| < draft-eastlake-rfc6931bis-xmlsec-uris-17.txt | draft-eastlake-rfc6931bis-xmlsec-uris-18.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT D. Eastlake | INTERNET-DRAFT D. Eastlake | |||
| Obsoletes: 6931 Futurewei Technologies | Obsoletes: 6931 Futurewei Technologies | |||
| Intended Status: Proposed Standard | Intended Status: Proposed Standard | |||
| Expires: April 30, 2022 November 1, 2021 | Expires:May 13, 2022 November 14, 2021 | |||
| Additional XML Security Uniform Resource Identifiers (URIs) | Additional XML Security Uniform Resource Identifiers (URIs) | |||
| <draft-eastlake-rfc6931bis-xmlsec-uris-17.txt> | <draft-eastlake-rfc6931bis-xmlsec-uris-18.txt> | |||
| Abstract | Abstract | |||
| This document updates and corrects the IANA registry for the list of | This document updates and corrects the IANA "XML Security URIs" | |||
| URIs intended for use with XML digital signatures, encryption, | registry that lists URIs intended for use with XML digital | |||
| canonicalization, and key management. These URIs identify algorithms | signatures, encryption, canonicalization, and key management. These | |||
| and types of information. This document also updates, corrects three | URIs identify algorithms and types of information. This document | |||
| errata against, and obsoletes RFC 6931. | also updates, corrects three errata against, and obsoletes RFC 6931. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Distribution of this document is unlimited. Comments should be sent | Distribution of this document is unlimited. Comments should be sent | |||
| to the author. | to the author. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 2, line 13 ¶ | skipping to change at page 2, line 13 ¶ | |||
| https://www.ietf.org/shadow.html. | https://www.ietf.org/shadow.html. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction............................................4 | 1. Introduction............................................4 | |||
| 1.1 Terminology...........................................5 | 1.1 Terminology...........................................5 | |||
| 1.2 Acronyms..............................................5 | 1.2 Acronyms..............................................5 | |||
| 2. Algorithms..............................................7 | 2. Algorithms..............................................7 | |||
| 2.1 DigestMethod (Hash) Algorithms........................7 | 2.1 DigestMethod (Hash) Algorithms........................7 | |||
| 2.1.1 MD5.................................................7 | 2.1.1 MD5.................................................8 | |||
| 2.1.2 SHA-224.............................................8 | 2.1.2 SHA-224.............................................8 | |||
| 2.1.3 SHA-384.............................................8 | 2.1.3 SHA-384.............................................8 | |||
| 2.1.4 Whirlpool...........................................8 | 2.1.4 Whirlpool...........................................9 | |||
| 2.1.5 SHA3 Algorithms.....................................9 | 2.1.5 SHA3 Algorithms.....................................9 | |||
| 2.2 SignatureMethod MAC Algorithms........................9 | 2.2 SignatureMethod MAC Algorithms........................9 | |||
| 2.2.1 HMAC-MD5............................................9 | 2.2.1 HMAC-MD5...........................................10 | |||
| 2.2.2 HMAC SHA Variations................................10 | 2.2.2 HMAC SHA Variations................................10 | |||
| 2.2.3 HMAC-RIPEMD160.....................................10 | 2.2.3 HMAC-RIPEMD160.....................................11 | |||
| 2.2.4 Poly1305...........................................11 | 2.2.4 Poly1305...........................................11 | |||
| 2.2.5 SipHash-2-4........................................11 | 2.2.5 SipHash-2-4........................................11 | |||
| 2.2.6 XMSS and XMSSMT....................................11 | 2.2.6 XMSS and XMSSMT....................................12 | |||
| 2.3 SignatureMethod Public Key Signature Algorithms......11 | 2.3 SignatureMethod Public Key Signature Algorithms......12 | |||
| 2.3.1 RSA-MD5............................................12 | 2.3.1 RSA-MD5............................................12 | |||
| 2.3.2 RSA-SHA256.........................................13 | 2.3.2 RSA-SHA256.........................................13 | |||
| 2.3.3 RSA-SHA384.........................................13 | 2.3.3 RSA-SHA384.........................................14 | |||
| 2.3.4 RSA-SHA512.........................................13 | 2.3.4 RSA-SHA512.........................................14 | |||
| 2.3.5 RSA-RIPEMD160......................................13 | 2.3.5 RSA-RIPEMD160......................................14 | |||
| 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......14 | 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......15 | |||
| 2.3.7 ESIGN-SHA*.........................................15 | 2.3.7 ESIGN-SHA*.........................................15 | |||
| 2.3.8 RSA-Whirlpool......................................15 | 2.3.8 RSA-Whirlpool......................................16 | |||
| 2.3.9 RSASSA-PSS with Parameters.........................15 | 2.3.9 RSASSA-PSS with Parameters.........................16 | |||
| 2.3.10 RSASSA-PSS without Parameters.....................17 | 2.3.10 RSASSA-PSS without Parameters.....................18 | |||
| 2.3.11 RSA-SHA224........................................17 | 2.3.11 RSA-SHA224........................................18 | |||
