| < draft-blake-wilson-xmldsig-ecdsa-07.txt | draft-blake-wilson-xmldsig-ecdsa-08.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT S. Blake-Wilson, BCI | INTERNET-DRAFT S. Blake-Wilson, BCI | |||
| G. Karlinger, CIO Austria | G. Karlinger, CIO Austria | |||
| T. Kobayashi, NTT | T. Kobayashi, NTT | |||
| Y. Wang, UNCC | Y. Wang, UNCC | |||
| Expires: June 2004 December 2003 | Expires: July 2004 January 2004 | |||
| Using the Elliptic Curve Signature Algorithm (ECDSA) | Using the Elliptic Curve Signature Algorithm (ECDSA) | |||
| for XML Digital Signatures | for XML Digital Signatures | |||
| <draft-blake-wilson-xmldsig-ecdsa-07.txt> | <draft-blake-wilson-xmldsig-ecdsa-08.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with all | This document is an Internet-Draft and is in full conformance with all | |||
| provisions of Section 10 of RFC2026. Internet-Drafts are working | provisions of Section 10 of RFC2026. Internet-Drafts are working | |||
| documents of the Internet Engineering Task Force (IETF), its areas, | documents of the Internet Engineering Task Force (IETF), its areas, | |||
| and its working groups. Note that other groups may also distribute | and its working groups. Note that other groups may also distribute | |||
| working documents as Internet-Drafts. | working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| The list of current Internet-Drafts may be found at | The list of current Internet-Drafts may be found at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories may be found at | The list of Internet-Draft Shadow Directories may be found at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| Abstract | Abstract | |||
| This document specifies how to use ECDSA (Elliptic Curve Digital | This document specifies how to use ECDSA (Elliptic Curve Digital | |||
| Signature Algorithm) with XML Signatures [XMLDSIG]. The mechanism | Signature Algorithm) with XML Signatures. The mechanism | |||
| specified provides integrity, message authentication, and/or signer | specified provides integrity, message authentication, and/or signer | |||
| authentication services for data of any type, whether located | authentication services for data of any type, whether located | |||
| within the XML that includes the signature or included by reference. | within the XML that includes the signature or included by reference. | |||
| Table of Contents | Table of Contents | |||
| 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2 ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2 ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3 Specifying ECDSA within XMLDSIG . . . . . . . . . . . . . . . . 3 | 3 Specifying ECDSA within XMLDSIG . . . . . . . . . . . . . . . . 3 | |||
| 3.1 Version, Namespaces and Identifiers . . . . . . . . . . . . 3 | 3.1 Version, Namespaces and Identifiers . . . . . . . . . . . . 3 | |||
| skipping to change at page 3, line 45 ¶ | skipping to change at page 3, line 45 ¶ | |||
| computed faster than similar strength RSA or DSA operations (see [KEYS] | computed faster than similar strength RSA or DSA operations (see [KEYS] | |||
| for a security analysis of key sizes across public key algorithms). | for a security analysis of key sizes across public key algorithms). | |||
| These advantages of signature size, bandwidth, and computational | These advantages of signature size, bandwidth, and computational | |||
| efficiency may make ECDSA an attractive choice for XMLDSIG | efficiency may make ECDSA an attractive choice for XMLDSIG | |||
| implementations. | implementations. | |||
| 3. Specifying ECDSA within XMLDSIG | 3. Specifying ECDSA within XMLDSIG | |||
| This section specifies the details of how to use ECDSA with XML | This section specifies the details of how to use ECDSA with XML | |||
| Signature Syntax and Processing [XMLDSIG]. It relies heavily on the | Signature Syntax and Processing [XMLDSIG]. It relies heavily on the | |||
| syntax and namespace defined therein. | syntax and namespace defined in [XMLDSIG]. | |||
| 3.1 Version, Namespaces and Identifiers | 3.1 Version, Namespaces and Identifiers | |||
