doc: Add RFC documents

1 files changed, 227 insertions, 0 deletions

diff --git a/doc/rfc/rfc5469.txt b/doc/rfc/rfc5469.txt
new file mode 100644
index 0000000..517392e
--- /dev/null
+++ b/doc/rfc/rfc5469.txt
@@ -0,0 +1,227 @@
+
+
+
+
+
+
+Network Working Group                                     P. Eronen, Ed.
+Request for Comments: 5469                                         Nokia
+Category: Informational                                    February 2009
+
+
+     DES and IDEA Cipher Suites for Transport Layer Security (TLS)
+
+Status of This Memo
+
+   This memo provides information for the Internet community.  It does
+   not specify an Internet standard of any kind.  Distribution of this
+   memo is unlimited.
+
+Copyright Notice
+
+   Copyright (c) 2009 IETF Trust and the persons identified as the
+   document authors.  All rights reserved.
+
+   This document is subject to BCP 78 and the IETF Trust's Legal
+   Provisions Relating to IETF Documents (http://trustee.ietf.org/
+   license-info) in effect on the date of publication of this document.
+   Please review these documents carefully, as they describe your rights
+   and restrictions with respect to this document.
+
+Abstract
+
+   Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC
+   4346) include cipher suites based on DES (Data Encryption Standard)
+   and IDEA (International Data Encryption Algorithm) algorithms.  DES
+   (when used in single-DES mode) and IDEA are no longer recommended for
+   general use in TLS, and have been removed from TLS version 1.2 (RFC
+   5246).  This document specifies these cipher suites for completeness
+   and discusses reasons why their use is no longer recommended.
+
+1.  Introduction
+
+   TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based
+   on DES (Data Encryption Standard) and IDEA (International Data
+   Encryption Algorithm) algorithms.  DES (when used in single-DES mode)
+   and IDEA are no longer recommended for general use in TLS, and have
+   been removed from TLS version 1.2 [TLS12].
+
+   This document specifies these cipher suites for completeness and
+   discusses reasons why their use is no longer recommended.
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in [REQ].
+
+
+
+Eronen                       Informational                      [Page 1]
+
+RFC 5469           DES and IDEA Cipher Suites for TLS      February 2009
+
+
+2.  DES Cipher Suites
+
+   DES (Data Encryption Standard) is a block cipher that was originally
+   approved as a US federal standard in 1976, and is specified in [DES].
+
+   For TLS key generation purposes, DES is treated as having a 64-bit
+   key, but it still provides only 56 bits of protection, as 8 of the 64
+   bits are not used by the algorithm.  DES uses a 64-bit block size.
+
+   The following cipher suites have been defined for using DES in Cipher
+   Block Chaining (CBC) mode in TLS:
+
+      CipherSuite TLS_RSA_WITH_DES_CBC_SHA            = { 0x00,0x09 };
+      CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA         = { 0x00,0x0C };
+      CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA         = { 0x00,0x0F };
+      CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA        = { 0x00,0x12 };
+      CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA        = { 0x00,0x15 };
+      CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA        = { 0x00,0x1A };
+
+   The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA,
+   and DH_anon) and the MAC (Message Authentication Code) algorithm
+   (SHA) are defined in the base TLS specification.
+
+3.  IDEA Cipher Suite
+
+   IDEA (International Data Encryption Algorithm) is a block cipher
+   designed by Xuejia Lai and James Massey [IDEA] [SCH].  IDEA uses a
+   128-bit key and operates on 64-bit blocks.
+
+   The following cipher suite has been defined for using IDEA in CBC
+   mode in TLS:
+
+      CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA           = { 0x00,0x07 };
+
+   The key exchange algorithm (RSA) and the MAC algorithm (SHA) are
+   defined in the base TLS specification.
+
+4.  Security Considerations
+
+4.1.  DES Cipher Suites
+
+   DES has an effective key strength of 56 bits, which has been known to
+   be vulnerable to practical brute force attacks for over 20 years
+   [DH].  A relatively recent 2006 paper by Kumar, et al. [COPA]
+   describes a system that performs an exhaustive key search in less
+   than nine days on average, and costs less than 10,000 USD to build.
+
+
+
+
+
+Eronen                       Informational                      [Page 2]
+
+RFC 5469           DES and IDEA Cipher Suites for TLS      February 2009
+
+
+   Given this, the single-DES cipher suites SHOULD NOT be implemented by
+   TLS libraries.  If a TLS library implements these cipher suites, it
+   SHOULD NOT enable them by default.  Experience has also shown that
+   rarely used code is a source of security and interoperability
+   problems, so existing implementations SHOULD consider removing these
+   cipher suites.
