< draft-blake-wilson-xmldsig-ecdsa-06.txt   draft-blake-wilson-xmldsig-ecdsa-07.txt >
INTERNET-DRAFT S. Blake-Wilson, BCI INTERNET-DRAFT S. Blake-Wilson, BCI
G. Karlinger, CIO Austria G. Karlinger, CIO Austria
T. Kobayashi, NTT T. Kobayashi, NTT
Y. Wang, UNCC Y. Wang, UNCC
Expires: May 2004 November 2003 Expires: June 2004 December 2003
ECDSA with XML-Signature Syntax Using the Elliptic Curve Signature Algorithm (ECDSA)
<draft-blake-wilson-xmldsig-ecdsa-06.txt> for XML Digital Signatures
<draft-blake-wilson-xmldsig-ecdsa-07.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. Internet-Drafts are working provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 2, line 6 skipping to change at page 2, line 6
3.3 ECDSA Signatures . . . . . . . . . . . . . . . . . . . . . 4 3.3 ECDSA Signatures . . . . . . . . . . . . . . . . . . . . . 4
3.4 ECDSA Key Values . . . . . . . . . . . . . . . . . . . . . 4 3.4 ECDSA Key Values . . . . . . . . . . . . . . . . . . . . . 4
3.4.1 Key Value Root Element . . . . . . . . . . . . . . . 4 3.4.1 Key Value Root Element . . . . . . . . . . . . . . . 4
3.4.2 EC Domain Parameters . . . . . . . . . . . . . . . . 5 3.4.2 EC Domain Parameters . . . . . . . . . . . . . . . . 5
3.4.2.1 Field Parameters . . . . . . . . . . . . . 6 3.4.2.1 Field Parameters . . . . . . . . . . . . . 6
3.4.2.2 Curve Parameters . . . . . . . . . . . . . 8 3.4.2.2 Curve Parameters . . . . . . . . . . . . . 8
3.4.2.3 Base Point Parameters . . . . . . . . . . . 8 3.4.2.3 Base Point Parameters . . . . . . . . . . . 8
3.4.3 EC Points . . . . . . . . . . . . . . . . . . . . . 9 3.4.3 EC Points . . . . . . . . . . . . . . . . . . . . . 9
4 Security Considerations . . . . . . . . . . . . . . . . . . . . 10 4 Security Considerations . . . . . . . . . . . . . . . . . . . . 10
5 Intellectual Property Rights . . . . . . . . . . . . . . . . . . 10 5 Normative References . . . . . . . . . . . . . . . . . . . . . . 10
6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 6 Informative References . . . . . . . . . . . . . . . . . . . . . 12
7 Authors' addresses . . . . . . . . . . . . . . . . . . . . . . . 12 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12
8 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12
9 Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 12
Appendix A: Aggregate XML Schema . . . . . . . . . . . . . . . . . 13 Appendix A: Aggregate XML Schema . . . . . . . . . . . . . . . . . 13
Appendix B: Aggregate DTD . . . . . . . . . . . . . . . . . . . . . 16 Appendix B: Aggregate DTD . . . . . . . . . . . . . . . . . . . . . 16
Authors' addresses. . . . . . . . . . . . . . . . . . . . . . . . . 17
Intellectual Property Rights. . . . . . . . . . . . . . . . . . . . 17
Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
This document specifies how to use the Elliptic Curve Digital Signature This document specifies how to use the Elliptic Curve Digital Signature
Algorithm (ECDSA) with XML signatures as specified in [XMLDSIG]. Therein Algorithm (ECDSA) with XML signatures as specified in [XMLDSIG].
only two digital signature methods are defined: RSA signatures and DSA [XMLDSIG] defines only two digital signature methods: RSA signatures
(DSS) signatures. This document introduces ECDSA signatures as an and DSA (DSS) signatures. This document introduces ECDSA signatures as
additional method. an additional method.
This document uses both XML Schemas [XML-schema] (normative) and DTDs This document uses both XML Schemas [XML-schema] (normative) and DTDs
[XML] (informational) for specifying the corresponding XML structures. [XML] (informational) for specifying the corresponding XML structures.
