idnits 2.17.1 draft-eastlake-additional-xmlsec-uris-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 27, 2013) is 4048 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1600' on line 295 == Missing Reference: 'RFC5649' is mentioned on line 1350, but not defined == Missing Reference: 'XMLENC' is mentioned on line 1392, but not defined -- Possible downref: Non-RFC (?) normative reference: ref. '10118-3' -- Possible downref: Non-RFC (?) normative reference: ref. '18033-2' -- Possible downref: Non-RFC (?) normative reference: ref. 'Camellia' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-3' -- Possible downref: Non-RFC (?) normative reference: ref. 'RC4' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 2315 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Obsolete normative reference: RFC 3447 (Obsoleted by RFC 8017) ** Downref: Normative reference to an Informational RFC: RFC 3713 ** Downref: Normative reference to an Informational RFC: RFC 4050 ** Downref: Normative reference to an Informational RFC: RFC 4269 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 6234 -- Possible downref: Non-RFC (?) normative reference: ref. 'RIPEMD-160' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC10' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC11' -- Possible downref: Non-RFC (?) normative reference: ref. 'XPointer' -- Obsolete informational reference (is this intentional?): RFC 4051 (ref. 'Errata191') (Obsoleted by RFC 6931) -- Obsolete informational reference (is this intentional?): RFC 3075 (Obsoleted by RFC 3275) -- Duplicate reference: RFC4051, mentioned in 'RFC4051', was also mentioned in 'Errata191'. -- Obsolete informational reference (is this intentional?): RFC 4051 (Obsoleted by RFC 6931) Summary: 10 errors (**), 0 flaws (~~), 4 warnings (==), 18 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Donald Eastlake 2 Obsoletes: 4051 Huawei 3 Intended Status: Proposed Standard 4 Expires: September 26, 2013 March 27, 2013 6 Additional XML Security Uniform Resource Identifiers (URIs) 7 9 Abstract 11 This document obsoletes RFC 4051, expanding, updating, and 12 esatablishing an IANA Registry for the list of URIs intended for use 13 with XML Digital Signatures, Encryption, Canonicalization, and Key 14 Management. These URIs identify algorithms and types of information. 16 Status of This Memo 18 This Internet-Draft is submitted to IETF in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Distribution of this document is unlimited. Comments should be sent 22 to the author. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF), its areas, and its working groups. Note that 26 other groups may also distribute working documents as Internet- 27 Drafts. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 The list of current Internet-Drafts can be accessed at 35 http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft 36 Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html. 39 Table of Contents 41 1. Introduction............................................4 42 1.1 Terminology...........................................5 43 1.2 Acronyms..............................................5 45 2. Algorithms..............................................6 46 2.1 DigestMethod (Hash) Algorithms........................6 47 2.1.1 MD5.................................................6 48 2.1.2 SHA-224.............................................7 49 2.1.3 SHA-384.............................................7 50 2.1.4 Whirlpool...........................................7 51 2.1.5 New SHA Functions...................................8 52 2.2 SignatureMethod MAC Algorithms........................8 53 2.2.1 HMAC-MD5............................................8 54 2.2.2 HMAC SHA Variations.................................9 55 2.2.3 HMAC-RIPEMD160......................................9 56 2.3 SignatureMethod Public Key Signature Algorithms......10 57 2.3.1 RSA-MD5............................................10 58 2.3.2 RSA-SHA256.........................................11 59 2.3.3 RSA-SHA384.........................................11 60 2.3.4 RSA-SHA512.........................................11 61 2.3.5 RSA-RIPEMD160......................................11 62 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......12 63 2.3.7 ESIGN-SHA*.........................................12 64 2.3.8 RSA-Whirlpool......................................13 65 2.3.9 RSASSA-PSS With Parameters.........................13 66 2.3.10 RSASSA-PSS Without Parameters.....................15 67 2.3.11 RSA-SHA224........................................15 68 2.4 Minimal Canonicalization.............................16 69 2.5 Transform Algorithms.................................16 70 2.5.1 XPointer...........................................16 71 2.6 EncryptionMethod Algorithms..........................17 72 2.6.1 ARCFOUR Encryption Algorithm.......................17 73 2.6.2 Camellia Block Encryption..........................17 74 2.6.3 Camellia Key Wrap..................................18 75 2.6.4 PSEC-KEM...........................................18 76 2.6.5 SEED Block Encryption..............................19 77 2.6.6 SEED Key Wrap......................................19 79 3. KeyInfo................................................20 80 3.1 PKCS #7 Bag of Certificates and CRLs.................20 81 3.2 Additional RetrievalMethod Type Values...............20 83 4. Indexes................................................21 84 4.1 Fragment Index.......................................21 85 4.2 URI Index............................................24 87 Table of Contents (continued) 89 5. Allocation Considerations..............................28 90 5.1 W3C Allocation Considerations........................28 91 5.1 IANA Considerations..................................28 93 6. Security Considerations................................29 95 Acknowledgements..........................................30 97 Appendix A: Changes from RFC 4051.........................31 98 Appendix Z: Change History................................32 100 Normative References......................................34 101 Informational References..................................37 103 Author's Address..........................................39 105 1. Introduction 107 XML Digital Signatures, Canonicalization, and Encryption have been 108 standardized by the W3C and by the joint IETF/W3C XMLDSIG working 109 group [W3C]. All of these are now W3C Recommendations and some are 110 also IETF RFCs. They are available as follows: 112 IETF level W3C REC Topic 113 ----------- ------- ----- 115 [RFC3275] Draft Std [XMLDSIG10] XML Digital Signatures 116 [RFC3076] Info [CANON10] Canonical XML 117 - - - - - - [XMLENC10] XML Encryption 1.0 118 [RFC3741] Info [XCANON] Exclusive XML Canonicalization 1.0 120 All of these standards and recommendations use URIs [RFC3986] to 121 identify algorithms and keying information types. The W3C has 122 subsequently produced updated XML Signature 1.1 [XMLDSIG11], 123 Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] 124 versions as well as a new XML Signature Properties specification 125 [XMLDSIG-PROP]. 127 All camel case element names herein, such as DigestValue, are from 128 these documents. 130 This document is an updated convenient reference list of URIs and 131 corresponding algorithms in which there is expressed interest. There 132 have been significant new cryptographic algorithms of interest to XML 133 security, for some of which the URI is only specified in this 134 document, added since the previous list [RFC4051], was issued in 135 2005. This document obsoletes [RFC4051]. All of the URIs appear in 136 the Section 4 indexes below. Subsections about one of the URIs appear 137 in Section 2 or 3 only for those URIs added by [RFC4051] or this 138 document and for Minimal Canoncialization (Section 2.4). For example, 139 use of SHA-256 is defined in [XMLENC11] and hence there is no sub- 140 section on that algorithm here but its URI is included in the Section 141 4 indexes. 143 Specification in this document of the URI representing an algorithm 144 does not imply endorsement of the algorithm for any particular 145 purpose. Protocol specifications, which this is not, generally give 146 algorithm and implementation requirements for those protocols. 