Standard (SHS)</title>
	<author>		<author>
	<organization>National Institute of Standards and Technology (NIST )		<organization abbrev="NIST">National Institute of Standards and Te chnology (NIST)
	</organization>		</organization>
	</author>		</author>
	<date month="August" year="2015"/>		<date month="August" year="2015"/>
	</front>		</front>
	<seriesInfo name="FIPS PUB" value="180-4"/>		<seriesInfo name="FIPS PUB" value="180-4"/>
	<seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>		<seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>
	</reference>		</reference>
	</references>		</references>
	<references>		<references>
	<name>Informative References</name>		<name>Informative References</name>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 914.xml"/>		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 914.xml"/>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9 579.xml"/>		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9 579.xml"/>
	<reference anchor="SHA3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.202.pdf">		<reference anchor="SHA3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.202.pdf">
	<front>		<front>
	<title>SHA-3 Standard: Permutation-Based Hash and Extendable-Output		<title>SHA-3 Standard: Permutation-Based Hash and Extendable-Output
	Functions</title>		Functions</title>
	<author>		<author>
	<organization>National Institute of Standards and Technology (NIST )		<organization abbrev="NIST">National Institute of Standards and Te chnology (NIST)
	</organization>		</organization>
	</author>		</author>
	<date month="August" year="2015"/>		<date month="August" year="2015"/>
	</front>		</front>
	<seriesInfo name="FIPS PUB" value="202"/>		<seriesInfo name="FIPS PUB" value="202"/>
	<seriesInfo name="DOI" value="10.6028/NIST.FIPS.202"/>		<seriesInfo name="DOI" value="10.6028/NIST.FIPS.202"/>
	</reference>		</reference>
	<reference anchor="Err7974" target="https://www.rfc-editor.org/errata/ei d7974">		<reference anchor="Err7974" quote-title="false" target="https://www.rfc- editor.org/errata/eid7974">
	<front>		<front>
	<title>RFC Errata Report 7974, RFC 9579,</title>		<title>Erratum ID 7974</title>
	<author fullname="Alicja Kario" />		<author>
			<organization>RFC Errata</organization>
			</author>
	</front>		</front>
			<refcontent>RFC 9579</refcontent>
	</reference>		</reference>
	</references>		</references>
	</references>		</references>
	<section anchor="test-vectors" numbered="true" toc="default">		<section anchor="test-vectors" numbered="true" toc="default">
	<name>Test Vectors</name>		<name>Test Vectors</name>
	<t>All test vectors use "1234" as the password for both encryption		<t>All test vectors use "1234" as the password for both encryption
	and integrity protection.</t>		and integrity protection.</t>
	<section numbered="true" toc="default">		<section numbered="true" toc="default">
	<name>Valid PKCS #12 File with SHA-256 HMAC and PRF</name>		<name>Valid PKCS #12 File with SHA-256 HMAC and PRF</name>
End of changes. 16 change blocks.
	27 lines changed or deleted		30 lines changed or added
This html diff was produced by rfcdiff 1.48.