| 2.3.12 Edwards-Curve.....................................18 | 2.3.12 Edwards-Curve.....................................19 | |||
| 2.4 Minimal Canonicalization.............................19 | 2.4 Minimal Canonicalization.............................19 | |||
| 2.5 Transform Algorithms.................................19 | 2.5 Transform Algorithms.................................20 | |||
| 2.5.1 XPointer...........................................19 | 2.5.1 XPointer...........................................20 | |||
| 2.6 EncryptionMethod Algorithms..........................20 | 2.6 EncryptionMethod Algorithms..........................21 | |||
| 2.6.1 ARCFOUR Encryption Algorithm.......................20 | 2.6.1 ARCFOUR Encryption Algorithm.......................21 | |||
| 2.6.2 Camellia Block Encryption..........................20 | 2.6.2 Camellia Block Encryption..........................21 | |||
| 2.6.3 Camellia Key Wrap..................................21 | 2.6.3 Camellia Key Wrap..................................22 | |||
| 2.6.4 PSEC-KEM, RSAES-KEM, and ECIES-KEM.................21 | 2.6.4 PSEC-KEM, RSAES-KEM, and ECIES-KEM.................22 | |||
| 2.6.5 SEED Block Encryption..............................22 | 2.6.5 SEED Block Encryption..............................23 | |||
| 2.6.6 SEED Key Wrap......................................22 | 2.6.6 SEED Key Wrap......................................23 | |||
| 2.6.7 ChaCha20...........................................23 | 2.6.7 ChaCha20...........................................24 | |||
| 2.6.8 ChaCha20+Poly1305..................................23 | 2.6.8 ChaCha20+Poly1305..................................24 | |||
| 2.7 Key AgreementMethod Algorithms.......................24 | 2.7 Key AgreementMethod Algorithms.......................25 | |||
| 2.7.1 X25519 Key Agreement...............................24 | 2.7.1 X25519 Key Agreement...............................25 | |||
| 2.7.2 HKDF Key Derivation................................24 | 2.7.2 HKDF Key Derivation................................25 | |||
| Table of Contents (continued) | Table of Contents (continued) | |||
| 3. KeyInfo................................................26 | 3. KeyInfo................................................27 | |||
| 3.1 PKCS #7 Bag of Certificates and CRLs.................26 | 3.1 PKCS #7 Bag of Certificates and CRLs.................27 | |||
| 3.2 Additional RetrievalMethod Type Values...............26 | 3.2 Additional RetrievalMethod Type Values...............27 | |||
| 4. Indexes................................................27 | 4. Indexes................................................28 | |||
| 4.1 Index by Fragment Index..............................27 | 4.1 Index by Fragment Index..............................28 | |||
| 4.2 Index by URI.........................................31 | 4.2 Index by URI.........................................32 | |||
| 5. Allocation Considerations..............................35 | 5. Allocation Considerations..............................36 | |||
| 5.1 W3C Allocation Considerations........................35 | 5.1 W3C Allocation Considerations........................36 | |||
| 5.2 IANA Considerations..................................35 | 5.2 IANA Considerations..................................36 | |||
| 6. Security Considerations................................36 | 6. Security Considerations................................37 | |||
| Acknowledgements..........................................37 | Acknowledgements..........................................38 | |||
| Appendix A: Changes from [RFC6931]........................38 | Appendix A: Changes from [RFC6931]........................39 | |||
| Appendix B: Bad URIs......................................39 | Appendix B: Bad URIs......................................40 | |||
| Appendix Z: Change History................................40 | Appendix Z: Change History................................41 | |||
| Normative References......................................41 | Normative References......................................43 | |||
| Informational References..................................44 | Informational References..................................46 | |||
| Author's Address..........................................47 | Author's Address..........................................49 | |||
| 1. Introduction | 1. Introduction | |||
| XML digital signatures, canonicalization, and encryption were | XML digital signatures, canonicalization, and encryption were | |||
| standardized by the W3C and by the joint IETF/W3C XMLDSIG working | standardized by the W3C and by the joint IETF/W3C XMLDSIG working | |||
| group [W3C] [XMLSEC]. These are now W3C Recommendations and some are | group [W3C] [XMLSEC]. These are now W3C Recommendations and some are | |||
| also RFCs. They are available as follows: | also RFCs. They are available as follows: | |||
| RFC | RFC | |||
| Status W3C REC Topic | Status W3C REC Topic | |||
| skipping to change at page 4, line 33 ¶ | skipping to change at page 4, line 33 ¶ | |||
| [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 | [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 | |||
| Informational | Informational | |||
| These documents and recommendations use URIs [RFC3986] to identify | These documents and recommendations use URIs [RFC3986] to identify | |||
| algorithms and keying information types. The W3C has subsequently | algorithms and keying information types. The W3C has subsequently | |||
