summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2004-12-20 19:53:40 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2004-12-20 19:53:40 +0000
commit089a88ce93e203fa05b0bf649e3e8225213cb51b (patch)
tree30b7b57f89ec81e66bd76a26c65fafbcc24e2c1c /lib
parente901f615ef8bf66ad6e1029d00eb3c885b980b10 (diff)
RFC documents are not free enough
Diffstat (limited to 'lib')
-rw-r--r--lib/libkeynote/doc/rfc2704.txt2075
-rw-r--r--lib/libkeynote/doc/rfc2792.txt395
2 files changed, 0 insertions, 2470 deletions
diff --git a/lib/libkeynote/doc/rfc2704.txt b/lib/libkeynote/doc/rfc2704.txt
deleted file mode 100644
index d41cd3ae165..00000000000
--- a/lib/libkeynote/doc/rfc2704.txt
+++ /dev/null
@@ -1,2075 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Blaze
-Request for Comments: 2704 J. Feigenbaum
-Category: Informational J. Ioannidis
- AT&T Labs - Research
- A. Keromytis
- U. of Pennsylvania
- September 1999
-
-
- The KeyNote Trust-Management System Version 2
-
-Status of this Memo
-
- This memo provides information for the Internet community. It does
- not specify an Internet standard of any kind. Distribution of this
- memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
-Abstract
-
- This memo describes version 2 of the KeyNote trust-management system.
- It specifies the syntax and semantics of KeyNote `assertions',
- describes `action attribute' processing, and outlines the application
- architecture into which a KeyNote implementation can be fit. The
- KeyNote architecture and language are useful as building blocks for
- the trust management aspects of a variety of Internet protocols and
- services.
-
-1. Introduction
-
- Trust management, introduced in the PolicyMaker system [BFL96], is a
- unified approach to specifying and interpreting security policies,
- credentials, and relationships; it allows direct authorization of
- security-critical actions. A trust-management system provides
- standard, general-purpose mechanisms for specifying application
- security policies and credentials. Trust-management credentials
- describe a specific delegation of trust and subsume the role of
- public key certificates; unlike traditional certificates, which bind
- keys to names, credentials can bind keys directly to the
- authorization to perform specific tasks.
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 1]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- A trust-management system has five basic components:
-
- * A language for describing `actions', which are operations with
- security consequences that are to be controlled by the system.
-
- * A mechanism for identifying `principals', which are entities that
- can be authorized to perform actions.
-
- * A language for specifying application `policies', which govern the
- actions that principals are authorized to perform.
-
- * A language for specifying `credentials', which allow principals to
- delegate authorization to other principals.
-
- * A `compliance checker', which provides a service to applications
- for determining how an action requested by principals should be
- handled, given a policy and a set of credentials.
-
- The trust-management approach has a number of advantages over other
- mechanisms for specifying and controlling authorization, especially
- when security policy is distributed over a network or is otherwise
- decentralized.
-
- Trust management unifies the notions of security policy, credentials,
- access control, and authorization. An application that uses a
- trust-management system can simply ask the compliance checker whether
- a requested action should be allowed. Furthermore, policies and
- credentials are written in standard languages that are shared by all
- trust-managed applications; the security configuration mechanism for
- one application carries exactly the same syntactic and semantic
- structure as that of another, even when the semantics of the
- applications themselves are quite different.
-
- Trust-management policies are easy to distribute across networks,
- helping to avoid the need for application-specific distributed policy
- configuration mechanisms, access control lists, and certificate
- parsers and interpreters.
-
- For a general discussion of the use of trust management in
- distributed system security, see [Bla99].
-
- KeyNote is a simple and flexible trust-management system designed to
- work well for a variety of large- and small-scale Internet-based
- applications. It provides a single, unified language for both local
- policies and credentials. KeyNote policies and credentials, called
- `assertions', contain predicates that describe the trusted actions
- permitted by the holders of specific public keys. KeyNote assertions
- are essentially small, highly-structured programs. A signed
-
-
-
-Blaze, et al. Informational [Page 2]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- assertion, which can be sent over an untrusted network, is also
- called a `credential assertion'. Credential assertions, which also
- serve the role of certificates, have the same syntax as policy
- assertions but are also signed by the principal delegating the trust.
-
- In KeyNote:
-
- * Actions are specified as a collection of name-value pairs.
-
- * Principal names can be any convenient string and can directly
- represent cryptographic public keys.
-
- * The same language is used for both policies and credentials.
-
- * The policy and credential language is concise, highly expressive,
- human readable and writable, and compatible with a variety of
- storage and transmission media, including electronic mail.
-
- * The compliance checker returns an application-configured `policy
- compliance value' that describes how a request should be handled
- by the application. Policy compliance values are always
- positively derived from policy and credentials, facilitating
- analysis of KeyNote-based systems.
-
- * Compliance checking is efficient enough for high-performance and
- real-time applications.
-
- This document describes the KeyNote policy and credential assertion
- language, the structure of KeyNote action descriptions, and the
- KeyNote model of computation.
-
- We assume that applications communicate with a locally trusted
- KeyNote compliance checker via a `function call' style interface,
- sending a collection of KeyNote policy and credential assertions plus
- an action description as input and accepting the resulting policy
- compliance value as output. However, the requirements of different
- applications, hosts, and environments may give rise to a variety of
- different interfaces to KeyNote compliance checkers; this document
- does not aim to specify a complete compliance checker API.
-
-2. KeyNote Concepts
-
- In KeyNote, the authority to perform trusted actions is associated
- with one or more `principals'. A principal may be a physical entity,
- a process in an operating system, a public key, or any other
- convenient abstraction. KeyNote principals are identified by a
- string called a `Principal Identifier'. In some cases, a Principal
- Identifier will contain a cryptographic key interpreted by the
-
-
-
-Blaze, et al. Informational [Page 3]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- KeyNote system (e.g., for credential signature verification). In
- other cases, Principal Identifiers may have a structure that is
- opaque to KeyNote.
-
- Principals perform two functions of concern to KeyNote: They request
- `actions' and they issue `assertions'. Actions are any trusted
- operations that an application places under KeyNote control.
- Assertions delegate the authorization to perform actions to other
- principals.
-
- Actions are described to the KeyNote compliance checker in terms of a
- collection of name-value pairs called an `action attribute set'. The
- action attribute set is created by the invoking application. Its
- structure and format are described in detail in Section 3 of this
- document.
-
- KeyNote provides advice to applications about the interpretation of
- policy with regard to specific requested actions. Applications
- invoke the KeyNote compliance checker by issuing a `query' containing
- a proposed action attribute set and identifying the principal(s)
- requesting it. The KeyNote system determines and returns an
- appropriate `policy compliance value' from an ordered set of possible
- responses.
-
- The policy compliance value returned from a KeyNote query advises the
- application how to process the requested action. In the simplest
- case, the compliance value is Boolean (e.g., "reject" or "approve").
- Assertions can also be written to select from a range of possible
- compliance values, when appropriate for the application (e.g., "no
- access", "restricted access", "full access"). Applications can
- configure the relative ordering (from `weakest' to `strongest') of
- compliance values at query time.
-
- Assertions are the basic programming unit for specifying policy and
- delegating authority. Assertions describe the conditions under which
- a principal authorizes actions requested by other principals. An
- assertion identifies the principal that made it, which other
- principals are being authorized, and the conditions under which the
- authorization applies. The syntax of assertions is given in Section
- 4.
-
- A special principal, whose identifier is "POLICY", provides the root
- of trust in KeyNote. "POLICY" is therefore considered to be
- authorized to perform any action.
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 4]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- Assertions issued by the "POLICY" principal are called `policy
- assertions' and are used to delegate authority to otherwise untrusted
- principals. The KeyNote security policy of an application consists
- of a collection of policy assertions.
-
- When a principal is identified by a public key, it can digitally sign
- assertions and distribute them over untrusted networks for use by
- other KeyNote compliance checkers. These signed assertions are also
- called `credentials', and serve a role similar to that of traditional
- public key certificates. Policies and credentials share the same
- syntax and are evaluated according to the same semantics. A
- principal can therefore convert its policy assertions into
- credentials simply by digitally signing them.
-
- KeyNote is designed to encourage the creation of human-readable
- policies and credentials that are amenable to transmission and
- storage over a variety of media. Its assertion syntax is inspired by
- the format of RFC822-style message headers [Cro82]. A KeyNote
- assertion contains a sequence of sections, called `fields', each of
- which specifies one aspect of the assertion's semantics. Fields
- start with an identifier at the beginning of a line and continue
- until the next field is encountered. For example:
-
- KeyNote-Version: 2
- Comment: A simple, if contrived, email certificate for user mab
- Local-Constants: ATT_CA_key = "RSA:acdfa1df1011bbac"
- mab_key = "DSA:deadbeefcafe001a"
- Authorizer: ATT_CA_key
- Licensees: mab_key
- Conditions: ((app_domain == "email") # valid for email only
- && (address == "mab@research.att.com"));
- Signature: "RSA-SHA1:f00f2244"
-
- The meanings of the various sections are described in Sections 4 and
- 5 of this document.
-
- KeyNote semantics resolve the relationship between an application's
- policy and actions requested by other principals, as supported by
- credentials. The KeyNote compliance checker processes the assertions
- against the action attribute set to determine the policy compliance
- value of a requested action. These semantics are defined in Section
- 5.
-
- An important principle in KeyNote's design is `assertion
- monotonicity'; the policy compliance value of an action is always
- positively derived from assertions made by trusted principals.
- Removing an assertion never results in increasing the compliance
- value returned by KeyNote for a given query. The monotonicity
-
-
-
-Blaze, et al. Informational [Page 5]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- property can simplify the design and analysis of complex network-
- based security protocols; network failures that prevent the
- transmission of credentials can never result in spurious
- authorization of dangerous actions. A detailed discussion of
- monotonicity and safety in trust management can be found in [BFL96]
- and [BFS98].
