Peter:
The minutes from the S/MIME WG session at the IETF meeting last December
include the following:
The first issue dealt with the problem of wrapping an HMAC key with a
Triple-DES, RC2 or AES key. Currently, one password-based key management
includes a defined method for this operation. A new draft is to be
prepared to define a mechanism.
Clearly, the people at the meeting felt that the key wrap algorithm in RFC
3211 was intended for used with password-derived KEKs.
Russ
At 05:07 PM 2/8/2002 +1300, Peter Gutmann wrote:
>The key wrap algorithms defined in [3DES-WRAP] and [AES-WRAP] cover the of
>wrapping a Triple-DES key with another Triple-DES key and wrapping an
AES key
>with another AES key, respectively. This document specifies two similar
>mechanisms. One specifies the mechanism for wrapping an HMAC key with a
>Triple-DES key, and the other specifies the mechanism for wrapping an
HMAC key
>with an AES key.
Given that RFC 3211 specifies a universal algorithm for wrapping any key
in any
other key, is there any need to create special-case x-in-y wrap RFCs of this
kind? This draft seems entirely superfluous, since a standards-track RFC
containing an algorithm which does what's in the draft already exists.
Peter.