+
+4.2.  IDEA Cipher Suite
+
+   IDEA has a 128-bit key, and thus is not vulnerable to an exhaustive
+   key search.  However, the IDEA cipher suite for TLS has not seen
+   widespread use: most implementations either do not support it, do not
+   enable it by default, or do not negotiate it when other algorithms
+   (such as AES, 3DES, or RC4) are available.
+
+   Experience has shown that rarely used code is a source of security
+   and interoperability problems; given this, the IDEA cipher suite
+   SHOULD NOT be implemented by TLS libraries and SHOULD be removed from
+   existing implementations.
+
+5.  IANA Considerations
+
+   IANA has already allocated values for the cipher suites described in
+   this document in the TLS Cipher Suite Registry, defined in [TLS11].
+   IANA has updated the references of these cipher suites to point to
+   this document:
+
+   Value         Description                             Reference
+   -----------   --------------------------------------  ---------
+   0x00,0x07     TLS_RSA_WITH_IDEA_CBC_SHA               [RFC5469]
+   0x00,0x09     TLS_RSA_WITH_DES_CBC_SHA                [RFC5469]
+   0x00,0x0C     TLS_DH_DSS_WITH_DES_CBC_SHA             [RFC5469]
+   0x00,0x0F     TLS_DH_RSA_WITH_DES_CBC_SHA             [RFC5469]
+   0x00,0x12     TLS_DHE_DSS_WITH_DES_CBC_SHA            [RFC5469]
+   0x00,0x15     TLS_DHE_RSA_WITH_DES_CBC_SHA            [RFC5469]
+   0x00,0x1A     TLS_DH_anon_WITH_DES_CBC_SHA            [RFC5469]
+
+   This document does not create any new registries to be maintained by
+   IANA, and does not require any new assignments from existing
+   registries.
+
+6.  Acknowledgments
+
+   The editor would like to thank Steven Bellovin, Uri Blumenthal,
+   Michael D'Errico, Paul Hoffman, Simon Josefsson, Bodo Moeller, Tom
+   Petch, Martin Rex, and Len Sassaman for their contributions to
+   preparing this document.
+
+
+
+
+Eronen                       Informational                      [Page 3]
+
+RFC 5469           DES and IDEA Cipher Suites for TLS      February 2009
+
+
+7.  References
+
+7.1.  Normative References
+
+   [DES]    National Institute of Standards and Technology, "Data
+            Encryption Standard (DES)", FIPS PUB 46-3, October 1999.
+
+   [IDEA]   Lai, X., "On the Design and Security of Block Ciphers",
+            ETH Series in Information Processing, v. 1, Konstanz:
+            Hartung-Gorre Verlag, 1992.
+
+   [REQ]    Bradner, S., "Key words for use in RFCs to Indicate
+            Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+   [SCH]    Schneier, B., "Applied Cryptography: Protocols, Algorithms,
+            and Source Code in C", 2nd ed., John Wiley & Sons, Inc.,
+            1996.
+
+   [TLS10]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
+            RFC 2246, January 1999.
+
+   [TLS11]  Dierks, T. and E. Rescorla, "The Transport Layer Security
+            (TLS) Protocol Version 1.1", RFC 4346, April 2006.
+
+   [TLS12]  Dierks, T. and E. Rescorla, "The Transport Layer Security
+            (TLS) Protocol Version 1.2", RFC 5246, August 2008.
+
+7.2.  Informative References
+
+   [COPA]   Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., and M.
+            Schimmler, "Breaking Ciphers with COPACOBANA - A Cost-
+            Optimized Parallel Code Breaker", Workshop on Cryptographic
+            Hardware and Embedded Systems (CHES 2006), Yokohama, Japan,
+            October 2006.
+
+   [DH]     Diffie, W. and M. Hellman, "Exhaustive Cryptanalysis of the
+            NBS Data Encryption Standard", IEEE Computer, Volume 10,
+            Issue 6, June 1977.
+
+Author's Address
+
+   Pasi Eronen (editor)
+   Nokia Research Center
+   P.O. Box 407
+   FIN-00045 Nokia Group
+   Finland
+
+   EMail: pasi.eronen@nokia.com
+
+
+
+Eronen                       Informational                      [Page 4]
+