-
-3. Action Attributes
-
- Trusted actions to be evaluated by KeyNote are described by a
- collection of name-value pairs called the `action attribute set'.
- Action attributes are the mechanism by which applications communicate
- requests to KeyNote and are the primary objects on which KeyNote
- assertions operate. An action attribute set is passed to the KeyNote
- compliance checker with each query.
-
- Each action attribute consists of a name and a value. The semantics
- of the names and values are not interpreted by KeyNote itself; they
- vary from application to application and must be agreed upon by the
- writers of applications and the writers of the policies and
- credentials that will be used by them.
-
- Action attribute names and values are represented by arbitrary-length
- strings. KeyNote guarantees support of attribute names and values up
- to 2048 characters long. The handling of longer attribute names or
- values is not specified and is KeyNote-implementation-dependent.
- Applications and assertions should therefore avoid depending on the
- the use of attributes with names or values longer than 2048
- characters. The length of an attribute value is represented by an
- implementation-specific mechanism (e.g., NUL-terminated strings, an
- explicit length field, etc.).
-
- Attribute values are inherently untyped and are represented as
- character strings by default. Attribute values may contain any non-
- NUL ASCII character. Numeric attribute values should first be
- converted to an ASCII text representation by the invoking
- application, e.g., the value 1234.5 would be represented by the
- string "1234.5".
-
- Attribute names are of the form:
-
- <AttributeID>:: {Any string starting with a-z, A-Z, or the
- underscore character, followed by any number of
- a-z, A-Z, 0-9, or underscore characters} ;
-
- That is, an <AttributeID> begins with an alphabetic or underscore
- character and can be followed by any number of alphanumerics and
- underscores. Attribute names are case-sensitive.
-
-
-
-Blaze, et al. Informational [Page 6]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- The exact mechanism for passing the action attribute set to the
- compliance checker is determined by the KeyNote implementation.
- Depending on specific requirements, an implementation may provide a
- mechanism for including the entire attribute set as an explicit
- parameter of the query, or it may provide some form of callback
- mechanism invoked as each attribute is dereferenced, e.g., for access
- to kernel variables.
-
- If an action attribute is not defined its value is considered to be
- the empty string.
-
- Attribute names beginning with the "_" character are reserved for use
- by the KeyNote runtime environment and cannot be passed from
- applications as part of queries. The following special attribute
- names are used:
-
- Name Purpose
- ------------------------ ------------------------------------
- _MIN_TRUST Lowest-order (minimum) compliance
- value in query; see Section 5.1.
-
- _MAX_TRUST Highest-order (maximum) compliance
- value in query; see Section 5.1.
-
- _VALUES Linearly ordered set of compliance
- values in query; see Section 5.1.
- Comma separated.
-
- _ACTION_AUTHORIZERS Names of principals directly
- authorizing action in query.
- Comma separated.
-
- In addition, attributes with names of the form "_<N>", where <N> is
- an ASCII-encoded integer, are used by the regular expression matching
- mechanism described in Section 5.
-
- The assignment and semantics of any other attribute names beginning
- with "_" is unspecified and implementation-dependent.
-
- The names of other attributes in the action attribute set are not
- specified by KeyNote but must be agreed upon by the writers of any
- policies and credentials that are to inter-operate in a specific
- KeyNote query evaluation.
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 7]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- By convention, the name of the application domain over which action
- attributes should be interpreted is given in the attribute named
- "app_domain". The IANA (or some other suitable authority) will
- provide a registry of reserved app_domain names. The registry will
- list the names and meanings of each application's attributes.
-
- The app_domain convention helps to ensure that credentials are
- interpreted as they were intended. An attribute with any given name
- may be used in many different application domains but might have
- different meanings in each of them. However, the use of a global
- registry is not always required for small-scale, closed applications;
- the only requirement is that the policies and credentials made
- available to the KeyNote compliance checker interpret attributes
- according to the same semantics assumed by the application that
- created them.
-
- For example, an email application might reserve the app_domain
- "RFC822-EMAIL" and might use the attributes named "address" (the
- email address of a message's sender), "name" (the human name of the
- message sender), and any "organization" headers present (the
- organization name). The values of these attributes would be derived
- in the obvious way from the email message headers. The public key of
- the message's signer would be given in the "_ACTION_AUTHORIZERS"
- attribute.
-
- Note that "RFC822-EMAIL" is a hypothetical example; such a name may
- or may not appear in the actual registry with these or different
- attributes. (Indeed, we recognize that the reality of email security
- is considerably more complex than this example might suggest.)
-
-4. KeyNote Assertion Syntax
-
- In the following sections, the notation [X]* means zero or more
- repetitions of character string X. The notation [X]+ means one or
- more repetitions of X. The notation <X>* means zero or more
- repetitions of non-terminal <X>. The notation <X>+ means one or more
- repetitions of X, whereas <X>? means zero or one repetitions of X.
- Nonterminal grammar symbols are enclosed in angle brackets. Quoted
- strings in grammar productions represent terminals.
-
-4.1 Basic Structure
-
- <Assertion>:: <VersionField>? <AuthField> <LicenseesField>?
- <LocalConstantsField>? <ConditionsField>?
- <CommentField>? <SignatureField>? ;
-
- All KeyNote assertions are encoded in ASCII.
-
-
-
-
-Blaze, et al. Informational [Page 8]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- KeyNote assertions are divided into sections, called `fields', that
- serve various semantic functions. Each field starts with an
- identifying label at the beginning of a line, followed by the ":"
- character and the field's contents. There can be at most one field
- per line.
-
- A field may be continued over more than one line by indenting
- subsequent lines with at least one ASCII SPACE or TAB character.
- Whitespace (a SPACE, TAB, or NEWLINE character) separates tokens but
- is otherwise ignored outside of quoted strings. Comments with a
- leading octothorp character (see Section 4.2) may begin in any
- column.
-
- One mandatory field is required in all assertions:
-
- Authorizer
-
- Six optional fields may also appear:
-
- Comment
- Conditions
- KeyNote-Version
- Licensees
- Local-Constants
- Signature
-
- All field names are case-insensitive. The "KeyNote-Version" field,
- if present, appears first. The "Signature" field, if present,
- appears last. Otherwise, fields may appear in any order. Each field
- may appear at most once in any assertion.
-
- Blank lines are not permitted in assertions. Multiple assertions
- stored in a file (e.g., in application policy configurations),
- therefore, can be separated from one another unambiguously by the use
- of blank lines between them.
-
-4.2 Comments
-
- <Comment>:: "#" {ASCII characters} ;
-
- The octothorp character ("#", ASCII 35 decimal) can be used to
- introduce comments. Outside of quoted strings (see Section 4.3), all
- characters from the "#" character through the end of the current line
- are ignored. However, commented text is included in the computation
- of assertion signatures (see Section 4.6.7).
-
-
-
-
-
-
-Blaze, et al. Informational [Page 9]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-4.3 Strings
-
- A `string' is a lexical object containing a sequence of characters.
- Strings may contain any non-NUL characters, including newlines and
- nonprintable characters. Strings may be given as literals, computed
- from complex expressions, or dereferenced from attribute names.
-
-4.3.1 String Literals
-
- <StringLiteral>:: "\"" {see description below} "\"" ;
-
- A string literal directly represents the value of a string. String
- literals must be quoted by preceding and following them with the
- double-quote character (ASCII 34 decimal).
-
- A printable character may be `escaped' inside a quoted string literal
- by preceding it with the backslash character (ASCII 92 decimal)
- (e.g., "like \"this\"."). This permits the inclusion of the double-
- quote and backslash characters inside string literals.
-
- A similar escape mechanism is also used to represent non-printable
- characters. "\n" represents the newline character (ASCII character
- 10 decimal), "\r" represents the carriage-return character (ASCII
- character 13 decimal), "\t" represents the tab character (ASCII
- character 9 decimal), and "\f" represents the form-feed character
- (ASCII character 12 decimal). A backslash character followed by a
- newline suppresses all subsequent whitespace (including the newline)
- up to the next non-whitespace character (this allows the continuation
- of long string constants across lines). Un-escaped newline and
- return characters are illegal inside string literals.
-
- The constructs "\0o", "\0oo", and "\ooo" (where o represents any
- octal digit) may be used to represent any non-NUL ASCII characters
- with their corresponding octal values (thus, "\012" is the same as
- "\n", "\101" is "A", and "\377" is the ASCII character 255 decimal).
- However, the NUL character cannot be encoded in this manner; "\0",
- "\00", and "\000" are converted to the strings "0", "00", and "000"
- respectively. Similarly, all other escaped characters have the
- leading backslash removed (e.g., "\a" becomes "a", and "\\" becomes
- "\"). The following four strings are equivalent:
-
- "this string contains a newline\n followed by one space."
- "this string contains a newline\n \
- followed by one space."
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 10]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- "this str\
- ing contains a \
- newline\n followed by one space."
-
- "this string contains a newline\012\040followed by one space."
-
-4.3.2 String Expressions
-
- In general, anywhere a quoted string literal is allowed, a `string
- expression' can be used. A string expression constructs a string
- from string constants, dereferenced attributes (described in Section
- 4.4), and a string concatenation operator. String expressions may be
- parenthesized.
-
- <StrEx>:: <StrEx> "." <StrEx> /* String concatenation */
- | <StringLiteral> /* Quoted string */
- | "(" <StrEx> ")"
- | <DerefAttribute> /* See Section 4.4 */
- | "$" <StrEx> ; /* See Section 4.4 */
-
- The "$" operator has higher precedence than the "." operator.
-
-4.4 Dereferenced Attributes
-
- Action attributes provide the primary mechanism for applications to
- pass information to assertions. Attribute names are strings from a
- limited character set (<AttributeID> as defined in Section 3), and
- attribute values are represented internally as strings. An attribute
- is dereferenced simply by using its name. In general, KeyNote allows
- the use of an attribute anywhere a string literal is permitted.