2. ECDSA 2. ECDSA
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic
curve analogue of the DSA (DSS) signature method [FIPS186-2]. It is curve analogue of the DSA (DSS) signature method [FIPS186-2]. It is
defined in the ANSI X9.62 standard [X9.62]. Other compatible defined in the ANSI X9.62 standard [X9.62]. Other compatible
specifications include FIPS 186-2 [FIPS186-2], IEEE 1363 [IEEE1363], specifications include FIPS 186-2 [FIPS186-2], IEEE 1363 [IEEE1363],
IEEE 1363a [IEEE1363a], and SEC1 [SEC1]. [RFC3279] describes the means IEEE 1363a [IEEE1363a], and SEC1 [SEC1]. [RFC3279] describes the means
to carry ECDSA keys in X.509 certificates. Recommended elliptic curve to carry ECDSA keys in X.509 certificates. [FIPS186-2], [SEC2], and
domain parameters for use with ECDSA are given in [FIPS186-2], [SEC2], [X9.62] give recommended elliptic curve domain parameters for use with
and [X9.62]. ECDSA.
Like DSA, ECDSA incorporates the use of a hash function. Currently,the Like DSA, ECDSA incorporates the use of a hash function. Currently,the
only hash function defined for use with ECDSA is the SHA-1 message only hash function defined for use with ECDSA is the SHA-1 message
digest algorithm [FIPS-180-1]. digest algorithm [FIPS-180-1].
ECDSA signatures are smaller than RSA signatures of similar ECDSA signatures are smaller than RSA signatures of similar
cryptographic strength. ECDSA public keys (and certificates) are smaller cryptographic strength. ECDSA public keys (and certificates) are smaller
than similar strength DSA keys, resulting in improved communications than similar strength DSA keys, resulting in improved communications
efficiency. Furthermore, on many platforms ECDSA operations can be efficiency. Furthermore, on many platforms ECDSA operations can be
computed faster than similar strength RSA or DSA operations (see [KEYS] computed faster than similar strength RSA or DSA operations (see [KEYS]
skipping to change at page 3, line 49 skipping to change at page 3, line 49
implementations. implementations.
3. Specifying ECDSA within XMLDSIG 3. Specifying ECDSA within XMLDSIG
This section specifies the details of how to use ECDSA with XML This section specifies the details of how to use ECDSA with XML
Signature Syntax and Processing [XMLDSIG]. It relies heavily on the Signature Syntax and Processing [XMLDSIG]. It relies heavily on the
syntax and namespace defined therein. syntax and namespace defined therein.
3.1 Version, Namespaces and Identifiers 3.1 Version, Namespaces and Identifiers
No provision is made for an explicit version number in this syntax. If This specification makes no provision for an explicit version number in
a future version is needed, it will use a different namespace. the syntax. If a future version is needed, it will use a different
namespace.
The XML namespace [XML-ns] URI that MUST be used by implementations of The XML namespace [XML-ns] URI that MUST be used by implementations of
this (dated) specification is: this (dated) specification is:
http://www.w3.org/2001/04/xmldsig-more# http://www.w3.org/2001/04/xmldsig-more#
Elements in the namespace of the [XMLDSIG] specification are marked as Elements in the namespace of the [XMLDSIG] specification are marked as
such by using the namespace prefix "dsig" in the remaining sections of such by using the namespace prefix "dsig" in the remaining sections of
this document. this document.
The identifier for the ECDSA signature algorithm is: The identifier for the ECDSA signature algorithm is:
skipping to change at page 10, line 43 skipping to change at page 10, line 43
4. Security Considerations 4. Security Considerations
Implementers should ensure that appropriate security measures are in Implementers should ensure that appropriate security measures are in
place when they deploy ECDSA within XMLDSIG. In particular, the security place when they deploy ECDSA within XMLDSIG. In particular, the security
of ECDSA requires the careful selection of both key sizes and elliptic of ECDSA requires the careful selection of both key sizes and elliptic
curve domain parameters. Selection guidelines for these parameters and curve domain parameters. Selection guidelines for these parameters and
some specific recommended curves that are considered safe are provided some specific recommended curves that are considered safe are provided
in [X9.62], [NIST-ECC], and [SEC2]. For further security discussion, in [X9.62], [NIST-ECC], and [SEC2]. For further security discussion,
see [XMLDSIG]. see [XMLDSIG].
5. Intellectual Property Rights 5. Normative References
The IETF has been notified of intellectual property rights claimed in
regard to the specification contained in this document.
For more information, consult the online list of claimed rights
(http://www.ietf.org/ipr.html).
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification can
be obtained from the IETF Secretariat.