147 Security considerations for algorithms are constantly evolving, as 148 documented elsewhere. This specification simply provides some URIs 149 and relevant formatting for when those URIs are used. 151 Note that progressing XML Digital Signature [RFC3275] along the 152 standards track required removal of any algorithms from the original 153 version [RFC3075] for which there was not demonstrated 154 interoperability. This required removal of the Minimal 155 Canonicalization algorithm, in which there appears to be continued 156 interest. The URI for Minimal Canonicalization was included in 157 [RFC4051] and is included here. 159 1.1 Terminology 161 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 162 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 163 "OPTIONAL" in this document are to be interpreted as described in 164 [RFC2119]. 166 This document is not intended to change the slgotithm implementation 167 requirements of any IETF or W3C document. Use of [RFC2119] 168 terminology is intended to be only such as is already stated or 169 implied by other authoritative documents. 171 1.2 Acronyms 173 The following acronyms are used in this document: 175 HMAC - Keyed-Hashing MAC [RFC2104] 177 IETF - Internet Engineering Task Force 179 MAC - Message Authentication Code 181 MD - Message Digest 183 NIST - United States National Institute of Standards and 184 Technology 186 RC - Rivest Cipher 188 RSA - Rivest, Shamir, and Adleman 190 SHA - Secure Hash Algorithm 192 URI - Uniform Resource Identifier [RFC3986] 194 W3C - World Wide Web Consortium 196 XML - eXtensible Markup Language 198 2. Algorithms 200 The URI [RFC3986] that was dropped from the XML Digitial Signature 201 standard due to the transition from IETF Proposed Standard to Draft 202 Standard [RFC3275] is included in section 2.4 below with its original 204 http://www.w3.org/2000/09/xmldsig# 206 prefix so as to avoid changing the XMLDSIG standard's namespace. 208 Additional algorithms in [RFC4051] were given URIs that start with 210 http://www.w3.org/2001/04/xmldsig-more# 212 while further algorithms added in this document are given URIs that 213 start with 215 http://www.w3.org/2007/05/xmldsig-more# 217 In addition, for ease of reference, this document includes in the 218 indexes in Section 4 many cryptographic algorithm URIs from several 219 XML security documents using the namespaces with which they are 220 defined in those documents. For example, 2000/09/xmldsig# for some 221 URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs 222 specified in [XMLENC10]. 224 See also [XMLSECXREF]. 226 2.1 DigestMethod (Hash) Algorithms 228 These algorithms are usable wherever a DigestMethod element occurs. 230 2.1.1 MD5 232 Identifier: 233 http://www.w3.org/2001/04/xmldsig-more#md5 235 The MD5 algorithm [RFC1321] takes no explicit parameters. An example 236 of an MD5 DigestAlgorithm element is: 238 241 An MD5 digest is a 128-bit string. The content of the DigestValue 242 element SHALL be the base64 [RFC2045] encoding of this bit string 243 viewed as a 16-octet octet stream. See [RFC6151] for MD5 security 244 considerations. 246 2.1.2 SHA-224 248 Identifier: 249 http://www.w3.org/2001/04/xmldsig-more#sha224 251 The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit 252 parameters. An example of a SHA-224 DigestAlgorithm element is: 254 257 A SHA-224 digest is a 224 bit string. The content of the DigestValue 258 element SHALL be the base64 [RFC2045] encoding of this string viewed 259 as a 28-octet stream. 261 2.1.3 SHA-384 263 Identifier: 264 http://www.w3.org/2001/04/xmldsig-more#sha384 266 The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An 267 example of a SHA-384 DigestAlgorithm element is: 269 272 A SHA-384 digest is a 384 bit string. The content of the DigestValue 273 element SHALL be the base64 [RFC2045] encoding of this string viewed 274 as a 48-octet stream. 276 2.1.4 Whirlpool 278 Identifier: 279 http://www.w3.org/2007/05/xmldsig-more#whirlpool 281 The Whirlpool algorithm [10118-3] takes no explicit parameters. A 282 Whirlpool digest is a 512 bit string. The content of the DigestValue 283 element SHALL be the base64 [RFC2045] encoding of this string viewed 284 as a 64 octet stream. 286 2.1.5 New SHA Functions 288 Identifiers: 289 http://www.w3.org/2007/05/xmldsig-more#sha3-224 290 http://www.w3.org/2007/05/xmldsig-more#sha3-256 291 http://www.w3.org/2007/05/xmldsig-more#sha3-384 292 http://www.w3.org/2007/05/xmldsig-more#sha3-512 294 NIST has recently completed a hash function competition for an 295 alternative to the SHA family. The Keccak-f[1600] algorithm was 296 selected [Keccak]. This hash function is commonly referred to as 297 "SHA-3" and this section is a space holder and reservation of URIs 298 for future information on Keccak use in XML security. 300 A SHA-3 224, 256, 384, and 512 digest is a 224, 256, 384, and 512 bit 301 string, respectively. The content of the DigestValue element SHALL 302 be the base64 [RFC2045] encoding of this string viewed as a 28-, 32-, 303 48-, and 64-octet stream, respectively. 305 2.2 SignatureMethod MAC Algorithms 307 This section covers SignatureMethod MAC (Message Authentication Code) 308 Algorithms. 310 Note: Some text in this section is duplicated from [RFC3275] for the 311 convenience of the reader. RFC 3275 is normative in case of conflict. 313 2.2.1 HMAC-MD5 315 Identifier: 316 http://www.w3.org/2001/04/xmldsig-more#hmac-md5 318 The HMAC algorithm [RFC2104] takes the truncation length in bits as a 319 parameter; if the parameter is not specified then all the bits of the 320 hash are output. An example of an HMAC-MD5 SignatureMethod element is 321 as follows: 323 325 112 326 328 The output of the HMAC algorithm is ultimately the output (possibly 329 truncated) of the chosen digest algorithm. This value SHALL be base64 330 [RFC2045] encoded in the same straightforward fashion as the output 331 of the digest algorithms. Example: the SignatureValue element for the 332 HMAC-MD5 digest 334 9294727A 3638BB1C 13F48EF8 158BFC9D 336 from the test vectors in [RFC2104] would be 338 kpRyejY4uxwT9I74FYv8nQ== 340 Schema Definition: 342 343 344 346 DTD: 348 350 The Schema Definition and DTD immediately above are copied from 351 [RFC3275]. 353 See [RFC6151] for HMAC-MD5 security considerations. 355 2.2.2 HMAC SHA Variations 357 Identifiers: 358 http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 359 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 360 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 361 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 363 SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also 364 be used in HMAC as described in section 2.2.1 above for HMAC-MD5. 366 2.2.3 HMAC-RIPEMD160 368 Identifier: 369 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 371 RIPEMD-160 [RIPEMD-160] can also be used in HMAC as described in 372 section 2.2.1 above for HMAC-MD5. 374 2.3 SignatureMethod Public Key Signature Algorithms 376 These algorithms are distinguished from those in section 2.2 above in 377 that they use public key methods. That is to say, the verification 378 key is different from and not feasibly derivable from the signing 379 key. 381 2.3.1 RSA-MD5 383 Identifier: 384 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 386 This implies the PKCS#1 v1.5 padding algorithm described in 387 [RFC3447]. An example of use is 389 392 The SignatureValue content for an RSA-MD5 signature is the base64 393 [RFC2045] encoding of the octet string computed as per [RFC3447] 394 section 8.1.1?, signature generation for the RSASSA-PKCS1-v1_5 395 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function 396 in [RFC3447] section 9.2.1?, the value input to the signature 397 function MUST contain a pre-pended algorithm object identifier for 398 the hash function, but the availability of an ASN.1 parser and 399 recognition of OIDs is not required of a signature verifier. The 400 PKCS#1 v1.5 representation appears as: 402 CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) 404 Note that the padded ASN.1 will be of the following form: 406 01 | FF* | 00 | prefix | hash 408 Vertical bar ("|") represents concatenation. "01", "FF", and "00" are 409 fixed octets of the corresponding hexadecimal value and the asterisk 410 ("*") after "FF" indicates repetition. "hash" is the MD5 digest of 411 the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix 412 required in PKCS #1 [RFC3447], that is, 414 hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 416 This prefix is included to make it easier to use standard 417 cryptographic libraries. The FF octet MUST be repeated enough times 418 that the value of the quantity being CRYPTed is exactly one octet 419 shorter than the RSA modulus. 