Script updating gh-pages from 5a67c00. [ci skip]

ietf-rats-wg · Mar 4, 2024 · 1bb7d66 · 1bb7d66
1 parent 17518cf
commit 1bb7d66
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 47 deletions.
diff --git a/secure-channels-only-no-object-security/draft-ietf-rats-uccs.html b/secure-channels-only-no-object-security/draft-ietf-rats-uccs.html
@@ -1531,7 +1531,12 @@ <h2 id="name-security-considerations">
 RATS are not covered by this document. The UCCS specification -- and the
 use of the UCCS CBOR tag, correspondingly -- is not intended for use in a
 scope where a scope-specific security consideration discussion has not
-been conducted, vetted and approved for that use.<a href="#section-7-2" class="pilcrow">¶</a></p>
+been conducted, vetted and approved for that use.
+In order to be able to use the UCCS CBOR tag in another such scope,
+the secure channel and/or the application protocol (e.g., TLS and the
+protocol identified by ALPN) <span class="bcp14">MUST</span> specify the roles of the endpoints
+in a fashion that the security properties of conveying UCCS via a
+Secure Channel between the roles are well-defined.<a href="#section-7-2" class="pilcrow">¶</a></p>
 <div id="general-considerations">
 <section id="section-7.1">
  <h3 id="name-general-considerations">

diff --git a/secure-channels-only-no-object-security/draft-ietf-rats-uccs.txt b/secure-channels-only-no-object-security/draft-ietf-rats-uccs.txt
@@ -91,20 +91,20 @@ Table of Contents
  5.2. Privacy Preservation . . . . . . . . . . . . . . . . . . 7
  6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
  7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
- 7.1. General Considerations . . . . . . . . . . . . . . . . . 8
+ 7.1. General Considerations . . . . . . . . . . . . . . . . . 9
  7.2. AES-CBC_MAC . . . . . . . . . . . . . . . . . . . . . . . 9
- 7.3. AES-GCM . . . . . . . . . . . . . . . . . . . . . . . . .  9
+ 7.3. AES-GCM . . . . . . . . . . . . . . . . . . . . . . . . . 10
  7.4. AES-CCM . . . . . . . . . . . . . . . . . . . . . . . . . 10
  7.5. ChaCha20 and Poly1305 . . . . . . . . . . . . . . . . . . 10
  8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
  8.1. Normative References . . . . . . . . . . . . . . . . . . 10
  8.2. Informative References . . . . . . . . . . . . . . . . . 11
- Appendix A. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 12
- Appendix B. Example . . . . . . . . . . . . . . . . . . . . . . 14
- Appendix C. JSON Support . . . . . . . . . . . . . . . . . . . . 14
- Appendix D. EAT . . . . . . . . . . . . . . . . . . . . . . . . 15
- Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 15
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
+ Appendix A. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 13
+ Appendix B. Example . . . . . . . . . . . . . . . . . . . . . . 15
+ Appendix C. JSON Support . . . . . . . . . . . . . . . . . . . . 15
+ Appendix D. EAT . . . . . . . . . . . . . . . . . . . . . . . . 16
+ Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
 
 
 
@@ -432,14 +432,14 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
  not covered by this document. The UCCS specification -- and the use
  of the UCCS CBOR tag, correspondingly -- is not intended for use in a
  scope where a scope-specific security consideration discussion has
- not been conducted, vetted and approved for that use.
+ not been conducted, vetted and approved for that use. In order to be
+ able to use the UCCS CBOR tag in another such scope, the secure
+ channel and/or the application protocol (e.g., TLS and the protocol
+ identified by ALPN) MUST specify the roles of the endpoints in a
+ fashion that the security properties of conveying UCCS via a Secure
+ Channel between the roles are well-defined.
 
-7.1. General Considerations
 
- Implementations of Secure Channels are often separate from the
- application logic that has security requirements on them. Similar
- security considerations to those described in [RFC9052] for obtaining
- the required levels of assurance include:
 
 
 
@@ -450,6 +450,13 @@ Birkholz, et al. Expires 5 September 2024 [Page 8]
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
 
+7.1. General Considerations
+
+ Implementations of Secure Channels are often separate from the
+ application logic that has security requirements on them. Similar
+ security considerations to those described in [RFC9052] for obtaining
+ the required levels of assurance include:
+
  * Implementations need to provide sufficient protection for private
  or secret key material used to establish or protect the Secure
  Channel.
@@ -491,13 +498,6 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
 
  * A mechanism to ensure that IV cannot be modified is required.
 