| produced updated XML Signature 1.1 [XMLDSIG11], Canonical XML 1.1 | produced updated XML Signature 1.1 [XMLDSIG11], Canonical XML 1.1 | |||
| [CANON11], and XML Encryption 1.1 [XMLENC11] versions, as well as a | [CANON11], and XML Encryption 1.1 [XMLENC11] versions, as well as a | |||
| new XML Signature Properties specification [XMLDSIG-PROP]. | new XML Signature Properties specification [XMLDSIG-PROP]. | |||
| In addition, the XML Encryption recommendation has has been augmented | In addition, the XML Encryption recommendation has been augmented by | |||
| by [GENERIC] which defines algorithms, XML types and elemets | [GENERIC] which defines algorithms, XML types and elements necessary | |||
| necessary to use generic hybrid ciphers in XML Security applications. | to use generic hybrid ciphers in XML Security applications. [GENERIC] | |||
| [GENERIC] also provides a key encapsulation algorithm and a data | also provides a key encapsulation algorithm and a data encapsulation | |||
| encapsulation algorithm (see Section 2.6.4). | algorithm (see Section 2.6.4). | |||
| All camel-case element names (names with both interior upper and | All camel-case element names (names with both interior upper and | |||
| lower case letters) herein, such as DigestValue, are from these | lower case letters) herein, such as DigestValue, are from these | |||
| documents. | documents. | |||
| This document is an updated convenient reference list of URIs and | This document is an updated convenient reference list of URIs and | |||
| corresponding algorithms in which there is expressed interest. This | corresponding algorithms in which there is expressed interest. This | |||
| document fixes Errata [Err3597], [Err3965], [Err4004] against and | document fixes Errata [Err3597], [Err3965], [Err4004] against and | |||
| obsoletes [RFC6931]. | obsoletes [RFC6931]. | |||
| skipping to change at page 7, line 30 ¶ | skipping to change at page 7, line 30 ¶ | |||
| http://www.w3.org/2007/05/xmldsig-more# | http://www.w3.org/2007/05/xmldsig-more# | |||
| and algorithms added in this document are given URIs that start with | and algorithms added in this document are given URIs that start with | |||
| http://www.w3.org/2021/04/xmldsig-more# | http://www.w3.org/2021/04/xmldsig-more# | |||
| In addition, for ease of reference, this document includes in the | In addition, for ease of reference, this document includes in the | |||
| indexes in Section 4 many cryptographic algorithm URIs from XML | indexes in Section 4 many cryptographic algorithm URIs from XML | |||
| security documents using the namespaces with which they are defined | security documents using the namespaces with which they are defined | |||
| in those documents. For example, 2000/09/xmldsig# for some URIs | in those documents as follows: | |||
| specified in [RFC3275] and 2001/04/xmlenc# for some URIs specified in | ||||
| [XMLENC10]. | http://www.w3.org/2000/09/xmldsig# | |||
| for some URIs specified in [RFC3275], | ||||
| http://www.w3.org/2001/04/xmlenc# | ||||
| for some URIs specified in [XMLENC10], and | ||||
| http://www.w3/org/xmlsec-ghc# | ||||
| for some URIs specified in [GENERIC]. | ||||
| See also [XMLSECXREF]. | See also [XMLSECXREF]. | |||
| 2.1 DigestMethod (Hash) Algorithms | 2.1 DigestMethod (Hash) Algorithms | |||
| These algorithms are usable wherever a DigestMethod element occurs. | These algorithms are usable wherever a DigestMethod element occurs. | |||
| 2.1.1 MD5 | 2.1.1 MD5 | |||
| Identifier: | Identifier: | |||
| skipping to change at page 8, line 45 ¶ | skipping to change at page 9, line 10 ¶ | |||
| A SHA-384 digest is a 384-bit string. The content of the DigestValue | A SHA-384 digest is a 384-bit string. The content of the DigestValue | |||
| element SHALL be the base64 [RFC2045] encoding of this string viewed | element SHALL be the base64 [RFC2045] encoding of this string viewed | |||
| as a 48-octet stream. | as a 48-octet stream. | |||
| 2.1.4 Whirlpool | 2.1.4 Whirlpool | |||
| Identifier: | Identifier: | |||
| http://www.w3.org/2007/05/xmldsig-more#whirlpool | http://www.w3.org/2007/05/xmldsig-more#whirlpool | |||
| The Whirlpool algorithm [10118-3] takes no explicit parameters. A | The Whirlpool algorithm [10118-3] takes no explicit parameters. An | |||
| Whirlpool digest is a 512-bit string. The content of the DigestValue | example of a Whirlpool DigestAlgorithm element is: | |||
| element SHALL be the base64 [RFC2045] encoding of this string viewed | ||||
| as a 64-octet stream. | <DigestAlgorithm | |||
| Algorithm="http://www.w3.org/2007/05/xmldsig-more#whirlpool" /> | ||||
| A Whirlpool digest is a 512-bit string. The content of the | ||||
| DigestValue element SHALL be the base64 [RFC2045] encoding of this | ||||
| string viewed as a 64-octet stream. | ||||
| 2.1.5 SHA3 Algorithms | 2.1.5 SHA3 Algorithms | |||
| Identifiers: | Identifiers: | |||
| http://www.w3.org/2007/05/xmldsig-more#sha3-224 | http://www.w3.org/2007/05/xmldsig-more#sha3-224 | |||
| http://www.w3.org/2007/05/xmldsig-more#sha3-256 | http://www.w3.org/2007/05/xmldsig-more#sha3-256 | |||
| http://www.w3.org/2007/05/xmldsig-more#sha3-384 | http://www.w3.org/2007/05/xmldsig-more#sha3-384 | |||
| http://www.w3.org/2007/05/xmldsig-more#sha3-512 | http://www.w3.org/2007/05/xmldsig-more#sha3-512 | |||
| NIST conducted a hash function competition for an alternative to the | NIST conducted a hash function competition for an alternative to the | |||
| SHA family. The Keccak-f[1600] algorithm was selected [Keccak] | SHA family. The Keccak-f[1600] algorithm was selected [Keccak]. | |||