-
- Attributes are dereferenced as strings by default. When required,
- dereferenced attributes can be converted to integers or floating
- point numbers with the type conversion operators "@" and "&". Thus,
- an attribute named "foo" having the value "1.2" may be interpreted as
- the string "1.2" (foo), the integer value 1 (@foo), or the floating
- point value 1.2 (&foo).
-
- Attributes converted to integer and floating point numbers are
- represented according to the ANSI C `long' and `float' types,
- respectively. In particular, integers range from -2147483648 to
- 2147483647, whilst floats range from 1.17549435E-38F to
- 3.40282347E+38F.
-
- Any uninitialized attribute has the empty-string value when
- dereferenced as a string and the value zero when dereferenced as an
- integer or float.
-
-
-
-
-Blaze, et al. Informational [Page 11]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- Attribute names may be given literally or calculated from string
- expressions and may be recursively dereferenced. In the simplest
- case, an attribute is dereferenced simply by using its name outside
- of quotes; e.g., the string value of the attribute named "foo" is by
- reference to `foo' (outside of quotes). The "$<StrEx>" construct
- dereferences the attribute named in the string expression <StrEx>.
- For example, if the attribute named "foo" contains the string "bar",
- the attribute named "bar" contains the string "xyz", and the
- attribute "xyz" contains the string "qua", the following string
- comparisons are all true:
-
- foo == "bar"
- $("foo") == "bar"
- $foo == "xyz"
- $(foo) == "xyz"
- $$foo == "qua"
-
- If <StrEx> evaluates to an invalid or uninitialized attribute name,
- its value is considered to be the empty string (or zero if used as a
- numeric).
-
- The <DerefAttribute> token is defined as:
-
- <DerefAttribute>:: <AttributeID> ;
-
-4.5 Principal Identifiers
-
- Principals are represented as ASCII strings called `Principal
- Identifiers'. Principal Identifiers may be arbitrary labels whose
- structure is not interpreted by the KeyNote system or they may encode
- cryptographic keys that are used by KeyNote for credential signature
- verification.
-
- <PrincipalIdentifier>:: <OpaqueID>
- | <KeyID> ;
-
- 4.5.1 Opaque Principal Identifiers
-
- Principal Identifiers that are used by KeyNote only as labels are
- said to be `opaque'. Opaque identifiers are encoded in assertions as
- strings (see Section 4.3):
-
- <OpaqueID>:: <StrEx> ;
-
- Opaque identifier strings should not contain the ":" character.
-
-
-
-
-
-
-Blaze, et al. Informational [Page 12]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-4.5.2 Cryptographic Principal Identifiers
-
- Principal Identifiers that are used by KeyNote as keys, e.g., to
- verify credential signatures, are said to be `cryptographic'.
- Cryptographic identifiers are also lexically encoded as strings:
-
- <KeyID>:: <StrEx> ;
-
- Unlike Opaque Identifiers, however, Cryptographic Identifier strings
- have a special form. To be interpreted by KeyNote (for signature
- verification), an identifier string should be of the form:
-
- <IDString>:: <ALGORITHM>":"<ENCODEDBITS> ;
-
- "ALGORITHM" is an ASCII substring that describes the algorithms to be
- used in interpreting the key's bits. The ALGORITHM identifies the
- major cryptographic algorithm (e.g., RSA [RSA78], DSA [DSA94], etc.),
- structured format (e.g., PKCS1 [PKCS1]), and key bit encoding (e.g.,
- HEX or BASE64). By convention, the ALGORITHM substring starts with
- an alphabetic character and can contain letters, digits, underscores,
- or dashes (i.e., it should match the regular expression "[a-zA-Z][a-
- zA-Z0-9_-]*"). The IANA (or some other appropriate authority) will
- provide a registry of reserved algorithm identifiers.
-
- "ENCODEDBITS" is a substring of characters representing the key's
- bits, the encoding and format of which depends on the ALGORITHM. By
- convention, hexadecimal encoded keys use lower-case ASCII characters.
-
- Cryptographic Principal Identifiers are converted to a normalized
- canonical form for the purposes of any internal comparisons between
- them; see Section 5.2.
-
- Note that the keys used in examples throughout this document are
- fictitious and generally much shorter than would be required for
- security in practice.
-
-4.6 KeyNote Fields
-
-4.6.1 The KeyNote-Version Field
-
- The KeyNote-Version field identifies the version of the KeyNote
- assertion language under which the assertion was written. The
- KeyNote-Version field is of the form
-
- <VersionField>:: "KeyNote-Version:" <VersionString> ;
- <VersionString>:: <StringLiteral>
- | <IntegerLiteral> ;
-
-
-
-
-Blaze, et al. Informational [Page 13]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- where <VersionString> is an ASCII-encoded string. Assertions in
- production versions of KeyNote use decimal digits in the version
- representing the version number of the KeyNote language under which
- they are to be interpreted. Assertions written to conform with this
- document should be identified with the version string "2" (or the
- integer 2). The KeyNote-Version field, if included, should appear
- first.
-
-4.6.2 The Local-Constants Field
-
- This field adds or overrides action attributes in the current
- assertion only. This mechanism allows the use of short names for
- (frequently lengthy) cryptographic principal identifiers, especially
- to make the Licensees field more readable. The Local-Constants field
- is of the form:
-
- <LocalConstantsField>:: "Local-Constants:" <Assignments> ;
- <Assignments>:: /* can be empty */
- | <AttributeID> "=" <StringLiteral> <Assignments> ;
-
- <AttributeID> is an attribute name from the action attribute
- namespace as defined in Section 3. The name is available for use as
- an attribute in any subsequent field. If the Local-Constants field
- defines more than one identifier, it can occupy more than one line
- and be indented. <StringLiteral> is a string literal as described in
- Section 4.3. Attributes defined in the Local-Constants field
- override any attributes with the same name passed in with the action
- attribute set.
-
- An attribute may be initialized at most once in the Local-Constants
- field. If an attribute is initialized more than once in an
- assertion, the entire assertion is considered invalid and is not
- considered by the KeyNote compliance checker in evaluating queries.
-
-4.6.3 The Authorizer Field
-
- The Authorizer identifies the Principal issuing the assertion. This
- field is of the form
-
- <AuthField>:: "Authorizer:" <AuthID> ;
- <AuthID>:: <PrincipalIdentifier>
- | <DerefAttribute> ;
-
- The Principal Identifier may be given directly or by reference to the
- attribute namespace (as defined in Section 4.4).
-
-
-
-
-
-
-Blaze, et al. Informational [Page 14]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-4.6.4 The Licensees Field
-
- The Licensees field identifies the principals authorized by the
- assertion. More than one principal can be authorized, and
- authorization can be distributed across several principals through
- the use of `and' and threshold constructs. This field is of the form
-
- <LicenseesField>:: "Licensees:" <LicenseesExpr> ;
-
- <LicenseesExpr>:: /* can be empty */
- | <PrincExpr> ;
-
- <PrincExpr>:: "(" <PrincExpr> ")"
- | <PrincExpr> "&&" <PrincExpr>
- | <PrincExpr> "||" <PrincExpr>
- | <K>"-of(" <PrincList> ")" /* Threshold */
- | <PrincipalIdentifier>
- | <DerefAttribute> ;
-
- <PrincList>:: <PrincipalIdentifier>
- | <DerefAttribute>
- | <PrincList> "," <PrincList> ;
-
- <K>:: {Decimal number starting with a digit from 1 to 9} ;
-
- The "&&" operator has higher precedence than the "||" operator. <K>
- is an ASCII-encoded positive decimal integer. If a <PrincList>
- contains fewer than <K> principals, the entire assertion is omitted
- from processing.
-
-4.6.5 The Conditions Field
-
- This field gives the `conditions' under which the Authorizer trusts
- the Licensees to perform an action. `Conditions' are predicates that
- operate on the action attribute set. The Conditions field is of the
- form:
-
- <ConditionsField>:: "Conditions:" <ConditionsProgram> ;
-
- <ConditionsProgram>:: /* Can be empty */
- | <Clause> ";" <ConditionsProgram> ;
-
- <Clause>:: <Test> "->" "{" <ConditionsProgram> "}"
- | <Test> "->" <Value>
- | <Test> ;
-
- <Value>:: <StrEx> ;
-
-
-
-
-Blaze, et al. Informational [Page 15]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- <Test>:: <RelExpr> ;
-
- <RelExpr>:: "(" <RelExpr> ")" /* Parentheses */
- | <RelExpr> "&&" <RelExpr> /* Logical AND */
- | <RelExpr> "||" <RelExpr> /* Logical OR */
- | "!" <RelExpr> /* Logical NOT */
- | <IntRelExpr>
- | <FloatRelExpr>
- | <StringRelExpr>
- | "true" /* case insensitive */
- | "false" ; /* case insensitive */
-
- <IntRelExpr>:: <IntEx> "==" <IntEx>
- | <IntEx> "!=" <IntEx>
- | <IntEx> "<" <IntEx>
- | <IntEx> ">" <IntEx>
- | <IntEx> "<=" <IntEx>
- | <IntEx> ">=" <IntEx> ;
-
- <FloatRelExpr>:: <FloatEx> "<" <FloatEx>
- | <FloatEx> ">" <FloatEx>
- | <FloatEx> "<=" <FloatEx>
- | <FloatEx> ">=" <FloatEx> ;
-
- <StringRelExpr>:: <StrEx> "==" <StrEx> /* String equality */
- | <StrEx> "!=" <StrEx> /* String inequality */
- | <StrEx> "<" <StrEx> /* Alphanum. comparisons */
- | <StrEx> ">" <StrEx>
- | <StrEx> "<=" <StrEx>
- | <StrEx> ">=" <StrEx>
- | <StrEx> "~=" <RegExpr> ; /* Reg. expr. matching */
-
- <IntEx>:: <IntEx> "+" <IntEx> /* Integer */
- | <IntEx> "-" <IntEx>
- | <IntEx> "*" <IntEx>
- | <IntEx> "/" <IntEx>
- | <IntEx> "%" <IntEx>
- | <IntEx> "^" <IntEx> /* Exponentiation */
- | "-" <IntEx>
- | "(" <IntEx> ")"
- | <IntegerLiteral>
- | "@" <StrEx> ;
-
- <FloatEx>:: <FloatEx> "+" <FloatEx> /* Floating point */
- | <FloatEx> "-" <FloatEx>
- | <FloatEx> "*" <FloatEx>
- | <FloatEx> "/" <FloatEx>
- | <FloatEx> "^" <FloatEx> /* Exponentiation */
-
-
-
-Blaze, et al. Informational [Page 16]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- | "-" <FloatEx>
- | "(" <FloatEx> ")"
- | <FloatLiteral>
- | "&" <StrEx> ;
-
- <IntegerLiteral>:: {Decimal number of at least one digit} ;
- <FloatLiteral>:: <IntegerLiteral>"."<IntegerLiteral> ;
-
- <StringLiteral> is a quoted string as defined in Section 4.3
- <AttributeID> is defined in Section 3.