6. References
[FIPS-180-1] Federal Information Processing Standards Publication [FIPS-180-1] Federal Information Processing Standards Publication
(FIPS PUB) 180-1, Secure Hash Standard, April 1995. (FIPS PUB) 180-1, Secure Hash Standard, April 1995.
[FIPS-186-2] Federal Information Processing Standards Publication [FIPS-186-2] Federal Information Processing Standards Publication
(FIPS PUB) 186-2, Digital Signature Standard, January (FIPS PUB) 186-2, Digital Signature Standard, January
2000. 2000.
[IEEE1363] Institute for Electrical and Electronics Engineers (IEEE) [IEEE1363] Institute for Electrical and Electronics Engineers (IEEE)
Standard 1363-2000, Standard Specifications for Public Key Standard 1363-2000, Standard Specifications for Public Key
Cryptography, January 2000. Cryptography, January 2000.
[IEEE1363a] Institute for Electrical and Electronics Engineers (IEEE) [IEEE1363a] Institute for Electrical and Electronics Engineers (IEEE)
Standard 1363, Draft Standard Specifications for Public Standard 1363, Draft Standard Specifications for Public
Key Cryptography -- Amendment 1: Additional Techniques, Key Cryptography -- Amendment 1: Additional Techniques,
October 2002. October 2002.
[KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key
Sizes. October 1999. Presented at Public Key Cryptography
Conference, Melbourne, Australia, January 2000.
http://www.cryptosavvy.com/
[RFC3061] Mealling, M., RFC 3061, A URN Namespace of Object [RFC3061] Mealling, M., RFC 3061, A URN Namespace of Object
Identifiers. IETF Informational RFC, February 2001. Identifiers. IETF Informational RFC, February 2001.
http://www.ietf.org/rfc/rfc3061.txt http://www.ietf.org/rfc/rfc3061.txt
[RFC3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, Algorithms [RFC3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, Algorithms
and Identifiers for the Internet X.509 Public Key and Identifiers for the Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile. IETF Proposed Standard, April 2002. (CRL) Profile. IETF Proposed Standard, April 2002.
http://www.ietf.org/rfc/rfc3279.txt http://www.ietf.org/rfc/rfc3279.txt
[SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic [SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic
Curve Cryptography, Version 1.0, September 2000. Curve Cryptography, Version 1.0, September 2000.
http://www.secg.org http://www.secg.org
[SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended
Elliptic Curve Domain Parameters, Version 1.0, September 2000.
http://www.secg.org
[X9.62] American National Standards Institute. ANSI X9.62-1998, [X9.62] American National Standards Institute. ANSI X9.62-1998,
Public Key Cryptography for the Financial Services Industry: Public Key Cryptography for the Financial Services Industry:
The Elliptic Curve Digital Signature Algorithm. January 1999. The Elliptic Curve Digital Signature Algorithm. January 1999.
[XML] Bray, T., Maler, E., Paoli, J. , and Sperberg-McQueen, C. M.,
Extensible Markup Language (XML) 1.0 (Second Edition), W3C
Recommendation, October 2000.
http://www.w3.org/TR/2000/REC-xml-20001006
[XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., XML-Signature [XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., XML-Signature
Syntax and Processing. W3C Recommendation, February 2002. Syntax and Processing. W3C Recommendation, February 2002.
http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML, [XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML,
W3C Recommendation, January 1999. W3C Recommendation, January 1999.
http://www.w3.org/TR/1999/REC-xml-names-19990114/ http://www.w3.org/TR/1999/REC-xml-names-19990114/
[XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson, [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson,
H., XML Schema Part 1: Structures, W3C Recommendation, H., XML Schema Part 1: Structures, W3C Recommendation,
May 2001. May 2001.
http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/ http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/
Biron, P., and Malhotra, A., ML Schema Part 2: Biron, P., and Malhotra, A., ML Schema Part 2:
Datatypes, W3C Recommendation, May 2001. Datatypes, W3C Recommendation, May 2001.
http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/ http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/
7. Authors' Addresses 6. Informative References
Simon Blake-Wilson
BCI
96 Spadina Ave, Unit 606
Toronto, ON, M5V 2J6, Canada
e-mail: sblakewilson@bcisse.com
Gregor Karlinger [KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key
Chief Information Office Austria Sizes. October 1999. Presented at Public Key Cryptography
Parkring 10/I/5 Conference, Melbourne, Australia, January 2000.