| [SHA-3]. This hash function is commonly referred to as "SHA-3". | This hash function is commonly referred to as "SHA-3" [FIPS202]. | |||
| A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and | A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and | |||
| 512-bit string, respectively. The content of the DigestValue element | 512-bit string, respectively. The content of the DigestValue element | |||
| SHALL be the base64 [RFC2045] encoding of this string viewed as a | SHALL be the base64 [RFC2045] encoding of this string viewed as a | |||
| 28-, 32-, 48-, and 64-octet stream, respectively. An example of a | 28-, 32-, 48-, and 64-octet stream, respectively. An example of a | |||
| SHA3-224 DigestAlgorithm element is: | SHA3-224 DigestAlgorithm element is: | |||
| <DigestAlgorithm | <DigestAlgorithm | |||
| Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha3-224" /> | Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha3-224" /> | |||
| skipping to change at page 10, line 47 ¶ | skipping to change at page 11, line 14 ¶ | |||
| http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 | http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 | |||
| SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also | SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also | |||
| be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. | be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. | |||
| 2.2.3 HMAC-RIPEMD160 | 2.2.3 HMAC-RIPEMD160 | |||
| Identifier: | Identifier: | |||
| http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 | http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 | |||
| RIPEMD-160 [10118-3] is a 160-bit hash that is here used in HMAC. | RIPEMD-160 [10118-3] is a 160-bit hash that is used here in HMAC. | |||
| It's output can be optionally truncated. An example is as follows: | It's output can be optionally truncated. An example is as follows: | |||
| <SignatureMethod | <SignatureMethod | |||
| Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"> | Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"> | |||
| <HMACOutputLength>144</HMACOutputLength> | <HMACOutputLength>144</HMACOutputLength> | |||
| </SignatureMethod> | </SignatureMethod> | |||
| 2.2.4 Poly1305 | 2.2.4 Poly1305 | |||
| Identifier: | Identifier: | |||
| http://www.w3.org/2021/04/xml6dsig-more#poly1305 | http://www.w3.org/2021/04/xmldsig-more#poly1305 | |||
| Poly1305 [RFC8439] [Poly1305] is a high-speed message authentication | Poly1305 [RFC8439] [Poly1305] is a high-speed message authentication | |||
| code algorithm. | code algorithm. It takes a 32-octet one-time key and a message and | |||
| produces a 16-octet tag which is used to authenticate the message. An | ||||
| example of a Poly1305 SigntureMethod element is as follows: | ||||
| <SignatureMethod | ||||
| Algorithm="http://www.w3.org/2021/04/xmldsig-more#poly1305"/> | ||||
| 2.2.5 SipHash-2-4 | 2.2.5 SipHash-2-4 | |||
| Identifier: | Identifier: | |||
| http://www.w3.org/2021/04/xmldsg-more#siphash-2-4 | http://www.w3.org/2021/04/xmldsg-more#siphash-2-4 | |||
| SipHash [SipHash1] [SipHash2] computes a 64-bit MAC from a 128-bit | SipHash [SipHash1] [SipHash2] computes a 64-bit MAC from a 128-bit | |||
| secret key and a variable length message. | secret key and a variable length message. An example of a SipHash-2-4 | |||
| SigntureMethod element is as follows: | ||||
| <SignatureMethod | ||||
| Algorithm="http://www.w3.org/2021/04/xmldsg-more#siphash-2-4"/> | ||||
| 2.2.6 XMSS and XMSSMT | 2.2.6 XMSS and XMSSMT | |||
| Identifiers: | Identifiers: | |||
| http://www.w3.org/2021/04/xmldsig-more#xmss-sha2-192 | http://www.w3.org/2021/04/xmldsig-more#xmss-sha2-192 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmss-sha2-256 | http://www.w3.org/2021/04/xmldsig-more#xmss-sha2-256 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmss-shake256-192 | http://www.w3.org/2021/04/xmldsig-more#xmss-shake256-192 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmss-shake256-256 | http://www.w3.org/2021/04/xmldsig-more#xmss-shake256-256 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmssmt-sha2-192 | http://www.w3.org/2021/04/xmldsig-more#xmssmt-sha2-192 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmssmt-sha2-256 | http://www.w3.org/2021/04/xmldsig-more#xmssmt-sha2-256 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmssmt-shake256-192 | http://www.w3.org/2021/04/xmldsig-more#xmssmt-shake256-192 | |||
| http://www.w3.org/2021/04/xmldsig-more#xmssmt-shake256-256 | http://www.w3.org/2021/04/xmldsig-more#xmssmt-shake256-256 | |||
| XMSS and XMSSMT are stateful hash-based signature schemes | XMSS (eXtended Merkle Signature Scheme) and XMSSMT (XMSS Multi-Tree) | |||
| [NIST800-208]. | are stateful hash-based signature schemes [NIST800-208]. According to | |||
| NIST, it is believed that the security of these schemes depends only | ||||
| on the security of the underlying hash functions -- in particular the | ||||
| infeasibility of finding a preimage or a second preimage -- and it is | ||||
| believed that the security of these hash functions will not be broken | ||||
| by the development of large-scale quantum computers. | ||||
| The hash function used in these signature schemes is SHA-256 | ||||
| [RFC6234] or the SHAKE256 extensible output function [FIPS202] as | ||||
| indicated by the middle token of the URI extension. Their output is | ||||
| 192 or 256 bits as indicated by the final token of the URI extension. | ||||