421 See [RFC6151] for MD5 security considerations. 423 2.3.2 RSA-SHA256 425 Identifier: 426 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 428 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 429 in section 2.3.1 but with the ASN.1 BER SHA-256 algorithm designator 430 prefix. An example of use is 432 435 2.3.3 RSA-SHA384 437 Identifier: 438 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 440 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 441 in section 2.3.1 but with the ASN.1 BER SHA-384 algorithm designator 442 prefix. An example of use is 444 447 Because it takes about the same effort to calculate a SHA-384 message 448 digest as it does a SHA-512 message digest, it is suggested that RSA- 449 SHA512 be used in preference to RSA-SHA384 where possible. 451 2.3.4 RSA-SHA512 453 Identifier: 454 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 456 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 457 in section 2.3.1 but with the ASN.1 BER SHA-512 algorithm designator 458 prefix. An example of use is 460 463 2.3.5 RSA-RIPEMD160 465 Identifier: 466 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 468 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 469 in section 2.3.1 but with the ASN.1 BER RIPEMD160 algorithm 470 designator prefix. An example of use is 472 476 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool 478 Identifiers: 479 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 480 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 481 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 482 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 483 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 484 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 485 http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool 487 The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is 488 the elliptic curve analogue of the DSA (DSS) signature method. It 489 takes no explicit parameters. For detailed specifications of how to 490 use it with SHA hash functions and XML Digital Signature, please see 491 [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool 492 fragments in the new namespace identifies a signature method 493 processed in the same way as specified by the #ecdsa-sha1 fragment of 494 this namespace with the exception that RIPEMD160 or Whirlpool is used 495 instead of SHA-1. 497 The output of the ECDSA algorithm consists of a pair of integers 498 usually referred by the pair (r, s). The signature value consists of 499 the base64 encoding of the concatenation of two octet-streams that 500 respectively result from the octet-encoding of the values r and s in 501 that order. Integer to octet-stream conversion must be done 502 according to the I2OSP operation defined in the [RFC3447] 503 specification with the l parameter equal to the size of the base 504 point order of the curve in bytes (e.g. 32 for the P-256 curve and 66 505 for the P-521 curve [FIPS186-3]). 507 For an introduction to elliptic curve cryptographic algorithms, see 508 [RFC6090] but note that there is a Errata for that RFC. 510 2.3.7 ESIGN-SHA* 511 Identifiers: 512 http://www.w3.org/2001/04/xmldsig-more#esign-sha1 513 http://www.w3.org/2001/04/xmldsig-more#esign-sha224 514 http://www.w3.org/2001/04/xmldsig-more#esign-sha256 515 http://www.w3.org/2001/04/xmldsig-more#esign-sha384 516 http://www.w3.org/2001/04/xmldsig-more#esign-sha512 518 The ESIGN algorithm specified in [IEEE P1363a] is a signature scheme 519 based on the integer factorization problem. It is much faster than 520 previous digital signature schemes so ESIGN can be implemented on 521 smart cards without special co-processors. 523 An example of use is 525 529 2.3.8 RSA-Whirlpool 531 Identifier: 532 http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool 534 As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the 535 designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in 536 PKCS2.1 [PKCS2.1]. When identified through the #rsa-whirlpool 537 fragment identifier, Whirlpool is used as the hash algorithm instead. 538 Use of the ASN.1 BER Whirlpool algorithm designator is implied. That 539 designator is 540 hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 541 as an explicit octet sequence. This corresponds to OID 542 1.0.10118.3.0.55 defined in [10118-3]. 544 An example of use is 546 550 2.3.9 RSASSA-PSS With Parameters 552 Identifiers: 553 http://www.w3.org/2007/05/xmldsig-more#rsa-pss 554 http://www.w3.org/2007/05/xmldsig-more#MGF1 556 These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm 558 [RFC3447]. The RSASSA-PSS algorithm takes the digest method (hash 559 function), a mask generation function, the salt length in bytes 560 (SaltLength), and the trailer field as explicit parameters. 562 Algorithm identifiers for hash functions specified in XML encryption 563 [XMLENC11], [XMLDSIG11], and in section 2.1 are considered to be 564 valid algorithm identifiers for hash functions. According to 565 [RFC3447] the default value for the digest function is SHA-1, but due 566 to the discovered weakness of SHA-1 [RFC6194] it is recommended that 567 SHA-256 or a stronger hash function be used. Notwithstanding 568 [RFC3447], SHA-256 is the default to be used with these 569 SignatureMethod identifiers if no hash function has been specified. 571 The default salt length for these SignatureMethod identifiers if the 572 SaltLength is not specified SHALL be the number of octets in the hash 573 value of the digest method, as recommended in [RFC4055]. In a 574 parameterized RSASSA-PSS signature the ds:DigestMethod and the 575 SaltLength parameters usually appear. If they do not, the defaults 576 make this equivalent to http://www.w3.org/2007/05/xmldsig- 577 more#sha256-rsa-MGF1 (see section 2.3.10). The TrailerField defaults 578 to 1 (0xbc) when omitted. 580 Schema Definition (target namespace 581 http://www.w3.org/2007/05/xmldsig-more#): 583 584 585 586 Top level element that can be used in xs:any namespace="#other" 587 wildcard of ds:SignatureMethod content. 588 589 590 591 592 593 594 596 598 600 601 602 603 604 605 606 609 611 2.3.10 RSASSA-PSS Without Parameters 613 [RFC3447] currently specifies only one mask generation function MGF1 614 based on a hash function. Whereas [RFC3447] allows for 615 parameterization, the default is to use the same hash function as the 616 digest method function. Only this default approach is supported by 617 this section, therefore the definition of a mask generation function 618 type is not needed yet. The same applies to the trailer field. There 619 is only one value (0xBC) specified in [RFC3447]. Hence this default 620 parameter must be used for signature generation. The default salt 621 length is the length of the hash function. 623 Identifiers: 624 http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 625 http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 626 http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 627 http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 629 http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 630 http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 631 http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 632 http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 633 http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 634 http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 635 http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 636 http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 637 http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 638 http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 640 An example of use is 642 647 2.3.11 RSA-SHA224 649 Identifier: 650 http://www.w3.org/2007/05/xmldsig-more#rsa-sha224 652 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 653 in section 2.3.1 but with the ASN.1 BER SHA-224 algorithm designator 654 prefix. An example of use is 655 658 Because it takes about the same effort to calculate a SHA-224 message 659 digest as it does a SHA-256 message digest, it is suggested that RSA- 660 SHA256 be used in preference to RSA-SHA224 where possible. 