1010 Wien, Austria http://www.cryptosavvy.com/
e-mail: gregor.karlinger@cio.gv.at
Tetsutaro Kobayashi [SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended
NTT Laboratories Elliptic Curve Domain Parameters, Version 1.0, September 2000.
1-1 Hikarinooka, Yokosuka, 239-0847, Japan http://www.secg.org
e-mail: kotetsu@isl.ntt.co.jp
Yongge Wang [XML] Bray, T., Maler, E., Paoli, J. , and Sperberg-McQueen, C. M.,
University of North Carolina at Charlotte Extensible Markup Language (XML) 1.0 (Second Edition), W3C
9201 University City Blvd Recommendation, October 2000.
Charlotte, NC 28223, USA http://www.w3.org/TR/2000/REC-xml-20001006
e-mail: yonwang@uncc.edu
8. Acknowledgements 7. Acknowledgements
The authors would like to acknowledge the many helpful comments of The authors would like to acknowledge the many helpful comments of
Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Akihiro Kato, Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Akihiro Kato,
Shiho Moriai, Joseph M. Reagle Jr., and Francois Rousseau. Shiho Moriai, Joseph M. Reagle Jr., and Francois Rousseau.
9. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied,
published and distributed, in whole or in part, without restriction
of any kind, provided that the above copyright notice and this
paragraph are included on all such copies and derivative works.
However, this document itself may not be modified in any way, such
as by removing the copyright notice or references to the Internet
Society or other Internet organizations, except as needed for the
purpose of developing Internet standards in which case the procedures
for copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Appendix A: Aggregate XML Schema Appendix A: Aggregate XML Schema
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/ <xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/
ecdsa/200206030#" ecdsa/200206030#"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ecdsa="http://www.buergerkarte.at/namespaces/ xmlns:ecdsa="http://www.buergerkarte.at/namespaces/
ecdsa/200206030#" ecdsa/200206030#"
elementFormDefault="qualified" elementFormDefault="qualified"
skipping to change at line 805 skipping to change at page 17, line 4
<!ELEMENT CurveParams (A, B, Seed?)> <!ELEMENT CurveParams (A, B, Seed?)>
<!ELEMENT A EMPTY> <!ELEMENT A EMPTY>
<!ATTLIST A Value CDATA #REQUIRED> <!ATTLIST A Value CDATA #REQUIRED>
<!ELEMENT B EMPTY> <!ELEMENT B EMPTY>
<!ATTLIST B Value CDATA #REQUIRED> <!ATTLIST B Value CDATA #REQUIRED>
<!ELEMENT Seed (#PCDATA)> <!ELEMENT Seed (#PCDATA)>
<!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)> <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)>
<!ELEMENT BasePoint (X, Y)?> <!ELEMENT BasePoint (X, Y)?>
<!ELEMENT Order (#PCDATA)> <!ELEMENT Order (#PCDATA)>
<!ELEMENT Cofactor (#PCDATA)> <!ELEMENT Cofactor (#PCDATA)>
Authors' Addresses
Simon Blake-Wilson
BCI
96 Spadina Ave, Unit 606
Toronto, ON, M5V 2J6, Canada
e-mail: sblakewilson@bcisse.com
Gregor Karlinger
Federal Staff Office for IT Strategies/Federal Chancellery
Ballhausplatz 2
1014 Wien, Austria
e-mail: gregor.karlinger@cio.gv.at
Tetsutaro Kobayashi
NTT Laboratories
1-1 Hikarinooka, Yokosuka, 239-0847, Japan
e-mail: kotetsu@isl.ntt.co.jp
Yongge Wang
University of North Carolina at Charlotte
9201 University City Blvd
Charlotte, NC 28223, USA
e-mail: yonwang@uncc.edu
Intellectual Property Rights
The IETF has been notified of intellectual property rights claimed in
regard to the specification contained in this document.
For more information, consult the online list of claimed rights
(http://www.ietf.org/ipr.html).
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification can
be obtained from the IETF Secretariat.
Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied,
published and distributed, in whole or in part, without restriction
of any kind, provided that the above copyright notice and this
paragraph are included on all such copies and derivative works.
However, this document itself may not be modified in any way, such
as by removing the copyright notice or references to the Internet
Society or other Internet organizations, except as needed for the
purpose of developing Internet standards in which case the procedures
for copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 19 change blocks. 
104 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/