| For further information on the intended usage of these signature | ||||
| schemes and the careful state management required to maintain their | ||||
| strength, see [FIPS800-208]. | ||||
| An example of an XMSS DigestAlgorithm element is: | ||||
| <DigestAlgorithm | ||||
| Algorithm="http://www.w3.org/2021/04/xmldsig-more#xmss-sha2-192" | ||||
| /> | ||||
| 2.3 SignatureMethod Public Key Signature Algorithms | 2.3 SignatureMethod Public Key Signature Algorithms | |||
| These algorithms are distinguished from those in Section 2.2 above in | These algorithms are distinguished from those in Section 2.2 above in | |||
| that they use public key methods. That is to say, the verification | that they use public key methods. That is to say, the verification | |||
| key is different from and not feasibly derivable from the signing | key is different from and not feasibly derivable from the signing | |||
| key. | key. | |||
| 2.3.1 RSA-MD5 | 2.3.1 RSA-MD5 | |||
| skipping to change at page 14, line 46 ¶ | skipping to change at page 15, line 38 ¶ | |||
| exception that SHA3 (see Section 2.1.5), RIPEMD160 or Whirlpool (see | exception that SHA3 (see Section 2.1.5), RIPEMD160 or Whirlpool (see | |||
| Section 2.1.4) is used instead of SHA-1. | Section 2.1.4) is used instead of SHA-1. | |||
| The output of the ECDSA algorithm consists of a pair of integers | The output of the ECDSA algorithm consists of a pair of integers | |||
| usually referred by the pair (r, s). The signature value consists of | usually referred by the pair (r, s). The signature value consists of | |||
| the base64 encoding of the concatenation of two octet streams that | the base64 encoding of the concatenation of two octet streams that | |||
| respectively result from the octet encoding of the values r and s in | respectively result from the octet encoding of the values r and s in | |||
| that order. Conversion from integer to octet-stream must be done | that order. Conversion from integer to octet-stream must be done | |||
| according to the I2OSP operation defined in the [RFC8017] | according to the I2OSP operation defined in the [RFC8017] | |||
| specification with the l parameter equal to the size of the base | specification with the l parameter equal to the size of the base | |||
| point order of the curve in bytes (e.g., 32 for the P-256 curve and | point order of the curve in octets (e.g., 32 for the P-256 curve and | |||
| 66 for the P-521 curve [FIPS186-4]). | 66 for the P-521 curve [FIPS186-4]). | |||
| For an introduction to elliptic curve cryptographic algorithms, see | For an introduction to elliptic curve cryptographic algorithms, see | |||
| [RFC6090] and note the errata (Errata ID 2773-2777). | [RFC6090] and note the errata (Errata ID 2773-2777). | |||
| 2.3.7 ESIGN-SHA* | 2.3.7 ESIGN-SHA* | |||
| Identifiers: | Identifiers: | |||
| http://www.w3.org/2001/04/xmldsig-more#esign-sha1 | http://www.w3.org/2001/04/xmldsig-more#esign-sha1 | |||
| http://www.w3.org/2001/04/xmldsig-more#esign-sha224 | http://www.w3.org/2001/04/xmldsig-more#esign-sha224 | |||
| skipping to change at page 16, line 7 ¶ | skipping to change at page 16, line 45 ¶ | |||
| /> | /> | |||
| 2.3.9 RSASSA-PSS with Parameters | 2.3.9 RSASSA-PSS with Parameters | |||
| Identifiers: | Identifiers: | |||
| http://www.w3.org/2007/05/xmldsig-more#rsa-pss | http://www.w3.org/2007/05/xmldsig-more#rsa-pss | |||
| http://www.w3.org/2007/05/xmldsig-more#MGF1 | http://www.w3.org/2007/05/xmldsig-more#MGF1 | |||
| These identifiers use the PKCS#1 EMSA-PSS encoding algorithm | These identifiers use the PKCS#1 EMSA-PSS encoding algorithm | |||
| [RFC8017]. The RSASSA-PSS algorithm takes the digest method (hash | [RFC8017]. The RSASSA-PSS algorithm takes the digest method (hash | |||
| function), a mask generation function, the salt length in bytes | function), a mask generation function, the salt length in octets | |||
| (SaltLength), and the trailer field as explicit parameters. | (SaltLength), and the trailer field as explicit parameters. | |||
| Algorithm identifiers for hash functions specified in XML encryption | Algorithm identifiers for hash functions specified in XML encryption | |||
| [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid | [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid | |||
| algorithm identifiers for hash functions. According to [RFC8017], | algorithm identifiers for hash functions. According to [RFC8017], | |||
| the default value for the digest function is SHA-1, but due to the | the default value for the digest function is SHA-1, but due to the | |||
| discovered weakness of SHA-1 [RFC6194], it is recommended that | discovered weakness of SHA-1 [RFC6194], it is recommended that | |||
| SHA-256 or a stronger hash function be used. Notwithstanding | SHA-256 or a stronger hash function be used. Notwithstanding | |||
| [RFC8017], SHA-256 is the default to be used with these | [RFC8017], SHA-256 is the default to be used with these | |||
| SignatureMethod identifiers if no hash function has been specified. | SignatureMethod identifiers if no hash function has been specified. | |||
| skipping to change at page 18, line 25 ¶ | skipping to change at page 19, line 21 ¶ | |||
| 2.3.12 Edwards-Curve | 2.3.12 Edwards-Curve | |||
| The Edwards-curve Digital Signature Algorithm (EdDSA) is a variant of | The Edwards-curve Digital Signature Algorithm (EdDSA) is a variant of | |||
| Schnorr's signature system with Edwards curves. A specification is | Schnorr's signature system with Edwards curves. A specification is | |||
