1
2
3
4
5
6
7Network Working Group                                            D. Shaw
8Request for Comments: 5581                                     June 2009
9Updates: 4880
10Category: Informational
11
12
13                     The Camellia Cipher in OpenPGP
14
15Status of This Memo
16
17   This memo provides information for the Internet community.  It does
18   not specify an Internet standard of any kind.  Distribution of this
19   memo is unlimited.
20
21Copyright Notice
22
23   Copyright (c) 2009 IETF Trust and the persons identified as the
24   document authors.  All rights reserved.
25
26   This document is subject to BCP 78 and the IETF Trust's Legal
27   Provisions Relating to IETF Documents in effect on the date of
28   publication of this document (http://trustee.ietf.org/license-info).
29   Please review these documents carefully, as they describe your rights
30   and restrictions with respect to this document.
31
32Abstract
33
34   This document presents the necessary information to use the Camellia
35   symmetric block cipher in the OpenPGP protocol.
36
37Table of Contents
38
39   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 2
40   2.  Requirements Notation . . . . . . . . . . . . . . . . . . . . . 2
41   3.  Camellia  . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
42   4.  Security Considerations . . . . . . . . . . . . . . . . . . . . 2
43   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
44   6.  Normative References  . . . . . . . . . . . . . . . . . . . . . 3
45
46
47
48
49
50
51
52
53
54
55
56
57
58Shaw                         Informational                      [Page 1]
59
60RFC 5581             The Camellia Cipher in OpenPGP            June 2009
61
62
631.  Introduction
64
65   The OpenPGP protocol [RFC4880] can support many different symmetric
66   ciphers.  This document presents the necessary information to use the
67   Camellia [RFC3713] symmetric cipher in the OpenPGP protocol.
68
692.  Requirements Notation
70
71   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
72   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
73   document are to be interpreted as described in [RFC2119].
74
753.  Camellia
76
77   Camellia is specified in [RFC3713].  It is a 128-bit symmetric block
78   cipher (as are AES and Twofish in OpenPGP) that supports 128-bit,
79   192-bit, and 256-bit keys.  This document defines the use of Camellia
80   in OpenPGP.
81
82     +---------------------+----------------------------------------+
83     | Camellia Key Length | OpenPGP Symmetric-Key Algorithm Number |
84     +---------------------+----------------------------------------+
85     |         128         |                   11                   |
86     |         192         |                   12                   |
87     |         256         |                   13                   |
88     +---------------------+----------------------------------------+
89
90   OpenPGP applications MAY implement Camellia.  If implemented,
91   Camellia may be used in any place in OpenPGP where a symmetric cipher
92   is usable, and it is subject to the same usage requirements (such as
93   its presence in the Preferred Symmetric Algorithms signature
94   subpacket) as the other symmetric ciphers in OpenPGP.
95
96   While the OpenPGP algorithm preferences system prevents
97   interoperability problems with public key encrypted messages, if
98   Camellia (or any other optional cipher) is used for encrypting
99   private keys, there could be interoperability problems when migrating
100   a private key from one system to another.  A similar issue can arise
101   when using an optional cipher for symmetrically encrypted messages,
102   as this OpenPGP message type does not use the algorithm preferences
103   system.  Those using optional ciphers in this manner should take care
104   they are using a cipher that their intended recipient can decrypt.
105
1064.  Security Considerations
107
108   At publication time, there are no known weak keys for Camellia, and
109   the Camellia algorithm is believed to be strong.  However, as with
110   any technology involving cryptography, implementers should check the
111
112
113
114Shaw                         Informational                      [Page 2]
115
116RFC 5581             The Camellia Cipher in OpenPGP            June 2009
117
118
119   current literature, as well as the Camellia home page at
120   http://info.isl.ntt.co.jp/camellia/ to determine if Camellia has been
121   found to be vulnerable to attack.
122
1235.  IANA Considerations
124
125   IANA assigned three algorithm numbers from the registry of OpenPGP
126   Symmetric-Key Algorithms that was created by [RFC4880].
127
1286.  Normative References
129
130   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
131              Requirement Levels", BCP 14, RFC 2119, March 1997.
132
133   [RFC3713]  Matsui, M., Nakajima, J., and S. Moriai, "A Description of
134              the Camellia Encryption Algorithm", RFC 3713, April 2004.
135
136   [RFC4880]  Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
137              Thayer, "OpenPGP Message Format", RFC 4880, November 2007.
138
139Author's Address
140
141   David Shaw
142
143   EMail: dshaw@jabberwocky.com
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170Shaw                         Informational                      [Page 3]
171
172