-
- The operation precedence classes are (from highest to lowest):
- { (, ) }
- {unary -, @, &, $}
- {^}
- {*, /, %}
- {+, -, .}
-
- Operators in the same precedence class are evaluated left-to-right.
-
- Note the inability to test for floating point equality, as most
- floating point implementations (hardware or otherwise) do not
- guarantee accurate equality testing.
-
- Also note that integer and floating point expressions can only be
- used within clauses of condition fields, but in no other KeyNote
- field.
-
- The keywords "true" and "false" are not reserved; they can be used as
- attribute or principal identifier names (although this practice makes
- assertions difficult to understand and is discouraged).
-
- <RegExpr> is a standard regular expression, conforming to the POSIX
- 1003.2 regular expression syntax and semantics.
-
- Any string expression (or attribute) containing the ASCII
- representation of a numeric value can be converted to an integer or
- float with the use of the "@" and "&" operators, respectively. Any
- fractional component of an attribute value dereferenced as an integer
- is rounded down. If an attribute dereferenced as a number cannot be
- properly converted (e.g., it contains invalid characters or is empty)
- its value is considered to be zero.
-
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 17]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-4.6.6 The Comment Field
-
- The Comment field allows assertions to be annotated with information
- describing their purpose. It is of the form
-
- <CommentField>:: "Comment:" <text> ;
-
- No interpretation of the contents of this field is performed by
- KeyNote. Note that this is one of two mechanisms for including
- comments in KeyNote assertions; comments can also be inserted
- anywhere in an assertion's body by preceding them with the "#"
- character (except inside string literals).
-
-4.6.7 The Signature Field
-
- The Signature field identifies a signed assertion and gives the
- encoded digital signature of the principal identified in the
- Authorizer field. The Signature field is of the form:
-
- <SignatureField>:: "Signature:" <Signature> ;
-
- <Signature>:: <StrEx> ;
-
- The <Signature> string should be of the form:
-
- <IDString>:: <ALGORITHM>":"<ENCODEDBITS> ;
-
- The formats of the "ALGORITHM" and "ENCODEDBITS" substrings are as
- described for Cryptographic Principal Identifiers in Section 4.4.2
- The algorithm name should be the same as that of the principal
- appearing in the Authorizer field. The IANA (or some other suitable
- authority) will provide a registry of reserved names. It is not
- necessary that the encodings of the signature and the authorizer key
- be the same.
-
- If the signature field is included, the principal named in the
- Authorizer field must be a Cryptographic Principal Identifier, the
- algorithm must be known to the KeyNote implementation, and the
- signature must be correct for the assertion body and authorizer key.
-
- The signature is computed over the assertion text, beginning with the
- first field (including the field identifier string), up to (but not
- including) the Signature field identifier. The newline preceding the
- signature field identifier is the last character included in
- signature calculation. The signature is always the last field in a
- KeyNote assertion. Text following this field is not considered part
- of the assertion.
-
-
-
-
-Blaze, et al. Informational [Page 18]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- The algorithms for computing and verifying signatures must be
- configured into each KeyNote implementation and are defined and
- documented separately.
-
- Note that all signatures used in examples in this document are
- fictitious and generally much shorter than would be required for
- security in practice.
-
-5. Query Evaluation Semantics
-
- The KeyNote compliance checker finds and returns the Policy
- Compliance Value of queries, as defined in Section 5.3, below.
-
-5.1 Query Parameters
-
- A KeyNote query has four parameters:
-
- * The identifier of the principal(s) requesting the action.
-
- * The action attribute set describing the action.
-
- * The set of compliance values of interest to the application,
- ordered from _MIN_TRUST to _MAX_TRUST
-
- * The policy and credential assertions that should be included in
- the evaluation.
-
- The mechanism for passing these parameters to the KeyNote evaluator
- is application dependent. In particular, an evaluator might provide
- for some parameters to be passed explicitly, while others are looked
- up externally (e.g., credentials might be looked up in a network-
- based distribution system), while still others might be requested
- from the application as needed by the evaluator, through a `callback'
- mechanism (e.g., for attribute values that represent values from
- among a very large namespace).
-
-5.1.1 Action Requester
-
- At least one Principal must be identified in each query as the
- `requester' of the action. Actions may be requested by several
- principals, each considered to have individually requested it. This
- allows policies that require multiple authorizations, e.g., `two
- person control'. The set of authorizing principals is made available
- in the special attribute "_ACTION_AUTHORIZERS"; if several principals
- are authorizers, their identifiers are separated with commas.
-
-
-
-
-
-
-Blaze, et al. Informational [Page 19]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-5.1.2 Ordered Compliance Value Set
-
- The set of compliance values of interest to an application (and their
- relative ranking to one another) is determined by the invoking
- application and passed to the KeyNote evaluator as a parameter of the
- query. In many applications, this will be Boolean, e.g., the ordered
- sets {FALSE, TRUE} or {REJECT, APPROVE}. Other applications may
- require a range of possible values, e.g., {No_Access, Limited_Access,
- Full_Access}. Note that applications should include in this set only
- compliance value names that are actually returned by the assertions.
-
- The lowest-order and highest-order compliance value strings given in
- the query are available in the special attributes named "_MIN_TRUST"
- and "_MAX_TRUST", respectively. The complete set of query compliance
- values is made available in ascending order (from _MIN_TRUST to
- _MAX_TRUST) in the special attribute named "_VALUES". Values are
- separated with commas; applications that use assertions that make use
- of the _VALUES attribute should therefore avoid the use of compliance
- value strings that themselves contain commas.
-
-5.2 Principal Identifier Normalization
-
- Principal identifier comparisons among Cryptographic Principal
- Identifiers (that represent keys) in the Authorizer and Licensees
- fields or in an action's direct authorizers are performed after
- normalizing them by conversion to a canonical form.
-
- Every cryptographic algorithm used in KeyNote defines a method for
- converting keys to their canonical form and that specifies how the
- comparison for equality of two keys is performed. If the algorithm
- named in the identifier is unknown to KeyNote, the identifier is
- treated as opaque.
-
- Opaque identifiers are compared as case-sensitive strings.
-
- Notice that use of opaque identifiers in the Authorizer field
- requires that the assertion's integrity be locally trusted (since it
- cannot be cryptographically verified by the compliance checker).
-
-5.3 Policy Compliance Value Calculation
-
- The Policy Compliance Value of a query is the Principal Compliance
- Value of the principal named "POLICY". This value is defined as
- follows:
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 20]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-5.3.1 Principal Compliance Value
-
- The Compliance Value of a principal <X> is the highest order
- (maximum) of:
-
- - the Direct Authorization Value of principal <X>; and
-
- - the Assertion Compliance Values of all assertions identifying
- <X> in the Authorizer field.
-
-5.3.2 Direct Authorization Value
-
- The Direct Authorization Value of a principal <X> is _MAX_TRUST if
- <X> is listed in the query as an authorizer of the action.
- Otherwise, the Direct Authorization Value of <X> is _MIN_TRUST.
-
-5.3.3 Assertion Compliance Value
-
- The Assertion Compliance Value of an assertion is the lowest order
- (minimum) of the assertion's Conditions Compliance Value and its
- Licensee Compliance Value.
-
-5.3.4 Conditions Compliance Value
-
- The Conditions Compliance Value of an assertion is the highest-order
- (maximum) value among all successful clauses listed in the conditions
- section.
-
- If no clause's test succeeds or the Conditions field is empty, an
- assertion's Conditions Compliance Value is considered to be the
- _MIN_TRUST value, as defined Section 5.1.
-
- If an assertion's Conditions field is missing entirely, its
- Conditions Compliance Value is considered to be the _MAX_TRUST value,
- as defined in Section 5.1.
-
- The set of successful test clause values is calculated as follows:
-
- Recall from the grammar of section 4.6.5 that each clause in the
- conditions section has two logical parts: a `test' and an optional
- `value', which, if present, is separated from the test with the "->"
- token. The test subclause is a predicate that either succeeds
- (evaluates to logical `true') or fails (evaluates to logical
- `false'). The value subclause is a string expression that evaluates
- to one value from the ordered set of compliance values given with the
- query. If the value subclause is missing, it is considered to be
- _MAX_TRUST. That is, the clause
-
-
-
-
-Blaze, et al. Informational [Page 21]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- foo=="bar";
-
- is equivalent to
-
- foo=="bar" -> _MAX_TRUST;
-
- If the value component of a clause is present, in the simplest case
- it contains a string expression representing a possible compliance
- value. For example, consider an assertion with the following
- Conditions field:
-
- Conditions:
- @user_id == 0 -> "full_access"; # clause (1)
- @user_id < 1000 -> "user_access"; # clause (2)
- @user_id < 10000 -> "guest_access"; # clause (3)
- user_name == "root" -> "full_access"; # clause (4)
-
- Here, if the value of the "user_id" attribute is "1073" and the
- "user_name" attribute is "root", the possible compliance value set
- would contain the values "guest_access" (by clause (3)) and
- "full_access" (by clause (4)). If the ordered set of compliance
- values given in the query (in ascending order) is {"no_access",
- "guest_access", "user_access", "full_access"}, the Conditions
- Compliance Value of the assertion would be "full_access" (because
- "full_access" has a higher-order value than "guest_access"). If the
- "user_id" attribute had the value "19283" and the "user_name"
- attribute had the value "nobody", no clause would succeed and the
- Conditions Compliance Value would be "no_access", which is the
- lowest-order possible value (_MIN_TRUST).