| This specification makes no provision for an explicit version number in | This specification makes no provision for an explicit version number in | |||
| the syntax. If a future version is needed, it will use a different | the syntax. If a future version is needed, it will use a different | |||
| namespace. | namespace. | |||
| The XML namespace [XML-ns] URI that MUST be used by implementations of | The XML namespace [XML-ns] URI that MUST be used by implementations of | |||
| this (dated) specification is: | this (dated) specification is: | |||
| http://www.w3.org/2001/04/xmldsig-more# | http://www.w3.org/2001/04/xmldsig-more# | |||
| skipping to change at page 10, line 45 ¶ | skipping to change at page 10, line 45 ¶ | |||
| Implementers should ensure that appropriate security measures are in | Implementers should ensure that appropriate security measures are in | |||
| place when they deploy ECDSA within XMLDSIG. In particular, the security | place when they deploy ECDSA within XMLDSIG. In particular, the security | |||
| of ECDSA requires the careful selection of both key sizes and elliptic | of ECDSA requires the careful selection of both key sizes and elliptic | |||
| curve domain parameters. Selection guidelines for these parameters and | curve domain parameters. Selection guidelines for these parameters and | |||
| some specific recommended curves that are considered safe are provided | some specific recommended curves that are considered safe are provided | |||
| in [X9.62], [NIST-ECC], and [SEC2]. For further security discussion, | in [X9.62], [NIST-ECC], and [SEC2]. For further security discussion, | |||
| see [XMLDSIG]. | see [XMLDSIG]. | |||
| 5. Normative References | 5. Normative References | |||
| [X9.62] American National Standards Institute. ANSI X9.62-1998, | ||||
| Public Key Cryptography for the Financial Services Industry: | ||||
| The Elliptic Curve Digital Signature Algorithm. January 1999. | ||||
| [XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., XML-Signature | ||||
| Syntax and Processing. W3C Recommendation, February 2002. | ||||
| http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ | ||||
| [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson, | ||||
| H., XML Schema Part 1: Structures, W3C Recommendation, | ||||
| May 2001. | ||||
| http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/ | ||||
| Biron, P., and Malhotra, A., ML Schema Part 2: | ||||
| Datatypes, W3C Recommendation, May 2001. | ||||
| http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/ | ||||
| 6. Informative References | ||||
| [FIPS-180-1] Federal Information Processing Standards Publication | [FIPS-180-1] Federal Information Processing Standards Publication | |||
| (FIPS PUB) 180-1, Secure Hash Standard, April 1995. | (FIPS PUB) 180-1, Secure Hash Standard, April 1995. | |||
| [FIPS-186-2] Federal Information Processing Standards Publication | [FIPS-186-2] Federal Information Processing Standards Publication | |||
| (FIPS PUB) 186-2, Digital Signature Standard, January | (FIPS PUB) 186-2, Digital Signature Standard, January | |||
| 2000. | 2000. | |||
| [IEEE1363] Institute for Electrical and Electronics Engineers (IEEE) | [IEEE1363] Institute for Electrical and Electronics Engineers (IEEE) | |||
| Standard 1363-2000, Standard Specifications for Public Key | Standard 1363-2000, Standard Specifications for Public Key | |||
| Cryptography, January 2000. | Cryptography, January 2000. | |||
| [IEEE1363a] Institute for Electrical and Electronics Engineers (IEEE) | [IEEE1363a] Institute for Electrical and Electronics Engineers (IEEE) | |||
| Standard 1363, Draft Standard Specifications for Public | Standard 1363, Draft Standard Specifications for Public | |||
| Key Cryptography -- Amendment 1: Additional Techniques, | Key Cryptography -- Amendment 1: Additional Techniques, | |||
| October 2002. | October 2002. | |||
| [KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key | ||||
| Sizes. October 1999. Presented at Public Key Cryptography | ||||
| Conference, Melbourne, Australia, January 2000. | ||||
