Internet Engineering Task Force (IETF) R. Housley Request for Comments: 8423 Vigil Security Category: Informational L. Zieglar ISSN: 2070-1721 National Security Agency July 2018
Reclassification of Suite B Documents to Historic Status
Abstract
This document reclassifies the RFCs related to the United States National Security Agency (NSA) Suite B cryptographic algorithms as Historic, and it discusses the reasons for doing so. This document moves seven Informational RFCs to Historic status: RFCs 5759, 6239, 6318, 6379, 6380, 6403, and 6460. In addition, it moves three obsolete Informational RFCs to Historic status: RFCs 4869, 5008, and 5430.
Status of This Memo
This document is not an Internet Standards Track specification; it is published for informational purposes.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8423.
Housley & Zieglar Informational [Page 1]
RFC 8423 Suite B to Historic July 2018
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Several RFCs profile security protocols for use with the National Security Agency (NSA) Suite B Cryptography. Suite B is no longer supported by NSA, and the web pages that specify the cryptographic algorithms are no longer available.
In July 2015, NSA published the Committee for National Security Systems Advisory Memorandum 02-15 as the first step in replacing Suite B with NSA's Commercial National Security Algorithm (CNSA) Suite. Information about the CNSA Suite can be found in [CNSA].
As indicated in [CNSA], NSA is transitioning from Suite B to the CNSA Suite. As a result, the profiles of the security protocols for the Suite B algorithms are now only of historic interest.
RFC 6071, "IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap" [RFC6071], points out that RFC 4869 adds four pre- defined suites based upon Suite B specifications. They are:
o IKE/ESP suite "Suite-B-GCM-128"
o IKE/ESP suite "Suite-B-GCM-256"
o IKE/AH suite "Suite-B-GMAC-128"
o IKE/AH suite "Suite-B-GMAC-256"
In each case, these suite definitions make use of algorithms that are defined in other RFCs. No interoperability or security concerns are raised if implementations continue to make use of these suite names.
RFC 6187, "X.509v3 Certificates for Secure Shell Authentication" [RFC6187], points out that RFC 5759 provides additional guidance for Elliptic Curve Digital Signature Algorithm (ECDSA) keys when used with Suite B.
RFC 7321, "Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)" [RFC7321], points out that the AES-GCM algorithm is used by Suite B, and it has emerged as the preferred authenticated encryption method in IPsec. RFC 7321 has since been obsoleted by RFC 8221.
RFC 6402, "Certificate Management over CMS (CMC) Updates" [RFC6402], says that development of the profile for Suite B was the activity that demonstrated the need for these updates.
Housley & Zieglar Informational [Page 4]
RFC 8423 Suite B to Historic July 2018
RFC 7030, "Enrollment over Secure Transport" [RFC7030], points out that the scenarios in Appendix of RFC 6403 are very similar to three of the scenarios described.
RFC 6605, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC" [RFC6605], states that material was copied liberally from RFC 6460. The Standards Track status of RFC 6605 is not affected by RFC 6460 moving to Historic status.
RFC 7525, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)" [RFC7525], observes that the Suite B profile of TLS 1.2 uses different ciphersuites.
RFC 8253, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)" [RFC8253], points to RFC 6460 for the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphersuites. Both of these ciphersuites are defined in [RFC5289], which would have been a better reference. The Standards Track status of RFC 8253 is not affected by RFC 6460 moving to Historic status.
5. Impact of Reclassifying the Suite-B-Related RFCs to Historic
No interoperability or security concerns are raised by reclassifying the Suite-B-related RFCs to Historic status. As described in Section 4, none of the RFCs being moved to Historic status is the sole specification of a cryptographic algorithm or an identifier for a cryptographic algorithm.
[RFC7321] McGrew, D. and P. Hoffman, "Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)", RFC 7321, DOI 10.17487/RFC7321, August 2014, <https://www.rfc-editor.org/info/rfc7321>.
Housley & Zieglar Informational [Page 7]
RFC 8423 Suite B to Historic July 2018
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2015, <https://www.rfc-editor.org/info/rfc7525>.
[RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)", RFC 8253, DOI 10.17487/RFC8253, October 2017, <https://www.rfc-editor.org/info/rfc8253>.
Authors' Addresses
Russ Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 United States of America
Email: housley@vigilsec.com
Lydia Zieglar National Security Agency 9800 Savage Road Ft. George G. Meade, MD 20755-6940 United States of America