Secure Media Frames R. Barnes Internet-Draft Cisco Intended status: Informational E. Omara Expires: 22 August 2026 A. Rosenberg Apple 18 February 2026 Updates to SFrame Cipher Suites Registry draft-barnes-sframe-iana-256-03 Abstract This document addresses two omissions in the Secure Frames (SFrame) protocol specification. First, the definition of the IANA registry for SFrame ciphersuites omits several important fields. This document requests that IANA add those fields and defines the contents of those fields for current entries. Second, the AEAD construction based on AES-CTR and HMAC is defined only for the 128-bit security level. This document registers parallel constructions at the 256-bit security level. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://bifurcation.github.io/sframe-iana-256/draft-barnes-sframe- iana-256.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-barnes-sframe-iana-256/. Discussion of this document takes place on the Secure Media Frames Working Group mailing list (mailto:sframe@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/sframe/. Subscribe at https://www.ietf.org/mailman/listinfo/sframe/. Source for this draft and an issue tracker can be found at https://github.com/bifurcation/sframe-iana-256. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Barnes, et al. Expires 22 August 2026 [Page 1] Internet-Draft SFrame IANA Updates February 2026 Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 22 August 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. AES-256-CTR with HMAC-SHA512 . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 5.1. "SFrame Cipher Suites" Registry Update . . . . . . . . . 4 5.2. Cipher Suites for AES-256-CTR with HMAC-SHA512 . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . 6 Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 6 A.1. AEAD Encryption/Decryption Using AES-CTR and HMAC . . . . 6 A.2. SFrame Encryption/Decryption . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction The Secure Frames (SFrame) protocol specification defines an IANA registry for cipher suites. The initial definition in Section 8.1 of [RFC9605] is missing several important fields. This document requests that IANA add those fields and defines the contents of those fields for current entries. We also define new entries that extend the SFrame CTR+HMAC construction to support AES-256. Barnes, et al. Expires 22 August 2026 [Page 2] Internet-Draft SFrame IANA Updates February 2026 This document addresses two omissions in the Secure Frames (SFrame) protocol specification [RFC9605]. First, the definition in Section 8.1 of [RFC9605] of the IANA registry for SFrame ciphersuites omits several important fields. This document requests that IANA add those fields and defines the contents of those fields for current entries. Second, the AEAD construction based on AES-CTR and HMAC (in Section 4.5.1 of [RFC9605]) is defined only for the 128-bit security level. This document registers parallel constructions at the 256-bit security level. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. AES-256-CTR with HMAC-SHA512 Section 4.5.1 of [RFC9605] defines a compound authenticated encryption construction, using the unauthenticated CTR mode of AES for encryption and HMAC for authentication. The original specification only defines cipher suite values for instances of this construction using AES-128-CTR and HMAC-SHA256. The construction works the same way when used with AES-256-CTR and HMAC-SHA512. The only differences are in the lengths of some SFrame- internal fields: * The keys generated by SFrame-internal key derivation (derive_key_salt) are longer to match the needs of AES-256-CTR and HMAC-SHA512 (96 bytes vs 48 bytes for AES-128-CTR and HMAC- SHA256). * The initial tag value tag in compute_tag is 64 bytes instead of 32 bytes. Identifiers for cipher suites using AES-256-CTR and HMAC-SHA512 are defined in Section 5.2. 4. Security Considerations The registry changes in this document have no affect on the security of SFrame. Barnes, et al. Expires 22 August 2026 [Page 3] Internet-Draft SFrame IANA Updates February 2026 The new algorithms registered by this document allow the CTR+HMAC construction to be used in environments that require a 256-bit security level. 5. IANA Considerations This document makes three requests of IANA: Updating the columns in the "SFrame Cipher Suites" registry, adding entries to the updated registry for the new cipher suites defined in this document, and add this document as an additional reference for this registry. 5.1. "SFrame Cipher Suites" Registry Update The SFrame Cipher Suites registry should be updated to add the following columns: * Nh: The size in bytes of the output of the hash function * Nka: For cipher suites using the compound AEAD described in Section 4.5.1 of [RFC9605], the size in bytes of a key for the underlying encryption algorithm * Nk: The size in bytes of a key for the encryption algorithm * Nn: The size in bytes of a nonce for the encryption algorithm * Nt: The overhead in bytes of the encryption algorithm (typically the size of a "tag" that is added to the plaintext)