| provided and some advatages listed in [RFC8032]. The general EdDSA | provided and some advatages listed in [RFC8032]. The general EdDSA | |||
| takes 11 parameters that must be carefully choosen for secure and | takes 11 parameters that must be carefully choosen for secure and | |||
| efficient operation. Identifiers for two variants, Ed25519 and Ed448, | efficient operation. Identifiers for two variants, Ed25519 and Ed448, | |||
| are given below. | are given below. | |||
| Ed25519 uses 32 byte public keys and produces 64 byte signatures. It | Ed25519 uses 32-octet public keys and produces 64-octet signatures. | |||
| provides about 128 bits of security and uses SHA-512 (see Section | It provides about 128 bits of security and uses SHA-512 (see Section | |||
| 2.2.2) as its hash algorithm. | 2.2.2) as its hash algorithm. | |||
| Ed448 uses 57 byte public keys and produces 114 byte signatures. It | Ed448 uses 57-octet public keys and produces 114-octet signatures. It | |||
| provides about 224 bits of security and uses "SHAKE256" [FIPS202] as | provides about 224 bits of security and uses "SHAKE256" [FIPS202] as | |||
| its hash algorithm. (SHAKE256 is specified by NIST as an "Extensible | its hash algorithm. (SHAKE256 is specified by NIST as an "Extensible | |||
| Output Function" and not specified or approved by NIST as a secure | Output Function" and not specified or approved by NIST as a secure | |||
| hash function.) | hash function.) | |||
| For further information on the variants of EdDSA identified below, | For further information on the variants of EdDSA identified below, | |||
| see [RFC8032]. | see [RFC8032]. | |||
| Identifiers: | Identifiers: | |||
| http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519ph | http://www.w3.org/2021/04/xmldsig-more#eddsa-ed25519ph | |||
| skipping to change at page 22, line 6 ¶ | skipping to change at page 23, line 6 ¶ | |||
| http://www.w3.org/2010/xmlsec-ghc#rsaes-kem | http://www.w3.org/2010/xmlsec-ghc#rsaes-kem | |||
| http://www.w3.org/2010/xmlsec-ghc#ecies-kem | http://www.w3.org/2010/xmlsec-ghc#ecies-kem | |||
| These algorithms, specified in [18033-2], are key encapsulation | These algorithms, specified in [18033-2], are key encapsulation | |||
| mechanisms using elliptic curve encryption. RSAEA-KEM and ECIES-KEM | mechanisms using elliptic curve encryption. RSAEA-KEM and ECIES-KEM | |||
| are also specified in [GENERIC]. | are also specified in [GENERIC]. | |||
| An example of use of PAEC-KEM is: | An example of use of PAEC-KEM is: | |||
| <EncryptionMethod | <EncryptionMethod | |||
| Algorithm="http://www.w3.org/2001/04/xmlenc#psec-kem"> | Algorithm="http://www.w3.org/2001/04/xmldsig-more#psec-kem"> | |||
| <ECParameters> | <ECParameters> | |||
| <Version>version</Version> | <Version>version</Version> | |||
| <FieldID>id</FieldID> | <FieldID>id</FieldID> | |||
| <Curve>curve</Curve> | <Curve>curve</Curve> | |||
| <Base>base</Base> | <Base>base</Base> | |||
| <Order>order</Order> | <Order>order</Order> | |||
| <Cofactor>cofactor</Cofactor> | <Cofactor>cofactor</Cofactor> | |||
| </ECParameters> | </ECParameters> | |||
| </EncryptionMethod> | </EncryptionMethod> | |||
| skipping to change at page 23, line 14 ¶ | skipping to change at page 24, line 14 ¶ | |||
| 2.6.7 ChaCha20 | 2.6.7 ChaCha20 | |||
| Identifier: | Identifier: | |||
| http://www.w3.org/2021/04/xmldsig-more#chacha20 | http://www.w3.org/2021/04/xmldsig-more#chacha20 | |||
| ChaCha20 [RFC8439], a stream cipher, is a variant of Salsa20 | ChaCha20 [RFC8439], a stream cipher, is a variant of Salsa20 | |||
| [ChaCha]. It is considerably faster than AES in software-only | [ChaCha]. It is considerably faster than AES in software-only | |||
| implementations. In addition to a 256-bit key and the plain text to | implementations. In addition to a 256-bit key and the plain text to | |||
| be encrypted, ChaCha20 takes a 96-bit Nonce and a 32-bit Counter. The | be encrypted, ChaCha20 takes a 96-bit Nonce and a 32-bit Counter. The | |||
| Nonce and Counter are repreented as hex in nexted elements as shown | Nonce and Counter are represented as hex in nested elements as shown | |||
| below. | below. | |||
| An example of use is: | An example of use is: | |||
| <EncryptionMethod | <EncryptionMethod | |||
| Algorithm= | Algorithm= | |||
| "http://www.w3.org/2021/04/xmldsig-more#chacha20"> | "http://www.w3.org/2021/04/xmldsig-more#chacha20"> | |||
| <Nonce>0123456789abcdef01234567</Nonce> | <Nonce>0123456789abcdef01234567</Nonce> | |||
| <Counter>fedcba09</Counter> | <Counter>fedcba09</Counter> | |||
| </EncryptionMethod> | </EncryptionMethod> | |||
| skipping to change at page 24, line 44 ¶ | skipping to change at page 25, line 44 ¶ | |||
| different times but with the same salt, info, initial keying | different times but with the same salt, info, initial keying | |||
| material, and output key size will produce identical output keying | material, and output key size will produce identical output keying | |||
| material. | material. | |||
| The inputs can be supplied to HKDF as follows: | The inputs can be supplied to HKDF as follows: | |||
| hash function: The algorithm attribute of a child DigestMethod | hash function: The algorithm attribute of a child DigestMethod | |||
| element. | element. | |||
| salt: The content of a Salt child element of AgreementMethod in | salt: The content of a Salt child element of AgreementMethod in | |||
| hex. If not provided, a string of zero bytes as long as the hash | hex. If not provided, a string of zero octets as long as the hash | |||