662 2.4 Minimal Canonicalization 664 Thus far two independent interoperable implementations of Minimal 665 Canonicalization have not been announced. Therefore, when XML 666 Digital Signature was advanced along the standards track from 667 [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. 668 However, there is still interest. For its definition, see [RFC3075] 669 Section 6.5.1. 671 For reference, its identifier remains: 672 http://www.w3.org/2000/09/xmldsig#minimal 674 2.5 Transform Algorithms 676 Note that all CanonicalizationMethod algorithms can also be used as 677 Transform algorithms. 679 2.5.1 XPointer 681 Identifier: 682 http://www.w3.org/2001/04/xmldsig-more#xptr 684 This transform algorithm takes an [XPointer] as an explicit 685 parameter. An example of use is: 687 689 691 xpointer(id("foo")) xmlns(bar=http://foobar.example) 692 xpointer(//bar:Zab[@Id="foo"]) 693 694 696 Schema Definition: 698 700 DTD: 702 704 Input to this transform is an octet stream (which is then parsed into 705 XML). 707 Output from this transform is a node set; the results of the XPointer 708 are processed as defined in the XMLDSIG specification [RFC3275] for a 709 same-document XPointer. 711 2.6 EncryptionMethod Algorithms 713 This subsection gives identifiers and information for several 714 EncryptionMethod Algorithms. 716 2.6.1 ARCFOUR Encryption Algorithm 718 Identifier: 719 http://www.w3.org/2001/04/xmldsig-more#arcfour 721 ARCFOUR is a fast, simple stream encryption algorithm that is 722 compatible with RSA Security's RC4 algorithm [RC4]. An example 723 EncryptionMethod element using ARCFOUR is 725 727 40 728 730 Note that Arcfour makes use of the generic KeySize parameter 731 specified and defined in [XMLENC11]. 733 2.6.2 Camellia Block Encryption 735 Identifiers: 736 http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc 737 http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc 738 http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc 740 Camellia is a block cipher with the same interface as the AES 741 [Camellia] [RFC3713], that is 128-bit block size and 128, 192, and 742 256 bit key sizes. In XML Encryption Camellia is used in the same way 743 as the AES: It is used in the Cipher Block Chaining (CBC) mode with a 744 128-bit initialization vector (IV). The resulting cipher text is 745 prefixed by the IV. If included in XML output, it is then base64 746 encoded. An example Camellia EncryptionMethod is as follows: 748 753 2.6.3 Camellia Key Wrap 755 Identifiers: 756 http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 757 http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 758 http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 760 Camellia [Camellia] [RFC3713] key wrap is identical to the AES key 761 wrap algorithm [RFC3394] specified in the XML Encryption standard 762 with "AES" replaced by "Camellia". As with AES key wrap, the check 763 value is 0xA6A6A6A6A6A6A6A6. 765 The algorithm is the same whatever the size of the Camellia key used 766 in wrapping, called the key encrypting key or KEK. If Camellia is 767 supported, it is particularly suggested that wrapping 128-bit keys 768 with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be 769 supported. 771 An example of use is: 773 778 2.6.4 PSEC-KEM 780 Identifier: 781 http://www.w3.org/2001/04/xmldsig-more#psec-kem 783 The PSEC-KEM algorithm, specified in [18033-2], is a key 784 encapsulation mechanism using elliptic curve encryption. 786 An example of use is: 788 790 791 version 792 id 793 curve 794 base 795 order 796 cofactor 797 798 800 See [18033-2] for information on the parameters above. 802 2.6.5 SEED Block Encryption 804 Identifier: 805 http://www.w3.org/2007/05/xmldsig-more#seed128-cbc 807 SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML 808 Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode 809 with a 128-bit initialization vector (IV). The resulting cipher text 810 is prefixed by the IV. If included in XML output, it is then base64 811 encoded. 813 An example SEED EncryptionMethod is as follows: 815 818 2.6.6 SEED Key Wrap 820 Identifier: 821 http://www.w3.org/2007/05/xmldsig-more#kw-seed128 823 Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] 824 with "AES" replaced by "SEED". The algorithm is specified in 825 [RFC4010]. The implementation of SEED is optional. The default 826 initial value is 0xA6A6A6A6A6A6A6A6. 828 An example of use is: 830 835 3. KeyInfo 837 In section 3.1 below a new KeyInfo element child is specified while 838 in section 3.2 additional KeyInfo Type values for use in 839 RetrievalMethod are specified. 841 3.1 PKCS #7 Bag of Certificates and CRLs 843 A PKCS #7 [RFC2315] "signedData" can also be used as a bag of 844 certificates and/or certificate revocation lists (CRLs). The 845 PKCS7signedData element is defined to accommodate such structures 846 within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] 847 encoded. Any signer information present is ignored. The following 848 is a example [RFC3092], eliding the base64 data: 850 852 ... 853 855 3.2 Additional RetrievalMethod Type Values 857 The Type attribute of RetrievalMethod is an optional identifier for 858 the type of data to be retrieved. The result of de-referencing a 859 RetrievalMethod reference for all KeyInfo types with an XML structure 860 is an XML element or document with that element as the root. The 861 various "raw" key information types return a binary value. Thus they 862 require a Type attribute because they are not unambiguously parsable. 864 Identifiers: 865 http://www.w3.org/2001/04/xmldsig-more#KeyName 866 http://www.w3.org/2001/04/xmldsig-more#KeyValue 867 http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData 868 http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket 869 http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData 870 http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp 871 http://www.w3.org/2001/04/xmldsig-more#rawX509CRL 872 http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod 874 4. Indexes 876 The following subsections provide an index by URI and by fragment 877 identifier (the portion of the URI after "#") of the algorithm and 878 KeyInfo URIs defined in this document and in the standards (plus the 879 one KeyInfo child element name defined in this document). The 880 "Sec/Doc" column has the section of this document or, if not 881 specified in this document, the standards document where the item is 882 specified. See also [XMLSECXREF]. 884 4.1 Fragment Index 886 The initial "http://www.w3.org/" part of the URI is not included 887 below. The first six entries have a null fragment identifier or no 888 fragment identifier. 890 Fragment URI Sec/Doc 891 --------- ---- -------- 893 2002/06/xmldsig-filter2 [XPATH] 894 2006/12/xmlc12n11# [CANON11] 895 TR/1999/REC-xslt-19991116 [XSLT] 896 TR/1999/REC-xpath-19991116 [XPATH] 897 TR/2001/06/xml-exc-c14n# [XCANON] 898 TR/2001/REC-xml-c14n-20010315 [CANON10] 899 TR/2001/REC-xmlschema-1-20010502 [Schema] 901 aes128-cbc 2001/04/xmlenc#aes128-cbc [XMLENC11] 902 aes128-gcm 2009/xmlenc11#aes128-gcm [XMLENC11] 903 aes192-cbc 2001/04/xmlenc#aes192-cbc [XMLENC11] 904 aes192-gcm 2009/xmlenc11#aes192-gcm [XMLENC11] 905 aes256-cbc 2001/04/xmlenc#aes256-cbc [XMLENC11] 906 aes256-gcm 2009/xmlenc11#aes256-gcm [XMLENC11] 907 arcfour 2001/04/xmldsig-more#arcfour 2.6.1 909 base64 2000/09/xmldsig#base64 [RFC3275] 911 camellia128-cbc 2001/04/xmldsig-more#camellia128-cbc 2.6.2 912 camellia192-cbc 2001/04/xmldsig-more#camellia192-cbc 2.6.2 913 camellia256-cbc 2001/04/xmldsig-more#camellia256-cbc 2.6.2 914 ConcatKDF 2009/xmlenc11#ConcatKDF [XMLENC11] 916 decrypt#XML 2002/07/decrypt#XML [DECRYPT] 917 decrypt#Binary 2002/07/decrypt#Binary [DECRYPT] 918 DEREncodedKeyValue 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] 919 dh 2001/04/xmlenc#dh [XMLENC11] 920 dh-es 2009/xmlenc11#dh-es [XMLENC11] 921 dsa-sha1 2000/09/xmldsig#dsa-sha1 [RFC3275] 922 dsa-sha256 2009/xmldsig11#dsa-sha256 [XMLDSIG11] 