- Section 3.2.1 of [RFC9053] contains a detailed explanation of these
- considerations.
-
-7.3. AES-GCM
-
- * The key and nonce pair is unique for every encrypted message.
-
 
 
 
@@ -506,6 +506,13 @@ Birkholz, et al. Expires 5 September 2024 [Page 9]
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
 
+ Section 3.2.1 of [RFC9053] contains a detailed explanation of these
+ considerations.
+
+7.3. AES-GCM
+
+ * The key and nonce pair is unique for every encrypted message.
+
  * The maximum number of messages to be encrypted for a given key is
  not exceeded.
 
@@ -546,14 +553,7 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
  [IANA.cwt] IANA, "CBOR Web Token (CWT) Claims",
  <http://www.iana.org/assignments/cwt>.
 
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119,
- DOI 10.17487/RFC2119, March 1997,
- <https://www.rfc-editor.org/rfc/rfc2119>.
 
- [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
- (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
- <https://www.rfc-editor.org/rfc/rfc7519>.
 
 
 
@@ -562,6 +562,15 @@ Birkholz, et al. Expires 5 September 2024 [Page 10]
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
 
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/rfc/rfc2119>.
+
+ [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
+ (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
+ <https://www.rfc-editor.org/rfc/rfc7519>.
+
  [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
  2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
  May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
@@ -600,6 +609,15 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
  January 2024, <https://datatracker.ietf.org/doc/html/
  draft-ietf-rats-eat-25>.
 
+
+
+
+
+Birkholz, et al. Expires 5 September 2024 [Page 11]
+
+Internet-Draft Unprotected CWT Claims Sets March 2024
+
+
  [NIST-SP800-90Ar1]
  Barker, E. and J. Kelsey, "Recommendation for Random
  Number Generation Using Deterministic Random Bit
@@ -611,13 +629,6 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
  FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
  <https://www.rfc-editor.org/rfc/rfc4949>.
 
-
-
-Birkholz, et al. Expires 5 September 2024 [Page 11]
-
-Internet-Draft Unprotected CWT Claims Sets March 2024
-
-
  [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
  Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
  <https://www.rfc-editor.org/rfc/rfc8446>.
@@ -650,6 +661,19 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
  “2.0”, Level 00, Revision 01.59 ed., Trusted Computing
  Group", 2019.
 
+
+
+
+
+
+
+
+
+Birkholz, et al. Expires 5 September 2024 [Page 12]
+
+Internet-Draft Unprotected CWT Claims Sets March 2024
+
+
 Appendix A. CDDL
 
  The Concise Data Definition Language (CDDL), as defined in [RFC8610]
@@ -665,21 +689,47 @@ Appendix A. CDDL
  // replace the number 601 in the code blocks below by the value that
  // has been assigned for CPA601 and remove this note.
 
+ This specification proposes using the definitions in Figure 1 for the
+ CWT Claims Set defined in [RFC8392]. Note that these definitions
+ have been built such that they also can describe [RFC7519] Claims
+ sets by disabling feature "cbor" and enabling feature "json", but
+ this flexibility is not the subject of the present specification.
+
 
 
 
 
-Birkholz, et al. Expires 5 September 2024 [Page 12]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Birkholz, et al. Expires 5 September 2024 [Page 13]
 
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
 
- This specification proposes using the definitions in Figure 1 for the
- CWT Claims Set defined in [RFC8392]. Note that these definitions
- have been built such that they also can describe [RFC7519] Claims
- sets by disabling feature "cbor" and enabling feature "json", but
- this flexibility is not the subject of the present specification.
-
  UCCS-Untagged = Claims-Set
  UCCS-Tagged = #6.601(UCCS-Untagged)
 
@@ -725,7 +775,13 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
 
 
 
-Birkholz, et al. Expires 5 September 2024 [Page 13]
+
+
+
+
+
+
+Birkholz, et al. Expires 5 September 2024 [Page 14]
 
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
@@ -781,7 +837,7 @@ Appendix C. JSON Support
 
 
 
-Birkholz, et al. Expires 5 September 2024 [Page 14]
+Birkholz, et al. Expires 5 September 2024 [Page 15]
 
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
@@ -837,7 +893,7 @@ Authors' Addresses
 
 
 
-Birkholz, et al. Expires 5 September 2024 [Page 15]
+Birkholz, et al. Expires 5 September 2024 [Page 16]
 
 Internet-Draft Unprotected CWT Claims Sets March 2024
 
@@ -893,4 +949,4 @@ Internet-Draft Unprotected CWT Claims Sets March 2024
 
 
 
-Birkholz, et al. Expires 5 September 2024 [Page 16]
+Birkholz, et al. Expires 5 September 2024 [Page 17]