-
- If a clause lists an explicit value, its value string must be named
- in the query ordered compliance value set. Values not named in the
- query compliance value set are considered equivalent to _MIN_TRUST.
-
- The value component of a clause can also contain recursively-nested
- clauses. Recursively-nested clauses are evaluated only if their
- parent test is true. That is,
-
- a=="b" -> { b=="c" -> "value1";
- d=="e" -> "value2";
- true -> "value3"; } ;
-
- is equivalent to
-
- (a=="b") && (b=="c") -> "value1";
- (a=="b") && (d=="e") -> "value2";
- (a=="b") -> "value3";
-
-
-
-
-Blaze, et al. Informational [Page 22]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- String comparisons are case-sensitive.
-
- A regular expression comparison ("~=") is considered true if the
- left-hand-side string expression matches the right-hand-side regular
- expression. If the POSIX regular expression group matching scheme is
- used, the number of groups matched is placed in the temporary meta-
- attribute "_0" (dereferenced as _0), and each match is placed in
- sequence in the temporary attributes (_1, _2, ..., _N). These
- match-attributes' values are valid only within subsequent references
- made within the same clause. Regular expression evaluation is case-
- sensitive.
-
- A runtime error occurring in the evaluation of a test, such as
- division by zero or an invalid regular expression, causes the test to
- be considered false. For example:
-
- foo == "bar" -> {
- @a == 1/0 -> "oneval"; # subclause 1
- @a == 2 -> "anotherval"; # subclause 2
- };
-
- Here, subclause 1 triggers a runtime error. Subclause 1 is therefore
- false (and has the value _MIN_TRUST). Subclause 2, however, would be
- evaluated normally.
-
- An invalid <RegExpr> is considered a runtime error and causes the
- test in which it occurs to be considered false.
-
-5.3.5 Licensee Compliance Value
-
- The Licensee Compliance Value of an assertion is calculated by
- evaluating the expression in the Licensees field, based on the
- Principal Compliance Value of the principals named there.
-
- If an assertion's Licensees field is empty, its Licensee Compliance
- Value is considered to be _MIN_TRUST. If an assertion's Licensees
- field is missing altogether, its Licensee Compliance Value is
- considered to be _MAX_TRUST.
-
- For each principal named in the Licensees field, its Principal
- Compliance Value is substituted for its name. If no Principal
- Compliance Value can be found for some named principal, its name is
- substituted with the _MIN_TRUST value.
-
- The licensees expression (as defined in Section 4.6.4) is evaluated
- as follows:
-
-
-
-
-
-Blaze, et al. Informational [Page 23]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- * A "(...)" expression has the value of the enclosed subexpression.
-
- * A "&&" expression has the lower-order (minimum) of its two
- subexpression values.
-
- * A "||" expression has the higher-order (maximum) of its two
- subexpression values.
-
- * A "<K>-of(<List>)" expression has the K-th highest order
- compliance value listed in <list>. Values that appear multiple
- times are counted with multiplicity. For example, if K = 3 and
- the orders of the listed compliance values are (0, 1, 2, 2, 3),
- the value of the expression is the compliance value of order 2.
-
- For example, consider the following Licensees field:
-
- Licensees: ("alice" && "bob") || "eve"
-
- If the Principal Compliance Value is "yes" for principal "alice",
- "no" for principal "bob", and "no" for principal "eve", and "yes" is
- higher order than "no" in the query's Compliance Value Set, then the
- resulting Licensee Compliance Value is "no".
-
- Observe that if there are exactly two possible compliance values
- (e.g., "false" and "true"), the rules of Licensee Compliance Value
- resolution reduce exactly to standard Boolean logic.
-
-5.4 Assertion Management
-
- Assertions may be either signed or unsigned. Only signed assertions
- should be used as credentials or transmitted or stored on untrusted
- media. Unsigned assertions should be used only to specify policy and
- for assertions whose integrity has already been verified as
- conforming to local policy by some mechanism external to the KeyNote
- system itself (e.g., X.509 certificates converted to KeyNote
- assertions by a trusted conversion program).
-
- Implementations that permit signed credentials to be verified by the
- KeyNote compliance checker generally provide two `channels' through
- which applications can make assertions available. Unsigned,
- locally-trusted assertions are provided over a `trusted' interface,
- while signed credentials are provided over an `untrusted' interface.
- The KeyNote compliance checker verifies correct signatures for all
- assertions submitted over the untrusted interface. The integrity of
- KeyNote evaluation requires that only assertions trusted as
- reflecting local policy are submitted to KeyNote via the trusted
- interface.
-
-
-
-
-Blaze, et al. Informational [Page 24]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- Note that applications that use KeyNote exclusively as a local policy
- specification mechanism need use only trusted assertions. Other
- applications might need only a small number of infrequently changed
- trusted assertions to `bootstrap' a policy whose details are
- specified in signed credentials issued by others and submitted over
- the untrusted interface.
-
-5.5 Implementation Issues
-
- Informally, the semantics of KeyNote evaluation can be thought of as
- involving the construction a directed graph of KeyNote assertions
- rooted at a POLICY assertion that connects with at least one of the
- principals that requested the action.
-
- Delegation of some authorization from principal <A> to a set of
- principals <B> is expressed as an assertion with principal <A> given
- in the Authorizer field, principal set <B> given in the Licensees
- field, and the authorization to be delegated encoded in the
- Conditions field. How the expression digraph is constructed is
- implementation-dependent and implementations may use different
- algorithms for optimizing the graph's construction. Some
- implementations might use a `bottom up' traversal starting at the
- principals that requested the action, others might follow a `top
- down' approach starting at the POLICY assertions, and still others
- might employ other heuristics entirely.
-
- Implementations are encouraged to employ mechanisms for recording
- exceptions (such as division by zero or syntax error), and reporting
- them to the invoking application if requested. Such mechanisms are
- outside the scope of this document.
-
-6. Examples
-
- In this section, we give examples of KeyNote assertions that might be
- used in hypothetical applications. These examples are intended
- primarily to illustrate features of KeyNote assertion syntax and
- semantics, and do not necessarily represent the best way to integrate
- KeyNote into applications.
-
- In the interest of readability, we use much shorter keys than would
- ordinarily be used in practice. Note that the Signature fields in
- these examples do not represent the result of any real signature
- calculation.
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 25]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- 1. TRADITIONAL CA / EMAIL
-
- A. A policy unconditionally authorizing RSA key abc123 for all
- actions. This essentially defers the ability to specify
- policy to the holder of the secret key corresponding to
- abc123:
-
- Authorizer: "POLICY"
- Licensees: "RSA:abc123"
-
- B. A credential assertion in which RSA Key abc123 trusts either
- RSA key 4401ff92 (called `Alice') or DSA key d1234f (called
- `Bob') to perform actions in which the "app_domain" is
- "RFC822-EMAIL", where the "address" matches the regular
- expression "^.*@keynote\.research\.att\.com$". In other
- words, abc123 trusts Alice and Bob as certification
- authorities for the keynote.research.att.com domain.
-
- KeyNote-Version: 2
- Local-Constants: Alice="DSA:4401ff92" # Alice's key
- Bob="RSA:d1234f" # Bob's key
- Authorizer: "RSA:abc123"
- Licensees: Alice || Bob
- Conditions: (app_domain == "RFC822-EMAIL") &&
- (address ~= # only applies to one domain
- "^.*@keynote\\.research\\.att\\.com$");
- Signature: "RSA-SHA1:213354f9"
-
- C. A certificate credential for a specific user whose email
- address is mab@keynote.research.att.com and whose name, if
- present, must be "M. Blaze". The credential was issued by the
- `Alice' authority (whose key is certified in Example B
- above):
-
- KeyNote-Version: 2
- Authorizer: "DSA:4401ff92" # the Alice CA
- Licensees: "DSA:12340987" # mab's key
- Conditions: ((app_domain == "RFC822-EMAIL") &&
- (name == "M. Blaze" || name == "") &&
- (address == "mab@keynote.research.att.com"));
- Signature: "DSA-SHA1:ab23487"
-
-
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 26]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- D. Another certificate credential for a specific user, also
- issued by the `Alice' authority. This example allows three
- different keys to sign as jf@keynote.research.att.com (each
- for a different cryptographic algorithm). This is, in
- effect, three credentials in one:
-
- KeyNote-Version: "2"
- Authorizer: "DSA:4401ff92" # the Alice CA
- Licensees: "DSA:abc991" || # jf's DSA key
- "RSA:cde773" || # jf's RSA key
- "BFIK:fd091a" # jf's BFIK key
- Conditions: ((app_domain == "RFC822-EMAIL") &&
- (name == "J. Feigenbaum" || name == "") &&
- (address == "jf@keynote.research.att.com"));
- Signature: "DSA-SHA1:8912aa"
-
- Observe that under policy A and credentials B, C and D, the
- following action attribute sets are accepted (they return
- _MAX_TRUST):
-
- _ACTION_AUTHORIZERS = "dsa:12340987"
- app_domain = "RFC822-EMAIL"
- address = "mab@keynote.research.att.com"
- and
- _ACTION_AUTHORIZERS = "dsa:12340987"
- app_domain = "RFC822-EMAIL"
- address = "mab@keynote.research.att.com"
- name = "M. Blaze"
-
- while the following are not accepted (they return
- _MIN_TRUST):
-
- _ACTION_AUTHORIZERS = "dsa:12340987"
- app_domain = "RFC822-EMAIL"
- address = "angelos@dsl.cis.upenn.edu"
- and
- _ACTION_AUTHORIZERS = "dsa:abc991"
- app_domain = "RFC822-EMAIL"
- address = "mab@keynote.research.att.com"
- name = "M. Blaze"
- and
- _ACTION_AUTHORIZERS = "dsa:12340987"
- app_domain = "RFC822-EMAIL"
- address = "mab@keynote.research.att.com"
- name = "J. Feigenbaum"
-
-
-
-
-
-
-Blaze, et al. Informational [Page 27]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- 2. WORKFLOW/ELECTRONIC COMMERCE
-
- E. A policy that delegates authority for the "SPEND" application
- domain to RSA key dab212 when the amount given in the
- "dollars" attribute is less than 10000.