923 DSAKeyValue 2000/09/xmldsig#DSAKeyValue [XMLDSIG11] 925 ECDH-ES 2009/xmlenc11#ECDH-ES [XMLENC11] 926 ecdsa-ripemd160 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 927 ecdsa-sha1 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 928 ecdsa-sha224 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 929 ecdsa-sha256 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 930 ecdsa-sha384 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 931 ecdsa-sha512 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 932 ecdsa-whirlpool 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 933 ecies-kem 2010/xmlsec-ghc#ecies-kem [GENERIC] 934 ECKeyValue 2009/xmldsig11#ECKeyValue [XMLDSIG11] 935 enveloped-signature 2000/09/xmldsig#enveloped-signature [RFC3275] 936 esign-sha1 2001/04/xmldsig-more#esign-sha1 2.3.7 937 esign-sha224 2001/04/xmldsig-more#esign-sha224 2.3.7 938 esign-sha256 2001/04/xmldsig-more#esign-sha256 2.3.7 939 esign-sha384 2001/04/xmldsig-more#esign-sha384 2.3.7 940 esign-sha512 2001/04/xmldsig-more#esign-sha512 2.3.7 942 generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC] 944 hmac-md5 2001/04/xmldsig-more#hmac-md5 2.2.1 945 hmac-ripemd160 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 946 hmac-sha1 2000/09/xmldsig#hmac-sha1 [RFC3275] 947 hmac-sha224 2001/04/xmldsig-more#hmac-sha224 2.2.2 948 hmac-sha256 2001/04/xmldsig-more#hmac-sha256 2.2.2 949 hmac-sha384 2001/04/xmldsig-more#hmac-sha384 2.2.2 950 hmac-sha512 2001/04/xmldsig-more#hmac-sha512 2.2.2 952 KeyName 2001/04/xmldsig-more#KeyName 3.2 953 KeyValue 2001/04/xmldsig-more#KeyValue 3.2 954 kw-aes128 2001/04/xmlenc#kw-aes128 [XMLENC11] 955 kw-aes128-pad 2009/xmlenc11#kw-aes-128-pad [XMLENC11] 956 kw-aes192 2001/04/xmlenc#kw-aes192 [XMLENC11] 957 kw-aes192-pad 2009/xmlenc11#kw-aes-192-pad [XMLENC11] 958 kw-aes256 2001/04/xmlenc#kw-aes256 [XMLENC11] 959 kw-aes256-pad 2009/xmlenc11#kw-aes-256-pad [XMLENC11] 960 kw-camellia128 2001/04/xmldsig-more#kw-camellia128 2.6.3 961 kw-camellia192 2001/04/xmldsig-more#kw-camellia192 2.6.3 962 kw-camellia256 2001/04/xmldsig-more#kw-camellia256 2.6.3 963 kw-seed128 2007/05/xmldsig-more#kw-seed128 2.6.6 965 md2-rsa-MGF1 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 966 md5 2001/04/xmldsig-more#md5 2.1.1 967 md5-rsa-MGF1 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 968 MGF1 2007/05/xmldsig-more#MGF1 2.3.9 969 mgf1sha1 2009/xmlenc11#mgf1sha1 [XMLENC11] 970 mgf1sha224 2009/xmlenc11#mgf1sha224 [XMLENC11] 971 mgf1sha256 2009/xmlenc11#mgf1sha256 [XMLENC11] 972 mgf1sha384 2009/xmlenc11#mgf1sha384 [XMLENC11] 973 mgf1sha512 2009/xmlenc11#mgf1sha512 [XMLENC11] 974 MgmtData 2000/09/xmldsig#MgmtData [XMLDSIG11] 975 minimal 2000/09/xmldsig#minimal 2.4 977 pbkdf2 2009/xmlenc11#pbkdf2 [XMLENC11] 978 PGPData 2000/09/xmldsig#PGPData [XMLDSIG11] 979 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.1 980 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.2 981 psec-kem 2001/04/xmldsig-more#psec-kem 2.6.4 983 rawPGPKeyPacket 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 984 rawPKCS7signedData 2001/04/xmldsig-more#rawPKCS7signedData 3.2 985 rawSPKISexp 2001/04/xmldsig-more#rawSPKISexp 3.2 986 rawX509Certificate 2000/09/xmldsig#rawX509Certificate [RFC3275] 987 rawX509CRL 2001/04/xmldsig-more#rawX509CRL 3.2 988 RetrievalMethod 2001/04/xmldsig-more#RetrievalMethod 3.2 989 ripemd128-rsa-MGF1 2007/05/xmldsig-more#ripemd128-rsa-MGF1 990 2.3.10 991 ripemd160 2001/04/xmlenc#ripemd160 [XMLENC11] 992 ripemd160-rsa-MGF1 2007/05/xmldsig-more#ripemd160-rsa-MGF1 993 2.3.10 994 rsa-1_5 2001/04/xmlenc#rsa-1_5 [XMLENC11] 995 rsa-md5 2001/04/xmldsig-more#rsa-md5 2.3.1 996 rsa-oaep 2009/xmlenc11#rsa-oaep [XMLENC11] 997 rsa-oaep-mgf1p 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] 998 rsa-pss 2007/05/xmldsig-more#rsa-pss 2.3.9 999 rsa-ripemd160 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 1000 rsa-sha1 2000/09/xmldsig#rsa-sha1 [RFC3275] 1001 rsa-sha224 2007/05/xmldsig-more#rsa-sha224 2.3.11 1002 rsa-sha256 2001/04/xmldsig-more#rsa-sha256 2.3.2 1003 rsa-sha384 2001/04/xmldsig-more#rsa-sha384 2.3.3 1004 rsa-sha512 2001/04/xmldsig-more#rsa-sha512 2.3.4 1005 rsa-whirlpool 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 1006 rsaes-kem 2010/xmlsec-ghc#rsaes-kem [GENERIC] 1007 RSAKeyValue 2000/09/xmldsig#RSAKeyValue [XMLDSIG11] 1009 seed128-cbc 2007/05/xmldsig-more#seed128-cbc 2.6.5 1010 sha1 2000/09/xmldsig#sha1 [RFC3275] 1011 sha1-rsa-MGF1 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 1012 sha224 2001/04/xmldsig-more#sha224 2.1.2 1013 sha224-rsa-MGF1 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 1014 sha256 2001/04/xmlenc#sha256 [XMLENC11] 1015 sha256-rsa-MGF1 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 1016 sha3-224 2007/05/xmldsig-more#sha3-224 2.1.5 1017 sha3-224-rsa-MGF1 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 1018 sha3-256 2007/05/xmldsig-more#sha3-256 2.1.5 1019 sha3-256-rsa-MGF1 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 1020 sha3-384 2007/05/xmldsig-more#sha3-384 2.1.5 1021 sha3-384-rsa-MGF1 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 1022 sha3-512 2007/05/xmldsig-more#sha3-512 2.1.5 1023 sha3-512-rsa-MGF1 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 1024 sha384 2001/04/xmldsig-more#sha384 2.1.3 1025 sha384-rsa-MGF1 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 1026 sha512 2001/04/xmlenc#sha512 [XMLENC11] 1027 sha512-rsa-MGF1 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 1028 SPKIData 2000/09/xmldsig#SPKIData [XMLDSIG11] 1030 tripledes-cbc 2001/04/xmlenc#tripledes-cbc [XMLENC11] 1032 whirlpool 2007/05/xmldsig-more#whirlpool 2.1.4 1033 whirlpool-rsa-MGF1 2007/05/xmldsig-more#whirlpool-rsa-MGF1 1034 2.3.10 1035 WithComments 2006/12/xmlc14n11#WithComments [CANON11] 1036 WithComments TR/2001/06/xml-exc-c14n#WithComments 1037 [XCANON] 1038 WithComments TR/2001/REC-xml-c14n-20010315#WithComments 1039 [CANON10] 1041 X509Data 2000/09/xmldsig#X509Data [XMLDSIG11] 1042 xptr 2001/04/xmldsig-more#xptr 2.5.1 1044 The initial "http://www.w3.org/" part of the URI is not included 1045 above. 1047 4.2 URI Index 1049 The initial "http://www.w3.org/" part of the URI is not included 1050 below. 1052 URI Sec/Doc Type 1053 ---- -------- ----- 1055 2000/09/xmldsig#base64 [RFC3275] Transform 1056 2000/09/xmldsig#DSAKeyValue [RFC3275] Retrieval type 1057 2000/09/xmldsig#dsa-sha1 [RFC3275] SignatureMethod 1058 2000/09/xmldsig#enveloped-signature [RFC3275] Transform 1059 2000/09/xmldsig#hmac-sha1 [RFC3275] SignatureMethod 1060 2000/09/xmldsig#MgmtData [RFC3275] Retrieval type 1061 2000/09/xmldsig#minimal 2.4 Canonicalization 1062 2000/09/xmldsig#PGPData [RFC3275] Retrieval type 1063 2000/09/xmldsig#rawX509Certificate [RFC3275] Retrieval type 1064 2000/09/xmldsig#rsa-sha1 [RFC3275] SignatureMethod 1065 2000/09/xmldsig#RSAKeyValue [RFC3275] Retrieval type 1066 2000/09/xmldsig#sha1 [RFC3275] DigestAlgorithm 1067 2000/09/xmldsig#SPKIData [RFC3275] Retrieval type 1068 2000/09/xmldsig#X509Data [RFC3275] Retrieval type 1069 2001/04/xmldsig-more#arcfour 2.6.1 EncryptionMethod 1070 2001/04/xmldsig-more#camellia128-cbc 2.6.2 EncryptionMethod 1071 2001/04/xmldsig-more#camellia192-cbc 2.6.2 EncryptionMethod 1072 2001/04/xmldsig-more#camellia256-cbc 2.6.2 EncryptionMethod 1073 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 SignatureMethod 1074 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 SignatureMethod 1075 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 SignatureMethod 1076 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 SignatureMethod 1077 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 SignatureMethod 1078 2001/04/xmldsig-more#esign-sha1 2.3.7 SignatureMethod 1079 2001/04/xmldsig-more#esign-sha224 2.3.7 SignatureMethod 1080 2001/04/xmldsig-more#esign-sha256 2.3.7 SignatureMethod 1081 2001/04/xmldsig-more#esign-sha384 2.3.7 SignatureMethod 1082 2001/04/xmldsig-more#esign-sha512 2.3.7 SignatureMethod 1083 2001/04/xmldsig-more#hmac-md5 2.2.1 SignatureMethod 1084 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 SignatureMethod 1085 2001/04/xmldsig-more#hmac-sha224 2.2.2 SignatureMethod 1086 2001/04/xmldsig-more#hmac-sha256 2.2.2 SignatureMethod 1087 2001/04/xmldsig-more#hmac-sha384 2.2.2 SignatureMethod 1088 2001/04/xmldsig-more#hmac-sha512 2.2.2 