| function output is used as specificed in [RFC5869]. | function output is used as specified in [RFC5869]. | |||
| IKM: The content of an OriginatorKeyInfo child element of | IKM: The content of an OriginatorKeyInfo child element of | |||
| AgreementMethod in hex. May be absent in some applications where | AgreementMethod in hex. May be absent in some applications where | |||
| this is known through some other method. | this is known through some other method. | |||
| info: The content of the KA-Nonce child element of AgreementMethod | info: The content of the KA-Nonce child element of AgreementMethod | |||
| in hex. | in hex. | |||
| size: The content of a KeySize child element of AgreementMethod as | size: The content of a KeySize child element of AgreementMethod as | |||
| a decimal number. | a decimal number. | |||
| skipping to change at page 25, line 23 ¶ | skipping to change at page 26, line 23 ¶ | |||
| <AgreementMethod | <AgreementMethod | |||
| algorithm="http://www.w3.org/2021/04/xmldsig-more#hkdf"> | algorithm="http://www.w3.org/2021/04/xmldsig-more#hkdf"> | |||
| <DigestMethod | <DigestMethod | |||
| algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> | algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> | |||
| <Salt>000102030405060708090a0b0c</Salt> | <Salt>000102030405060708090a0b0c</Salt> | |||
| <OriginatorKeyInfo>0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b | <OriginatorKeyInfo>0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b | |||
| </OriginatorKeyInfo> | </OriginatorKeyInfo> | |||
| <KA-Nonce>f0f1f2f3f4f5f6f7f8f9</KA-Nonce> | <KA-Nonce>f0f1f2f3f4f5f6f7f8f9</KA-Nonce> | |||
| <KeySize>42</KeySize> | <KeySize>42</KeySize> | |||
| /AgreementMethod> | </AgreementMethod> | |||
| 3. KeyInfo | 3. KeyInfo | |||
| In Section 3.1 below a new KeyInfo element child is specified, while | In Section 3.1 below a new KeyInfo element child is specified, while | |||
| in Section 3.2 additional KeyInfo Type values for use in | in Section 3.2 additional KeyInfo Type values for use in | |||
| RetrievalMethod are specified. | RetrievalMethod are specified. | |||
| 3.1 PKCS #7 Bag of Certificates and CRLs | 3.1 PKCS #7 Bag of Certificates and CRLs | |||
| A PKCS #7 [RFC2315] "signedData" can also be used as a bag of | A PKCS #7 [RFC2315] "signedData" can also be used as a bag of | |||
| skipping to change at page 34, line 23 ¶ | skipping to change at page 35, line 23 ¶ | |||
| 2021/04/xmldsig-more#ecdsa-sha3-224 2.3.6 SignatureMethod | 2021/04/xmldsig-more#ecdsa-sha3-224 2.3.6 SignatureMethod | |||
| 2021/04/xmldsig-more#ecdsa-sha3-256 2.3.6 SignatureMethod | 2021/04/xmldsig-more#ecdsa-sha3-256 2.3.6 SignatureMethod | |||
| 2021/04/xmldsig-more#ecdsa-sha3-384 2.3.6 SignatureMethod | 2021/04/xmldsig-more#ecdsa-sha3-384 2.3.6 SignatureMethod | |||
| 2021/04/xmldsig-more#ecdsa-sha3-512 2.3.6 SignatureMethod | 2021/04/xmldsig-more#ecdsa-sha3-512 2.3.6 SignatureMethod | |||
| 2021/04/xmldsig-more#eddsa-ed25519ph 2.3.12 SignatureMethod | 2021/04/xmldsig-more#eddsa-ed25519ph 2.3.12 SignatureMethod | |||
| 2021/04/xmldsig-more#eddsa-ed25519ctx 2.3.12 SignatureMethod | 2021/04/xmldsig-more#eddsa-ed25519ctx 2.3.12 SignatureMethod | |||
| 2021/04/xmldsig-more#eddsa-ed25519 2.3.12 SignatureMethod | 2021/04/xmldsig-more#eddsa-ed25519 2.3.12 SignatureMethod | |||
| 2021/04/xmldsig-more#eddsa-ed448 2.3.12 SignatureMethod | 2021/04/xmldsig-more#eddsa-ed448 2.3.12 SignatureMethod | |||
| 2021/04/xmldsig-more#eddsa-ed448ph 2.3.12 SignatureMethod | 2021/04/xmldsig-more#eddsa-ed448ph 2.3.12 SignatureMethod | |||
| 2021/04/xmldsig-more#hkdf 2.7.2 AgreementMethod | 2021/04/xmldsig-more#hkdf 2.7.2 AgreementMethod | |||
| 2021/04/xmldsig-more#po1305 2.2.4 SignatureMethod | 2021/04/xmldsig-more#po1y305 2.2.4 SignatureMethod | |||
| 2021/04/xmldsig-more#siphash-2-4 2.2.5 SignatureMethod | 2021/04/xmldsig-more#siphash-2-4 2.2.5 SignatureMethod | |||
| 2021/04/xmldsig-more#x25519 2.7.1 AgreementMethod | 2021/04/xmldsig-more#x25519 2.7.1 AgreementMethod | |||
| 2021/04/xmldsig-more#xmss-sha2-192 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmss-sha2-192 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmss-sha2-256 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmss-sha2-256 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmss-shake256-192 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmss-shake256-192 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmss-shake256-256 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmss-shake256-256 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmssmt-sha2-192 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmssmt-sha2-192 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmssmt-sha2-256 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmssmt-sha2-256 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmssmt-shake256-192 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmssmt-shake256-192 2.2.6 SignatureMethod | |||
| 2021/04/xmldsig-more#xmssmt-shake256-256 2.2.6 SignatureMethod | 2021/04/xmldsig-more#xmssmt-shake256-256 2.2.6 SignatureMethod | |||
| skipping to change at page 35, line 22 ¶ | skipping to change at page 36, line 22 ¶ | |||
| and, if appropriate, to obtain a URI from the W3C, it is not intended | and, if appropriate, to obtain a URI from the W3C, it is not intended | |||
| that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be | that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be | |||
| created. (W3C Namespace stability rules prohibit the creation of new | created. (W3C Namespace stability rules prohibit the creation of new | |||