-
- Authorizer: "POLICY"
- Licensees: "RSA:dab212" # the CFO's key
- Conditions: (app_domain=="SPEND") && (@dollars < 10000);
-
- F. RSA key dab212 delegates authorization to any two signers,
- from a list, one of which must be DSA key feed1234 in the
- "SPEND" application when @dollars < 7500. If the amount in
- @dollars is 2500 or greater, the request is approved but
- logged.
-
- KeyNote-Version: 2
- Comment: This credential specifies a spending policy
- Authorizer: "RSA:dab212" # the CFO
- Licensees: "DSA:feed1234" && # The vice president
- ("RSA:abc123" || # middle manager #1
- "DSA:bcd987" || # middle manager #2
- "DSA:cde333" || # middle manager #3
- "DSA:def975" || # middle manager #4
- "DSA:978add") # middle manager #5
- Conditions: (app_domain=="SPEND") # note nested clauses
- -> { (@(dollars) < 2500)
- -> _MAX_TRUST;
- (@(dollars) < 7500)
- -> "ApproveAndLog";
- };
- Signature: "RSA-SHA1:9867a1"
-
- G. According to this policy, any two signers from the list of
- managers will do if @(dollars) < 1000:
-
- KeyNote-Version: 2
- Authorizer: "POLICY"
- Licensees: 2-of("DSA:feed1234", # The VP
- "RSA:abc123", # Middle management clones
- "DSA:bcd987",
- "DSA:cde333",
- "DSA:def975",
- "DSA:978add")
- Conditions: (app_domain=="SPEND") &&
- (@(dollars) < 1000);
-
-
-
-
-
-Blaze, et al. Informational [Page 28]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- H. A credential from dab212 with a similar policy, but only one
- signer is required if @(dollars) < 500. A log entry is made if
- the amount is at least 100.
-
- KeyNote-Version: 2
- Comment: This one credential is equivalent to six separate
- credentials, one for each VP and middle manager.
- Individually, they can spend up to $500, but if
- it's $100 or more, we log it.
- Authorizer: "RSA:dab212" # From the CFO
- Licensees: "DSA:feed1234" || # The VP
- "RSA:abc123" || # The middle management clones
- "DSA:bcd987" ||
- "DSA:cde333" ||
- "DSA:def975" ||
- "DSA:978add"
- Conditions: (app_domain="SPEND") # nested clauses
- -> { (@(dollars) < 100) -> _MAX_TRUST;
- (@(dollars) < 500) -> "ApproveAndLog";
- };
- Signature: "RSA-SHA1:186123"
-
- Assume a query in which the ordered set of Compliance Values is
- {"Reject", "ApproveAndLog", "Approve"}. Under policies E and G,
- and credentials F and H, the Policy Compliance Value is
- "Approve" (_MAX_TRUST) when:
-
- _ACTION_AUTHORIZERS = "DSA:978add"
- app_domain = "SPEND"
- dollars = "45"
- unmentioned_attribute = "whatever"
- and
- _ACTION_AUTHORIZERS = "RSA:abc123,DSA:cde333"
- app_domain = "SPEND"
- dollars = "550"
-
- The following return "ApproveAndLog":
-
- _ACTION_AUTHORIZERS = "DSA:feed1234,DSA:cde333"
- app_domain = "SPEND"
- dollars = "5500"
- and
- _ACTION_AUTHORIZERS = "DSA:cde333"
- app_domain = "SPEND"
- dollars = "150"
-
-
-
-
-
-
-Blaze, et al. Informational [Page 29]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- However, the following return "Reject" (_MIN_TRUST):
-
- _ACTION_AUTHORIZERS = "DSA:def975"
- app_domain = "SPEND"
- dollars = "550"
- and
- _ACTION_AUTHORIZERS = "DSA:cde333,DSA:978add"
- app_domain = "SPEND"
- dollars = "5500"
-
-7. Trust-Management Architecture
-
- KeyNote provides a simple mechanism for describing security policy
- and representing credentials. It differs from traditional
- certification systems in that the security model is based on binding
- keys to predicates that describe what the key is authorized by policy
- to do, rather than on resolving names. The infrastructure and
- architecture to support a KeyNote system is therefore rather
- different from that required for a name-based certification scheme.
- The KeyNote trust-management architecture is based on that of
- PolicyMaker [BFL96,BFS98].
-
- It is important to understand the separation between the
- responsibilities of the KeyNote system and those of the application
- and other support infrastructure. A KeyNote compliance checker will
- determine, based on policy and credential assertions, whether a
- proposed action is permitted according to policy. The usefulness of
- KeyNote output as a policy enforcement mechanism depends on a number
- of factors:
-
- * The action attributes and the assignment of their values must
- reflect accurately the security requirements of the application.
- Identifying the attributes to include in the action attribute set
- is perhaps the most important task in integrating KeyNote into new
- applications.
-
- * The policy of the application must be correct and well-formed. In
- particular, trust must be deferred only to principals that should,
- in fact, be trusted by the application.
-
- * The application itself must be trustworthy. KeyNote does not
- directly enforce policy; it only provides advice to the
- applications that call it. In other words, KeyNote assumes that
- the application itself is trusted and that the policy assertions
- it specifies are correct. Nothing prevents an application from
- submitting misleading or incorrect assertions to KeyNote or from
- ignoring KeyNote altogether.
-
-
-
-
-Blaze, et al. Informational [Page 30]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- It is also up to the application (or some service outside KeyNote) to
- select the appropriate credentials and policy assertions with which
- to run a particular query. Note, however, that even if inappropriate
- credentials are provided to KeyNote, this cannot result in the
- approval of an illegal action (as long as the policy assertions are
- correct and the the action attribute set itself is correctly passed
- to KeyNote).
-
- KeyNote is monotonic; adding an assertion to a query can never result
- in a query's having a lower compliance value that it would have had
- without the assertion. Omitting credentials may, of course, result
- in legal actions being disallowed. Selecting appropriate credentials
- (e.g., from a distributed database or `key server') is outside the
- scope of the KeyNote language and may properly be handled by a remote
- client making a request, by the local application receiving the
- request, or by a network-based service, depending on the application.
-
- In addition, KeyNote does not itself provide credential revocation
- services, although credentials can be written to expire after some
- date by including a date test in the predicate. Applications that
- require credential revocation can use KeyNote to help specify and
- implement revocation policies. A future document will address
- expiration and revocation services in KeyNote.
-
- Because KeyNote is designed to support a variety of applications,
- several different application interfaces to a KeyNote implementation
- are possible. In its simplest form, a KeyNote compliance checker
- would exist as a stand-alone application, with other applications
- calling it as needed. KeyNote might also be implemented as a library
- to which applications are linked. Finally, a KeyNote implementation
- might run as a local trusted service, with local applications
- communicating their queries via some interprocess communication
- mechanism.
-
-8. Security Considerations
-
- Trust management is itself a security service. Bugs in or incorrect
- use of a KeyNote compliance checker implementation could have
- security implications for any applications in which it is used.
-
-9. IANA Considerations
-
- This document contains three identifiers to be maintained by the
- IANA. This section explains the criteria to be used by the IANA to
- assign additional identifiers in each of these lists.
-
-
-
-
-
-
-Blaze, et al. Informational [Page 31]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-9.1 app_domain Identifiers
-
- The only thing required of IANA on allocation of these identifiers is
- that they be unique strings. These strings are case-sensitive for
- KeyNote purposes, however it is strongly recommended that IANA assign
- different capitalizations of the same string only to the same
- organization.
-
-9.2 Public Key Format Identifiers
-
- These strings uniquely identify a public key algorithm as used in the
- KeyNote system for representing keys. Requests for assignment of new
- identifiers must be accompanied by an RFC-style document that
- describes the details of this encoding. Example strings are "rsa-
- hex:" and "dsa-base64:". These strings are case-insensitive.
-
-9.3 Signature Algorithm Identifiers
-
- These strings uniquely identify a public key algorithm as used in the
- KeyNote system for representing public key signatures. Requests for
- assignment of new identifiers must be accompanied by an RFC-style
- document that describes the details of this encoding. Example strings
- are "sig-rsa-md5-hex:" and "sig-dsa-sha1-base64:". Note that all
- such strings must begin with the prefix "sig-". These strings are
- case-insensitive.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 32]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-A. Acknowledgments
-
- We thank Lorrie Faith Cranor (AT&T Labs - Research) and Jonathan M.
- Smith (University of Pennsylvania) for their suggestions and comments
- on earlier versions of this document.
-
-B. Full BNF (alphabetical order)
-
- <ALGORITHM>:: {see section 4.4.2} ;
-
- <Assertion>:: <VersionField>? <AuthField> <LicenseesField>?
- <LocalConstantsField>? <ConditionsField>?