SignatureMethod 1089 2001/04/xmldsig-more#KeyName 3.2 Retrieval type 1090 2001/04/xmldsig-more#KeyValue 3.2 Retrieval type 1091 2001/04/xmldsig-more#kw-camellia128 2.6.3 EncryptionMethod 1092 2001/04/xmldsig-more#kw-camellia192 2.6.3 EncryptionMethod 1093 2001/04/xmldsig-more#kw-camellia256 2.6.3 EncryptionMethod 1094 2001/04/xmldsig-more#md5 2.1.1 DigestAlgorithm 1095 2001/04/xmldsig-more#PKCS7signedData 3.2 Retrieval type 1096 2001/04/xmldsig-more#psec-kem 2.6.4 EncryptionMethod 1097 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 Retrieval type 1098 2001/04/xmldsig-more#rawPKCS7signedData 3.2 Retrieval type 1099 2001/04/xmldsig-more#rawSPKISexp 3.2 Retrieval type 1100 2001/04/xmldsig-more#rawX509CRL 3.2 Retrieval type 1101 2001/04/xmldsig-more#RetrievalMethod 3.2 Retrieval type 1102 2001/04/xmldsig-more#rsa-md5 2.3.1 SignatureMethod 1103 2001/04/xmldsig-more#rsa-sha256 2.3.2 SignatureMethod 1104 2001/04/xmldsig-more#rsa-sha384 2.3.3 SignatureMethod 1105 2001/04/xmldsig-more#rsa-sha512 2.3.4 SignatureMethod 1106 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 SignatureMethod 1107 2001/04/xmldsig-more#sha224 2.1.2 DigestAlgorithm 1108 2001/04/xmldsig-more#sha384 2.1.3 DigestAlgorithm 1109 2001/04/xmldsig-more#xptr 2.5.1 Transform 1110 2001/04/xmldsig-more#PKCS7signedData 3.1 KeyInfo child 1112 2001/04/xmlenc#aes128-cbc [XMLENC11] EncryptionMethod 1113 2001/04/xmlenc#aes192-cbc [XMLENC11] EncryptionMethod 1114 2001/04/xmlenc#aes256-cbc [XMLENC11] EncryptionMethod 1115 2001/04/xmlenc#dh [XMLENC11] AgreementMethod 1116 2001/04/xmlenc#kw-aes128 [XMLENC11] EncryptionMethod 1117 2001/04/xmlenc#kw-aes192 [XMLENC11] EncryptionMethod 1118 2001/04/xmlenc#kw-aes256 [XMLENC11] EncryptionMethod 1119 2001/04/xmlenc#ripemd160 [XMLENC11] DigestAlgorithm 1120 2001/04/xmlenc#rsa-1_5 [XMLENC11] EncryptionMethod 1121 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] EncryptionMethod 1122 2001/04/xmlenc#sha256 [XMLENC11] DigestAlgorithm 1123 2001/04/xmlenc#sha512 [XMLENC11] DigestAlgorithm 1124 2001/04/xmlenc#tripledes-cbc [XMLENC11] EncryptionMethod 1126 2002/06/xmldsig-filter2 [XPATH] Transform 1128 2002/07/decrypt#XML [DECRYPT] Transform 1129 2002/07/decrypt#Binary [DECRYPT] Transform 1131 2006/12/xmlc12n11# [CANON11] Canonicalization 1132 2006/12/xmlc14n11#WithComments [CANON11] Canonicalization 1134 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 SignatureMethod 1135 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 SignatureMethod 1136 2007/05/xmldsig-more#kw-seed128 2.6.6 EncryptionMethod 1137 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 SignatureMethod 1138 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 SignatureMethod 1139 2007/05/xmldsig-more#MGF1 2.3.9 SignatureMethod 1140 2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod 1141 2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod 1142 2007/05/xmldsig-more#rsa-pss 2.3.9 SignatureMethod 1143 2007/05/xmldsig-more#rsa-sha224 2.3.11 SignatureMethod 1144 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 SignatureMethod 1145 2007/05/xmldsig-more#seed128-cbc 2.6.5 EncryptionMethod 1146 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 SignatureMethod 1147 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 SignatureMethod 1148 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 SignatureMethod 1149 2007/05/xmldsig-more#sha3-224 2.1.5 DigestAlgorithm 1150 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 SignatureMethod 1151 2007/05/xmldsig-more#sha3-256 2.1.5 DigestAlgorithm 1152 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 SignatureMethod 1153 2007/05/xmldsig-more#sha3-384 2.1.5 DigestAlgorithm 1154 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 SignatureMethod 1155 2007/05/xmldsig-more#sha3-512 2.1.5 DigestAlgorithm 1156 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 SignatureMethod 1157 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 SignatureMethod 1158 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 SignatureMethod 1159 2007/05/xmldsig-more#whirlpool 2.1.4 DigestAlgorithm 1160 2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod 1161 2009/xmlenc11#kw-aes-128-pad [XMLENC11] EncryptionMethod 1162 2009/xmlenc11#kw-aes-192-pad [XMLENC11] EncryptionMethod 1163 2009/xmlenc11#kw-aes-256-pad [XMLENC11] EncryptionMethod 1165 2009/xmldsig11#dsa-sha256 [XMLDSIG11] SignatureMethod 1166 2009/xmldsig11#ECKeyValue [XMLDSIG11] Retrieval type 1167 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] Retrieval type 1168 2009/xmlenc11#aes128-gcm [XMLENC11] EncryptionMethod 1169 2009/xmlenc11#aes192-gcm [XMLENC11] EncryptionMethod 1170 2009/xmlenc11#aes256-gcm [XMLENC11] EncryptionMethod 1171 2009/xmlenc11#ConcatKDF [XMLENC11] EncryptionMethod 1172 2009/xmlenc11#mgf1sha1 [XMLENC11] SignatureMethod 1173 2009/xmlenc11#mgf1sha224 [XMLENC11] SignatureMethod 1174 2009/xmlenc11#mgf1sha256 [XMLENC11] SignatureMethod 1175 2009/xmlenc11#mgf1sha384 [XMLENC11] SignatureMethod 1176 2009/xmlenc11#mgf1sha512 [XMLENC11] SignatureMethod 1177 2009/xmlenc11#pbkdf2 [XMLENC11] EncryptionMethod 1178 2009/xmlenc11#rsa-oaep [XMLENC11] EncryptionMethod 1179 2009/xmlenc11#ECDH-ES [XMLENC11] EncryptionMethod 1180 2009/xmlenc11#dh-es [XMLENC11] EncryptionMethod 1182 2010/xmlsec-ghc#generic-hybrid [GENERIC] Generic Hybrid 1183 2010/xmlsec-ghc#rsaes-kem [GENERIC] Generic Hybrid 1184 2010/xmlsec-ghc#ecies-kem [GENERIC] Generic Hybrid 1186 TR/1999/REC-xpath-19991116 [XPATH] Transform 1187 TR/1999/REC-xslt-19991116 [XSLT] Transform 1188 TR/2001/06/xml-exc-c14n# [XCANON] Canonicalization 1189 TR/2001/06/xml-exc-c14n#WithComments 1190 [XCANON] Canonicalization 1191 TR/2001/REC-xml-c14n-20010315 [CANON10] Canonicalization 1192 TR/2001/REC-xml-c14n-20010315#WithComments 1193 [CANON10] Canonicalization 1194 TR/2001/REC-xmlschema-1-20010502 [Schema] Transform 1196 The initial "http://www.w3.org/" part of the URI is not included 1197 above. 1199 5. Allocation Considerations 1201 W3C and IANA allocation considerations are given below. 1203 5.1 W3C Allocation Considerations 1205 As it is easy for people to construct their own unique URIs [RFC3986] 1206 and, if appropriate, to obtain a URI from the W3C, it is not intended 1207 that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be 1208 created beyond those enumerated in this RFC. (W3C Namespace stability 1209 rules prohibit the creation of new URIs under 1210 "http://www.w3.org/2000/09/xmldsig#" and URIs under 1211 "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the 1212 publication of [RFC4051].) 1214 An "xmldsig-more" URI does not imply any official W3C or IETF status 1215 for these algorithms or identifiers nor does it imply that they are 1216 only useful in digital signatures. Currently, dereferencing such 1217 URIs may or may not produce a temporary placeholder document. 1218 Permission to use these URI prefixes has been given by the W3C. 1220 5.1 IANA Considerations 1222 IANA will establish a Registry for "XML Security URIs" with that name 1223 suggested for the Registry. The initial contents will correspond to 1224 Section 4.2 of this document with the numeric section references in 1225 the "Sec/Doc" column augmented with references to this RFC (as, for 1226 example, "[RFCxxxx], Section 2.6.4"). 1228 New entries, including new Types, will be added based on Expert 1229 Review [RFC5226]. Criterion for inclusion are (1) documention 1230 sufficient for interoperability of the algorithm or data type and the 1231 XML syntax for its represetation and use and (2) sufficient 1232 importance as normally indicated by inclusion in (2a) an approved W3C 1233 Note, Proposed Recommendation, or Recommendation or (2b) an approved 1234 IETF standards track document. Typically, the Registry will reference 1235 a W3C or IETF document specifying such XML syntax which document in 1236 turn references a more abstract description of the algorithm or data 1237 type. 1239 6. Security Considerations 1241 This RFC is concerned with documenting the URIs that designate 1242 algorithms and some data types used in connection with XML security. 1243 The security considerations vary widely with the particular 1244 algorithms and the general security considerations for XML security 1245 are outside of the scope of this document but appear in [XMLDSIG11], 1246 [XMLENC11], [CANON10], [CANON11], and [GENERIC]. 