| http://www.cryptosavvy.com/ | ||||
| [RFC3061] Mealling, M., RFC 3061, A URN Namespace of Object | [RFC3061] Mealling, M., RFC 3061, A URN Namespace of Object | |||
| Identifiers. IETF Informational RFC, February 2001. | Identifiers. IETF Informational RFC, February 2001. | |||
| http://www.ietf.org/rfc/rfc3061.txt | http://www.ietf.org/rfc/rfc3061.txt | |||
| [RFC3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, Algorithms | [RFC3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, Algorithms | |||
| and Identifiers for the Internet X.509 Public Key | and Identifiers for the Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile. IETF Proposed Standard, April 2002. | (CRL) Profile. IETF Proposed Standard, April 2002. | |||
| http://www.ietf.org/rfc/rfc3279.txt | http://www.ietf.org/rfc/rfc3279.txt | |||
| [SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic | [SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic | |||
| Curve Cryptography, Version 1.0, September 2000. | Curve Cryptography, Version 1.0, September 2000. | |||
| http://www.secg.org | http://www.secg.org | |||
| [X9.62] American National Standards Institute. ANSI X9.62-1998, | ||||
| Public Key Cryptography for the Financial Services Industry: | ||||
| The Elliptic Curve Digital Signature Algorithm. January 1999. | ||||
| [XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., XML-Signature | ||||
| Syntax and Processing. W3C Recommendation, February 2002. | ||||
| http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ | ||||
| [XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML, | ||||
| W3C Recommendation, January 1999. | ||||
| http://www.w3.org/TR/1999/REC-xml-names-19990114/ | ||||
| [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson, | ||||
| H., XML Schema Part 1: Structures, W3C Recommendation, | ||||
| May 2001. | ||||
| http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/ | ||||
| Biron, P., and Malhotra, A., ML Schema Part 2: | ||||
| Datatypes, W3C Recommendation, May 2001. | ||||
| http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/ | ||||
| 6. Informative References | ||||
| [KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key | ||||
| Sizes. October 1999. Presented at Public Key Cryptography | ||||
| Conference, Melbourne, Australia, January 2000. | ||||
| http://www.cryptosavvy.com/ | ||||
| [SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended | [SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended | |||
| Elliptic Curve Domain Parameters, Version 1.0, September 2000. | Elliptic Curve Domain Parameters, Version 1.0, September 2000. | |||
| http://www.secg.org | http://www.secg.org | |||
| [XML] Bray, T., Maler, E., Paoli, J. , and Sperberg-McQueen, C. M., | [XML] Bray, T., Maler, E., Paoli, J. , and Sperberg-McQueen, C. M., | |||
| Extensible Markup Language (XML) 1.0 (Second Edition), W3C | Extensible Markup Language (XML) 1.0 (Second Edition), W3C | |||
| Recommendation, October 2000. | Recommendation, October 2000. | |||
| http://www.w3.org/TR/2000/REC-xml-20001006 | http://www.w3.org/TR/2000/REC-xml-20001006 | |||
| [XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML, | ||||
| W3C Recommendation, January 1999. | ||||
| http://www.w3.org/TR/1999/REC-xml-names-19990114/ | ||||
| 7. Acknowledgements | 7. Acknowledgements | |||
| The authors would like to acknowledge the many helpful comments of | The authors would like to acknowledge the many helpful comments of | |||
| Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Akihiro Kato, | Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Akihiro Kato, | |||
| Shiho Moriai, Joseph M. Reagle Jr., and Francois Rousseau. | Shiho Moriai, Joseph M. Reagle Jr., and Francois Rousseau. | |||
| Appendix A: Aggregate XML Schema | Appendix A: Aggregate XML Schema | |||
| <?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/ | <xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/ | |||
| End of changes. 8 change blocks. | ||||
| 31 lines changed or deleted | 31 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||