- <CommentField>? <SignatureField>? ;
-
- <Assignments>:: "" | <AttributeID> "=" <StringLiteral> <Assignments>
- ;
-
- <AttributeID>:: {Any string starting with a-z, A-Z, or the
- underscore character, followed by any number of
- a-z, A-Z, 0-9, or underscore characters} ;
-
- <AuthField>:: "Authorizer:" <AuthID> ;
-
- <AuthID>:: <PrincipalIdentifier> | <DerefAttribute> ;
-
- <Clause>:: <Test> "->" "{" <ConditionsProgram> "}"
- | <Test> "->" <Value> | <Test> ;
-
- <Comment>:: "#" {ASCII characters} ;
-
- <CommentField>:: "Comment:" {Free-form text} ;
-
- <ConditionsField>:: "Conditions:" <ConditionsProgram> ;
-
- <ConditionsProgram>:: "" | <Clause> ";" <ConditionsProgram> ;
-
- <DerefAttribute>:: <AttributeID> ;
-
- <ENCODEDBITS>:: {see section 4.4.2} ;
-
- <FloatEx>:: <FloatEx> "+" <FloatEx> | <FloatEx> "-" <FloatEx>
- | <FloatEx> "*" <FloatEx> | <FloatEx> "/" <FloatEx>
- | <FloatEx> "^" <FloatEx> | "-" <FloatEx>
- | "(" <FloatEx> ")" | <FloatLiteral> | "&" <StrEx> ;
-
- <FloatRelExpr>:: <FloatEx> "<" <FloatEx> | <FloatEx> ">" <FloatEx>
- | <FloatEx> "<=" <FloatEx>
- | <FloatEx> ">=" <FloatEx> ;
-
-
-
-Blaze, et al. Informational [Page 33]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- <FloatLiteral>:: <IntegerLiteral>"."<IntegerLiteral> ;
-
- <IDString>:: <ALGORITHM>":"<ENCODEDBITS> ;
-
- <IntegerLiteral>:: {Decimal number of at least one digit} ;
-
- <IntEx>:: <IntEx> "+" <IntEx> | <IntEx> "-" <IntEx>
- | <IntEx> "*" <IntEx> | <IntEx> "/" <IntEx>
- | <IntEx> "%" <IntEx> | <IntEx> "^" <IntEx>
- | "-" <IntEx> | "(" <IntEx> ")" | <IntegerLiteral>
- | "@" <StrEx> ;
-
- <IntRelExpr>:: <IntEx> "==" <IntEx> | <IntEx> "!=" <IntEx>
- | <IntEx> "<" <IntEx> | <IntEx> ">" <IntEx>
- | <IntEx> "<=" <IntEx> | <IntEx> ">=" <IntEx> ;
-
- <K>:: {Decimal number starting with a digit from 1 to 9} ;
-
- <KeyID>:: <StrEx> ;
-
- <LicenseesExpr>:: "" | <PrincExpr> ;
-
- <LicenseesField>:: "Licensees:" <LicenseesExpr> ;
-
- <LocalConstantsField>:: "Local-Constants:" <Assignments> ;
-
- <OpaqueID>:: <StrEx> ;
-
- <PrincExpr>:: "(" <PrincExpr> ")" | <PrincExpr> "&&" <PrincExpr>
- | <PrincExpr> "||" <PrincExpr>
- | <K>"-of(" <PrincList> ")" | <PrincipalIdentifier>
- | <DerefAttribute> ;
-
- <PrincipalIdentifier>:: <OpaqueID> | <KeyID> ;
-
- <PrincList>:: <PrincipalIdentifier> | <DerefAttribute>
- | <PrincList> "," <PrincList> ;
-
- <RegExpr>:: {POSIX 1003.2 Regular Expression}
-
- <RelExpr>:: "(" <RelExpr> ")" | <RelExpr> "&&" <RelExpr>
- | <RelExpr> "||" <RelExpr> | "!" <RelExpr>
- | <IntRelExpr> | <FloatRelExpr> | <StringRelExpr>
- | "true" | "false" ;
-
- <Signature>:: <StrEx> ;
-
- <SignatureField>:: "Signature:" <Signature> ;
-
-
-
-Blaze, et al. Informational [Page 34]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- <StrEx>:: <StrEx> "." <StrEx> | <StringLiteral> | "(" <StrEx> ")"
- | <DerefAttribute> | "$" <StrEx> ;
-
- <StringLiteral>:: {see section 4.3.1} ;
-
- <StringRelExpr>:: <StrEx> "==" <StrEx> | <StrEx> "!=" <StrEx>
- | <StrEx> "<" <StrEx> | <StrEx> ">" <StrEx>
- | <StrEx> "<=" <StrEx> | <StrEx> ">=" <StrEx>
- | <StrEx> "~=" <RegExpr> ;
-
- <Test>:: <RelExpr> ;
-
- <Value>:: <StrEx> ;
-
- <VersionField>:: "KeyNote-Version:" <VersionString> ;
-
- <VersionString>:: <StringLiteral> | <IntegerLiteral> ;
-
-References
-
- [BFL96] M. Blaze, J. Feigenbaum, J. Lacy. Decentralized Trust
- Management. Proceedings of the 17th IEEE Symp. on Security
- and Privacy. pp 164-173. IEEE Computer Society, 1996.
- Available at
- <ftp://ftp.research.att.com/dist/mab/policymaker.ps>
-
- [BFS98] M. Blaze, J. Feigenbaum, M. Strauss. Compliance-Checking in
- the PolicyMaker Trust-Management System. Proc. 2nd Financial
- Crypto Conference. Anguilla 1998. LNCS #1465, pp 251-265,
- Springer-Verlag, 1998. Available at
- <ftp://ftp.research.att.com/dist/mab/pmcomply.ps>
-
- [Bla99] M. Blaze, J. Feigenbaum, J. Ioannidis, A. Keromytis. The
- Role of Trust Management in Distributed System Security.
- Chapter in Secure Internet Programming: Security Issues for
- Mobile and Distributed Objects (Vitek and Jensen, eds.).
- Springer-Verlag, 1999. Available at
- <ftp://ftp.research.att.com/dist/mab/trustmgt.ps>.
-
- [Cro82] Crocker, D., "Standard for the Format of ARPA Internet Text
- Messages", STD 11, RFC 822, August 1982.
-
- [DSA94] Digital Signature Standard. FIPS-186. National Institute of
- Standards, U.S. Department of Commerce. May 1994.
-
- [PKCS1] PKCS #1: RSA Encryption Standard, Version 1.5. RSA
- Laboratories. November 1993.
-
-
-
-
-Blaze, et al. Informational [Page 35]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
- [RSA78] R. L. Rivest, A. Shamir, L. M. Adleman. A Method for
- Obtaining Digital Signatures and Public-Key Cryptosystems.
- Communications of the ACM, v21n2. pp 120-126. February 1978.
-
-Authors' Addresses
-
- Comments about this document should be discussed on the keynote-users
- mailing list hosted at nsa.research.att.com. To subscribe, send an
- email message containing the single line
- subscribe keynote-users
- in the message body to <majordomo@nsa.research.att.com>.
-
- Questions about this document can also be directed to the authors as
- a group at the keynote@research.att.com alias, or to the individual
- authors at:
-
- Matt Blaze
- AT&T Labs - Research
- 180 Park Avenue
- Florham Park, New Jersey 07932-0971
-
- EMail: mab@research.att.com
-
-
- Joan Feigenbaum
- AT&T Labs - Research
- 180 Park Avenue
- Florham Park, New Jersey 07932-0971
-
- EMail: jf@research.att.com
-
-
- John Ioannidis
- AT&T Labs - Research
- 180 Park Avenue
- Florham Park, New Jersey 07932-0971
-
- EMail: ji@research.att.com
-
-
- Angelos D. Keromytis
- Distributed Systems Lab
- CIS Department, University of Pennsylvania
- 200 S. 33rd Street
- Philadelphia, Pennsylvania 19104-6389
-
- EMail: angelos@dsl.cis.upenn.edu
-
-
-
-
-Blaze, et al. Informational [Page 36]
-
-RFC 2704 The KeyNote Trust-Management System September 1999
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (1999). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 37]
-
diff --git a/lib/libkeynote/doc/rfc2792.txt b/lib/libkeynote/doc/rfc2792.txt
deleted file mode 100644
index 0b805c91a18..00000000000
--- a/lib/libkeynote/doc/rfc2792.txt
+++ /dev/null
@@ -1,395 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Blaze
-Request for Comments: 2792 J. Ioannidis
-Category: Informational AT&T Labs - Research
- A. Keromytis
- U. of Pennsylvania
- March 2000
-
-
- DSA and RSA Key and Signature Encoding for the
- KeyNote Trust Management System
-
-Status of this Memo
-
- This memo provides information for the Internet community. It does
- not specify an Internet standard of any kind. Distribution of this
- memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2000). All Rights Reserved.
-
-Abstract
-
- This memo describes RSA and DSA key and signature encoding, and
- binary key encoding for version 2 of the KeyNote trust-management
- system.
-
-1. Introduction
-
- KeyNote is a simple and flexible trust-management system designed to
- work well for a variety of large- and small-scale Internet-based
- applications. It provides a single, unified language for both local
- policies and credentials. KeyNote policies and credentials, called
- `assertions', contain predicates that describe the trusted actions
- permitted by the holders of specific public keys. KeyNote assertions
- are essentially small, highly-structured programs. A signed
- assertion, which can be sent over an untrusted network, is also
- called a `credential assertion'. Credential assertions, which also
- serve the role of certificates, have the same syntax as policy
- assertions but are also signed by the principal delegating the trust.
- For more details on KeyNote, see [BFIK99]. This document assumes
- reader familiarity with the KeyNote system.