1248 [RFC6151] should be consulted before considering the use of MD5 as a 1249 DigestMethod or RSA-MD5 as a SignatureMethod. 1251 See [RFC6194] for SHA-1 Security Considerations and [RFC6151] for MD5 1252 Security Considerations. 1254 Additional security considerations are given in connection with the 1255 description of some algorithms in the body of this document. 1257 Implementers should be aware that cryptographic algorithms become 1258 weaker with time. As new cryptoanalysis techniques are developed and 1259 computing performance improves, the work factor to break a particular 1260 cryptographic algorithm will reduce. Therefore, cryptographic 1261 implementations should be modular allowing new algorithms to be 1262 readily inserted. That is, implementers should be prepared for the 1263 set of mandatory to implement algorithms to change over time. 1265 Acknowledgements 1267 The contributions of the following to this document, listed in 1268 alphabetic order, are gratefully acknowledged: Benoit Claise, Adrian 1269 Farrel, Stephen Farrell, Ernst Giessmann, Frederick Hirsch, Bjoern 1270 Hoehrmann, Russ Housley, Satoru Kanno, Charlie Kaufman, Konrad Lanz, 1271 Barry Leiba, Subramanian Moonesamy, Peter Lipp, HwanJin Lee, Thomas 1272 Roessler, Hanseong Ryu, Peter Saint-Andre, and Sean Turner. 1274 The following contributors to [RFC4051], on which this document is 1275 based, are gratefully acknowledged: Glenn Adams, Merlin Hughs, Gregor 1276 Karlinger, Brian LaMachia, Shiho Moriai, Joseph Reagle, Russ Housley, 1277 and Joel Halpern. 1279 The document was prepared in raw nroff. All macros used were defined 1280 within the source file. 1282 Appendix A: Changes from RFC 4051 1284 The following changes have been made in RFC 4051 to produce this 1285 document. 1287 1. Update and add numerous RFC, W3C, and Internet-Draft references. 1289 2. Add #ecdsa-ripemd160, #whirlpool, #ecdsa-whirlpool, #rsa- 1290 whirlpool, #seed128-cbc, and #kw-seed128. 1292 3. Incorporate RFC 4051 errata [Errata191]. 1294 4. Add URI and fragment index sections. 1296 4. In reference to MD5 and SHA-1, add references to [RFC6151] and 1297 [RFC6194]. 1299 5. Add SHA-3 / Keccak placeholder section including #sha3-224, 1300 #sha3-256, #sha3-384, and #sha3-512. 1302 6. Add RSASSA-PSS sections including #sha3-224-MGF1, #sha3-256-MGF1, 1303 #sha3-384-MGF1, #sha3-512-MGF1, #md2-rsa-MGF1, #md5-rsa-MGF1, 1304 #sha1-rsa-MGF1, #sha224-rsa-MGF1, #sha256-rsa-MGF1, #sha384-rsa- 1305 MGF1, #sha512-rsa-MGF1, #ripemd128-rsa-MGF1, #ripemd160-rsa-MGF1, 1306 and #whirlpool-rsa-MGF1. 1308 7. Add new URIs from Canonical XML 1.1 and XML Encryption 1.1 1309 including: #aes128-gcm, #aes192-gcm, #aes256-gc, #ConcatKDF, 1310 #pbkdf, #rsa-oaep, #ECDH-ES, and #dh-es. 1312 8. Add padded AES key wrap from [RFC5649]. 1314 9. Add acronym subsection. 1316 10. Add numerous URIs that are specified in W3C XML Security 1317 documents to the Indexes. These do not have sections in the body 1318 of this document. For example those for dsa-sha256, mgf1sha*, 1319 decrypt#XML, and xmldsig-filter2. 1321 11. Establish IANA Registry. 1323 12. Editorial changes. 1325 Appendix Z: Change History 1327 RFC Editor Note: Plese delete this Appendix before publication. 1329 From -02 to -03 1331 Fix typos and add Whirlpool designator. Add Ernst Giessmann to 1332 Acknowledgements. 1334 From -03 to -04 1336 1. Add identifiers and space holders for SHA-3 / Keccak. 1338 2. Add Sections 2.3.9 and 2.3.10 for RSASSA-PSS. 1340 3. Update URI index according to items 1 and 2 above. 1342 3. Add new URIs from Canonical XML 1.1 and XML Encryption 1.1. 1344 4. Fix typos, fill in a few minor missing values. 1346 5. Minor editorial changes. 1348 From -04 to -05 1350 1. Add padded AES key wrap from [RFC5649]. 1352 2. Add a section on SHA-256 and SHA-512. 1354 3. Minor editorial change to Abstract and various typo fixes. 1356 From -05 to -06 1358 1. Add fragment index. 1360 2. Fix typo. 1362 From -06 to -07 1364 1. Update for publication of XML Signature 1.1, XML Encryption 1.1, 1365 Proposed Recommendations. 1367 2. Editorial changes. 1369 From -07 to -08 1371 1. Delete Appendix B which had information on SEED irrelevant to this 1372 document. 1374 2. Update XPointer Language reference. 1376 3. Remove claim in 1.1 that this document is Informational. 1378 4. At beginning of Section 2, clarify namespaces used. 1380 5. Add numerous URIs that are specified in W3C XML Security document 1381 to the Indexes. These do not have sections in the body of this 1382 document. For example those for dsa-sha256, mgf1sha*, decrypt#XML, 1383 and xmldsig-filter2. 1385 6. Editorial changes. 1387 From -08 to -09 1389 1. Change from www.w3.org/2007/05/xmldsig-more URIs to 1390 www.w3.org/2009/xmlenc11 URIs for AES key wrap with padding. Delete 1391 Section 2.6.7 on those algorithms, since they are covered in 1392 [XMLENC]. 1394 2. Add references to "XML Signature Properties" and "XML Security 1395 Algorithm Cross-Reference". 1397 3. Move Errata reference to Informational Referecnes. 1399 4. Split Section 5 into IANA and W3C considerations, move one 1400 relevant paragraph down to Section 5 from the first part of Section 1401 2. 1403 From -09 to -10 1405 Lots of editorial changes from IESG review including elimination of 1406 any implication that listing an algorithm here implies endorsement 1407 and any implication that this document changes implementation 1408 requirements. Add establishment of IANA Registry. 1410 Normative References 1412 [10118-3] - "Information technology -- Security techniques -- Hash- 1413 functions -- Part 3: Dedicated hash-functions", ISO/IEC 1414 10118-3, 2004. 1416 [18033-2] - "Information technology -- Security techniques -- 1417 Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 1418 18033-2, 2010. 1420 [Camellia] - "Camellia: A 128-bit Block Cipher Suitable for Multiple 1421 Platforms - Design and Analysis -", K. Aoki, T. Ichikawa, M. 1422 Matsui, S. Moriai, J. Nakajima, T. Tokita, In Selected Areas in 1423 Cryptography, 7th Annual International Workshop, SAC 2000, 1424 August 2000, Proceedings, Lecture Notes in Computer Science 1425 2012, pp. 39-56, Springer-Verlag, 2001. 1427 [FIPS180-4] - "Secure Hash Standard (SHS)", United States of 1428 American, National Institute of Science and Technology, Federal 1429 Information Processing Standard (FIPS) 180-4, March 2012, 1430 http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf 1432 [FIPS186-3] - "Digital Signature Standard (DSS)", United States of 1433 America, National Institute of Standards and Technology, 1434 Federal Information Processing Standard (FIPS) 186-3, June 1435 2009, 1436 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf 1438 [IEEE P1363a] - "Standard Specifications for Public Key Cryptography: 1439 Additional Techniques", October 2002. 1441 [RC4] - Schneier, B., "Applied Cryptography: Protocols, Algorithms, 1442 and Source Code in C", Second Edition, John Wiley and Sons, New 1443 York, NY, 1996. 1445 [RFC1321] - Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1446 April 1992. 1448 [RFC2045] - Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1449 Extensions (MIME) Part One: Format of Internet Message Bodies", 1450 RFC 2045, November 1996. 1452 [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1453 Hashing for Message Authentication", RFC 2104, February 1997. 1455 [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate 1456 Requirement Levels", BCP 14, RFC 2119, March 1997. 1458 [RFC2315] - Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1459 Version 1.5", RFC 2315, March 1998. 1461 [RFC3275] - Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1462 Markup Language) XML-Signature Syntax and Processing", RFC 1463 3275, March 2002. 1465 [RFC3394] - Schaad, J. and R. Housley, "Advanced Encryption Standard 1466 (AES) Key Wrap Algorithm", RFC 3394, September 2002. 1468 [RFC3447] - Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1469 Standards (PKCS) #1: RSA Cryptography Specifications Version 1470 2.1", RFC 3447, February 2003. 1472 [RFC3713] - Matsui, M., Nakajima, J., and S. Moriai, "A Description 1473 of the Camellia Encryption Algorithm", RFC 3713, April 2004. 1475 [RFC3986] - Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1476 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, 1477 January 2005. 1479 [RFC4050] - Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. 1480 Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for 1481 XML Digital Signatures", RFC 4050, April 2005. 1483 [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional 1484 Algorithms and Identifiers for RSA Cryptography for use in the 1485 Internet X.509 Public Key Infrastructure Certificate and 1486 Certificate Revocation List (CRL) Profile", RFC 4055, June 1487 2005. 1489 [RFC4269] - Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The 1490 SEED Encryption Algorithm", RFC 4269, December 2005. 1492 [RFC5226] - Narten, T. and H. Alvestrand, "Guidelines for Writing an 1493 IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 1494 2008. 1496 [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash 1497 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 1498 2011. 1500 [RIPEMD-160] - ISO/IEC 10118-3:1998, "Information Technology - 1501 Security techniques - Hash-functions - Part3: Dedicated hash- 1502 functions", ISO, 1998. 1504 [X9.62] - X9.62-200X, "Public Key Cryptography for the Financial 1505 Services Industry: The Elliptic Curve Digital Signature 1506 Algorithm (ECDSA)", Accredited Standards Committee X9, American 1507 National Standards Institute. 1509 [XMLENC10] - "XML Encryption Syntax and Processing", J. Reagle, D. 1510 Eastlake, W3C Recommendation 10 December 2002, 1511 http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ 1513 [XMLENC11] - "XML Encryption Syntax and Processing Version 1.1", D. 1514 Eastlake, J. Reagle, F. Hirsch, T. Roessler, Proposed 1515 Recommendation 24 January 2013, http://www.w3.org/TR/2013/PR- 1516 xmlenc-core1-20130124/ 1518 [XPointer] - "XML Pointer Language (XPointer) Version 1.0", W3C 1519 working draft, Steve DeRose, Eve Maler, Ron Daniel Jr., Paul 1520 Grosso, Jonathan Marsh, Norman Walsh, August 2002. 1521 http://www.w3.org/TR/2002/WD-xptr-20020816/ 1523 Informational References 1525 [CANON10] - John Boyer. "Canonical XML Version 1.0", 15 March 2001, 1526 http://www.w3.org/TR/2001/REC-xml-c14n-20010315 1528 [CANON11] - John Boyer, Glenn Marcy, "Canoncial XML Version 1.1", 2 1529 May 2008, http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/ 1531 [DECRYPT] - Merlin Hughes, Takeshi Imamura, Hiroshi Maruyama, 1532 "Decryption Transform for XML Signature", 10 Decmeber 2002. 1533 http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210 1535 [Errata191] - RFC Errata, Errata ID 191, RFC 4051, http://www.rfc- 1536 editor.org 1538 [GENERIC] - Magnus Nystrom, Frederick Hirsch, "XML Security Generic 1539 Hybrid Ciphers", 24 January 2013, 1540 http://www.w3.org/TR/2013/NOTE-xmlsec-generic-hybrid-20130124/ 1542 [Keccak] 1543 http://csrc.nist.gov/groups/ST/hash/sha-3/winner_sha-3.html 1544 http://keccak.noekeon.org 1546 [RFC3075] - Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature 1547 Syntax and Processing", RFC 3075, March 2001. 1549 [RFC3076] - Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 1550 2001. 1552 [RFC3092] - Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology 1553 of "Foo"", RFC 3092, April 1 2001. 1555 [RFC3741] - Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive 1556 XML Canonicalization, Version 1.0", RFC 3741, March 2004. 1558 [RFC4010] - Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 1559 Encryption Algorithm in Cryptographic Message Syntax (CMS)", 1560 RFC 4010, February 2005. 1562 [RFC4051] - Eastlake 3rd, D., "Additional XML Security Uniform 1563 Resource Identifiers (URIs)", RFC 4051, April 2005. 1565 [RFC6090] 1566 - D. McGrew, K. Igoe, M. Salter, "Fundamental Elliptic Curve 1567 Cryptography Algorithms", RFC 6090, February 2011. 1568 - Note RFC Errata numbers 2773, 2774, 2775, 2776, and 2777. 1570 [RFC6151] - Turner, S. and L. Chen, "Updated Security Considerations 1571 for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 1572 6151, March 2011. 1574 [RFC6194] - Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security 1575 Considerations for the SHA-0 and SHA-1 Message-Digest 1576 Algorithms", RFC 6194, March 2011. 1578 [Schema] - "XML Schema Part 1: Structures Second Edition", H. 1579 Thompson, D. Beech, M. Maloney, N. Mendelsohn, W3C 1580 Recommendation 28 October 2004, http://www.w3.org/TR/2004/REC- 1581 xmlschema-1-20041028/ 1582 - "XML Schema Part 2: Datatypes Second Edition", P. Biron, A. 1583 Malhotra, W3C Recommendation 28 October 2004, 1584 http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/ 1586 [W3C] - World Wide Web Consortium, . 1588 [XCANON] - "Exclusive XML Canonicalization Version 1.0", D. 1589 Eastlake, J. Reagle, 18 July 2002. 1590 http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/ 1592 [XMLDSIG10] - "XML Signature Syntax and Processing (Second Edition)", 1593 D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, W3C 1594 Recommendation 10 June 2008, http://www.w3.org/TR/2008/REC- 1595 xmldsig-core-20080610/ 1597 [XMLDSIG11] - "XML Signature Syntax and Processing Version 1.1", D. 1598 Eastlake, J. Reagle, D. Solo, F. Hirsch, M. Nystrom, T. 1599 Roessler, K. Yiu, Proposed Recommendation 24 January 2013, 1600 http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/ 1602 [XMLDSIG-PROP] - "XML Signature Properties", F. Hirsch, Proposed 1603 Recommendation 24 January 2013, http://www.w3.org/TR/2013/PR- 1604 xmldsig-properties-20130124/ 1606 [XMLSECXREF] - "XML Security Algorithm Cross-Reference", F. Hirsch, 1607 T. Roessler, K. Yiu, Working Group Note 24 January 2013, 1608 http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/ 1610 [XPATH] - "XML-Signature XPath Filter 2.0", J. Boyer, M. Huges, J. 1611 Reagle, 8 November 2002. http://www.w3.org/TR/2002/REC- 1612 xmldsig-filter2-20021108/ 1613 - "XML Path Language (XPath) 2.0 (Second Edition)", A. 1614 Berglund, S. Boag, D. Chamberlin, M. Fernandez, M. Kay, J. 1615 Robie, J. Simeon, W3C Recommendation 14 December 2010, 1616 http://www.w3.org/TR/2010/REC-xpath20-20101214/ 1618 [XSLT] - "XSL Transformations (XSLT) Version 2.0", M. Saxonica, W3C 1619 Recommendation 23 January 2007, http://www.w3.org/TR/2007/REC- 1620 xslt20-20070123/ 1622 Author's Address 1624 Donald E. Eastlake, 3rd 1625 Huawei Technologies 1626 155 Beaver Street 1627 Milford, MA 01757 USA 1629 Telephone: +1-508-333-2270 1630 EMail: d3e3e3@gmail.com 1632 Copyright, Disclaimer, and Additional IPR Provisions 1634 Copyright (c) 2013 IETF Trust and the persons identified as the 1635 document authors. All rights reserved. 1637 This document is subject to BCP 78 and the IETF Trust's Legal 1638 Provisions Relating to IETF Documents 1639 (http://trustee.ietf.org/license-info) in effect on the date of 1640 publication of this document. Please review these documents 1641 carefully, as they describe your rights and restrictions with respect 1642 to this document. Code Components extracted from this document must 1643 include Simplified BSD License text as described in Section 4.e of 1644 the Trust Legal Provisions and are provided without warranty as 1645 described in the Simplified BSD License. The definitive version of 1646 an IETF Document is that published by, or under the auspices of, the 1647 IETF. Versions of IETF Documents that are published by third parties, 1648 including those that are translated into other languages, should not 1649 be considered to be definitive versions of IETF Documents. The 1650 definitive version of these Legal Provisions is that published by, or 1651 under the auspices of, the IETF. Versions of these Legal Provisions 1652 that are published by third parties, including those that are 1653 translated into other languages, should not be considered to be 1654 definitive versions of these Legal Provisions. For the avoidance of 1655 doubt, each Contributor to the IETF Standards Process licenses each 1656 Contribution that he or she makes as part of the IETF Standards 1657 Process to the IETF Trust pursuant to the provisions of RFC 5378. No 1658 language to the contrary, or terms, conditions or rights that differ 1659 from or are inconsistent with the rights and licenses granted under 1660 RFC 5378, shall have any effect and shall be null and void, whether 1661 published or posted by such Contributor, or included with or in such 1662 Contribution.