-
- Cryptographic keys may be used in KeyNote to identify principals. To
- facilitate interoperation between different implementations and to
- allow for maximal flexibility, keys must be converted to a normalized
- canonical form (depended on the public key algorithm used) for the
- purposes of any internal comparisons between keys. For example, an
-
-
-
-Blaze, et al. Informational [Page 1]
-
-RFC 2792 Key and Signature Encoding for KeyNote March 2000
-
-
- RSA [RSA78] key may be encoded in base64 ASCII in one credential, and
- in hexadecimal ASCII in another. A KeyNote implementation must
- internally convert the two encodings to a normalized form that allows
- for comparison between them. Furthermore, the internal structure of
- an encoded key must be known for an implementation to correctly
- decode it.
-
- In some applications, other types of values, such as a passphrase or
- a random nonce, may be used as principal identifiers. When these
- identifiers contain characters that may not appear in a string (as
- defined in [BFIK99]), a simple ASCII encoding is necessary to allow
- their use inside KeyNote assertions. Note that if the identifier
- only contains characters that can appear in a string, it may be used
- as-is. Naturally, such identifiers may not be used to sign an
- assertion, and thus no related signature encoding is defined.
-
- This document specifies RSA and DSA [DSA94] key and signature
- encodings, and binary key encodings for use in KeyNote.
-
-2. Key Normalized Forms
-
-2.1 DSA Key Normalized Form
-
- DSA keys in KeyNote are identified by four values:
-
- - the public value, y
- - the p parameter
- - the q parameter
- - the g parameter
-
- Where the y, p, q, and g are the DSA parameters corresponding to the
- notation of [Sch96]. These four values together make up the DSA key
- normalized form used in KeyNote. All DSA key comparisons in KeyNote
- occur between normalized forms.
-
-2.2 RSA Key Normalized Form
-
- RSA keys in KeyNote are identified by two values:
-
- - the public exponent
- - the modulus
-
- These two values together make up the RSA key normalized form used in
- KeyNote. All RSA key comparisons in KeyNote occur between normalized
- forms.
-
-
-
-
-
-
-Blaze, et al. Informational [Page 2]
-
-RFC 2792 Key and Signature Encoding for KeyNote March 2000
-
-
-2.3 Binary Identifier Normalized Form
-
- The normalized form of a Binary Identifier is the binary identifier's
- data. Thus, Binary Identifier comparisons are essentially binary-
- string comparisons of the Identifier values.
-
-3. Key Encoding
-
-3.1 DSA Key Encoding
-
- DSA keys in KeyNote are encoded as an ASN1 SEQUENCE of four ASN1
- INTEGER objects. The four INTEGER objects are the public value and
- the p, q, and g parameters of the DSA key, in that order.
-
- For use in KeyNote credentials, the ASN1 SEQUENCE is then ASCII-
- encoded (e.g., as a string of hex digits or base64 characters).
-
- DSA keys encoded in this way in KeyNote must be identified by the
- "dsa-XXX:" algorithm name, where XXX is an ASCII encoding ("hex" or
- "base64"). Other ASCII encoding schemes may be defined in the
- future.
-
-3.2 RSA Key Encoding
-
- RSA keys in KeyNote are encoded as an ASN1 SEQUENCE of two ASN1
- INTEGER objects. The two INTEGER objects are the public exponent and
- the modulus of the DSA key, in that order.
-
- For use in KeyNote credentials, the ASN1 SEQUENCE is then ASCII-
- encoded (e.g., as a string of hex digits or base64 characters).
-
- RSA keys encoded in this way in KeyNote must be identified by the
- "rsa-XXX:" algorithm name, where XXX is an ASCII encoding ("hex" or
- "base64"). Other ASCII encoding schemes may be defined in the
- future.
-
-3.3 Binary Identifier Encoding
-
- Binary Identifiers in KeyNote are assumed to have no internal
- encoding, and are treated as a sequence of binary digits. The Binary
- Identifiers are ASCII-encoded, similarly to RSA or DSA keys.
-
- Binary Identifiers encoded in this way in KeyNote must be identified
- by the "binary-XXX:" algorithm name, where XXX is an ASCII encoding
- ("hex" or "base64"). Other ASCII encoding schemes may be defined in
- the future.
-
-
-
-
-
-Blaze, et al. Informational [Page 3]
-
-RFC 2792 Key and Signature Encoding for KeyNote March 2000
-
-
-4. Signature Computation and Encoding
-
-4.1 DSA Signature Computation and Encoding
-
- DSA signatures in KeyNote are computed over the assertion body
- (starting from the beginning of the first keyword, up to and
- including the newline character immediately before the "Signature:"
- keyword) and the signature algorithm name (including the trailing
- colon character, e.g., "sig-dsa-sha1-base64:")
-
- DSA signatures are then encoded as an ASN1 SEQUENCE of two ASN1
- INTEGER objects. The two INTEGER objects are the r and s values of a
- DSA signature [Sch96], in that order.
-
- For use in KeyNote credentials, the ASN1 SEQUENCE is then ASCII-
- encoded (as a string of hex digits or base64 characters).
-
- DSA signatures encoded in this way in KeyNote must be identified by
- the "sig-dsa-XXX-YYY:" algorithm name, where XXX is a hash function
- name ("sha1", for the SHA1 [SHA1-95] hash function is currently the
- only hash function that may be used with DSA) and YYY is an ASCII
- encoding ("hex" or "base64").
-
-4.2 RSA Signature Computation and Encoding
-
- RSA signatures in KeyNote are computed over the assertion body
- (starting from the beginning of the first keyword, up to and
- including the newline character immediately before the "Signature:"
- keyword) and the signature algorithm name (including the trailing
- colon character, e.g., "sig-rsa-sha1-base64:")
-
- RSA signatures are then encoded as an ASN1 OCTET STRING object,
- containing the signature value.
-
- For use in KeyNote credentials, the ASN1 OCTET STRING is then ASCII-
- encoded (as a string of hex digits or base64 characters).
-
- RSA signatures encoded in this way in KeyNote must be identified by
- the "sig-rsa-XXX-YYY:" algorithm name, where XXX is a hash function
- name ("md5" or "sha1", for the MD5 [Riv92] and SHA1 [SHA1-95] hash
- algorithms respectively, may be used with RSA) and YYY is an ASCII
- encoding ("hex" or "base64").
-
-4.3 Binary Signature Computation and Encoding
-
- Binary Identifiers are unstructured sequences of binary digits, and
- are not associated with any cryptographic algorithm. Thus, they may
- not be used to validate an assertion.
-
-
-
-Blaze, et al. Informational [Page 4]
-
-RFC 2792 Key and Signature Encoding for KeyNote March 2000
-
-
-5. Security Considerations
-
- This document discusses the format of RSA and DSA keys and signatures
- and of Binary principal identifiers as used in KeyNote. The security
- of KeyNote credentials utilizing such keys and credentials is
- directly dependent on the strength of the related public key
- algorithms. On the security of KeyNote itself, see [BFIK99].
-
-6. IANA Considerations
-
- Per [BFIK99], IANA should provide a registry of reserved algorithm
- identifiers. The following identifiers are reserved by this document
- as public key and binary identifier encodings:
-
- - "rsa-hex"
- - "rsa-base64"
- - "dsa-hex"
- - "dsa-base64"
- - "binary-hex"
- - "binary-base64"
-
- The following identifiers are reserved by this document as signature
- encodings:
-
- - "sig-rsa-md5-hex"
- - "sig-rsa-md5-base64"
- - "sig-rsa-sha1-hex"
- - "sig-rsa-sha1-base64"
- - "sig-dsa-sha1-hex"
- - "sig-dsa-sha1-base64"
-
- Note that the double quotes are not part of the algorithm
- identifiers.
-
-7. Acknowledgments
-
- This work was sponsored by the DARPA Information Assurance and
- Survivability (IA&S) program, under BAA 98-34.
-
-References
-
- [Sch96] Bruce Schneier, Applied Cryptography 2nd Edition, John
- Wiley & Sons, New York, NY, 1996.
-
- [BFIK99] Blaze, M., Feigenbaum, J., Ioannidis, J. and A. Keromytis,
- "The KeyNote Trust-Management System Version 2", RFC 2704,
- September 1999.
-
-
-
-
-Blaze, et al. Informational [Page 5]
-
-RFC 2792 Key and Signature Encoding for KeyNote March 2000
-
-
- [DSA94] NIST, FIPS PUB 186, "Digital Signature Standard", May 1994.
-
- [Riv92] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
- April 1992.
-
- [RSA78] R. L. Rivest, A. Shamir, L. M. Adleman, "A Method for
- Obtaining Digital Signatures and Public-Key Cryptosystems",
- Communications of the ACM, v21n2. pp 120-126, February
- 1978.
-
- [SHA1-95] NIST, FIPS PUB 180-1, "Secure Hash Standard", April 1995.
- http://csrc.nist.gov/fips/fip180-1.txt (ascii)
- http://csrc.nist.gov/fips/fip180-1.ps (postscript)
-
-Contacts
-
- Comments about this document should be discussed on the
- keynote-users@nsa.research.att.com mailing list.
-
- Questions about this document can also be directed to the authors as
- a group at the keynote@research.att.com alias, or to the individual
- authors at:
-
- Matt Blaze
- AT&T Labs - Research
- 180 Park Avenue
- Florham Park, New Jersey 07932-0000
-
- EMail: mab@research.att.com
-
-
- John Ioannidis
- AT&T Labs - Research
- 180 Park Avenue
- Florham Park, New Jersey 07932-0000
-
- EMail: ji@research.att.com
-
-
- Angelos D. Keromytis
- Distributed Systems Lab
- CIS Department, University of Pennsylvania
- 200 S. 33rd Street
- Philadelphia, Pennsylvania 19104-6389
-
- EMail: angelos@cis.upenn.edu
-
-
-
-
-
-Blaze, et al. Informational [Page 6]
-
-RFC 2792 Key and Signature Encoding for KeyNote March 2000
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2000). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Blaze, et al. Informational [Page 7]
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 22:35:19 +0000