| URIs under "http://www.w3.org/2000/09/xmldsig#" and URIs under | URIs under "http://www.w3.org/2000/09/xmldsig#" and URIs under | |||
| "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the | "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the | |||
| publication of RFC 4051.) | publication of RFC 4051.) | |||
| The W3C has assigned "http://www.w3.org/2021/04/xmldsig-more#" for | The W3C has assigned "http://www.w3.org/2021/04/xmldsig-more#" for | |||
| additional new URIs specified in this document. | additional new URIs specified in this document. | |||
| There are also occurrences in this document of | ||||
| "http://www.w3.org/2010/xmlsec-ghc#" due to the inclusion of some | ||||
| algorithms from [GENERIC] for convenience. | ||||
| An "xmldsig-more" URI does not imply any official W3C or IETF status | An "xmldsig-more" URI does not imply any official W3C or IETF status | |||
| for these algorithms or identifiers nor does it imply that they are | for these algorithms or identifiers nor does it imply that they are | |||
| only useful in digital signatures. Currently, dereferencing such | only useful in digital signatures. Currently, dereferencing such | |||
| URIs may or may not produce a temporary placeholder document. | URIs may or may not produce a temporary placeholder document. | |||
| Permission to use these URI prefixes has been given by the W3C. | Permission to use these URI prefixes has been given by the W3C. | |||
| 5.2 IANA Considerations | 5.2 IANA Considerations | |||
| IANA has established a registry entitled "XML Security URIs". The | IANA has established a registry entitled "XML Security URIs". The | |||
| contents will be updated to correspond to Section 4.2 of this | contents will be updated to correspond to Section 4.2 of this | |||
| document with each section number in the "Sec/Doc" column augmented | document with each section number in the "Sec/Doc" column augmented | |||
| with a reference to this RFC (for example, "2.6.4" means "[this | with a reference to this RFC (for example, "2.6.4" means "[this | |||
| document], Section 2.6.4"). All references to [RFC6931] in that | document], Section 2.6.4"). All references to [RFC6931] in that | |||
| registry should be updated to [this document]. | registry should be updated to [this document]. | |||
| New entries, including new Types, will be added based on Expert | New entries, including new Types, will be added based on | |||
| Review [RFC8126]. Criterion for inclusion are (1) documentation | Specification Required [RFC8126]. Criterion for inclusion are (1) | |||
| sufficient for interoperability of the algorithm or data type and the | documentation sufficient for interoperability of the algorithm or | |||
| XML syntax for its representation and use and (2) sufficient | data type and the XML syntax for its representation and use and (2) | |||
| importance as normally indicated by inclusion in (2a) an approved W3C | sufficient importance as normally indicated by inclusion in (2a) an | |||
| Note, Proposed Recommendation, or Recommendation or (2b) an approved | approved W3C Note, Proposed Recommendation, or Recommendation or (2b) | |||
| IETF RFC. Typically, the registry will reference a W3C or IETF | an approved IETF RFC. Typically, the registry will reference a W3C | |||
| document specifying such XML syntax; that document will either | or IETF document specifying such XML syntax; that document will | |||
| contain a more detailed description of the algorithm or data type or | either contain a more detailed description of the algorithm or data | |||
| reference another document with a more detailed description. | type or reference another document with a more detailed description. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This RFC is concerned with documenting the URIs that designate | This RFC is concerned with documenting the URIs that designate | |||
| algorithms and some data types used in connection with XML security. | algorithms and some data types used in connection with XML security. | |||
| The security considerations vary widely with the particular | The security considerations vary widely with the particular | |||
| algorithms, and the general security considerations for XML security | algorithms, and the general security considerations for XML security | |||
| are outside of the scope of this document but appear in [XMLDSIG11], | are outside of the scope of this document but appear in [XMLDSIG11], | |||
| [XMLENC11], [CANON10], [CANON11], and [GENERIC]. | [XMLENC11], [CANON10], [CANON11], and [GENERIC]. | |||
| skipping to change at page 37, line 11 ¶ | skipping to change at page 38, line 11 ¶ | |||
| set of mandatory-to-implement algorithms for any particular use to | set of mandatory-to-implement algorithms for any particular use to | |||
| change over time. This is sometimes referred to as "algorithm | change over time. This is sometimes referred to as "algorithm | |||
| agility". | agility". | |||
| Acknowledgements | Acknowledgements | |||
| The contributions of the following, listed in alphabetic order, by | The contributions of the following, listed in alphabetic order, by | |||
| reporting errata against [RFC6931] or contributing to this document, | reporting errata against [RFC6931] or contributing to this document, | |||
| are gratefully acknowledged: | are gratefully acknowledged: | |||
| Pim van der Eijk, Frederick Hirsch, Gayle Noble, Axel Puhlmann, | Roman Danyliw, Pim van der Eijk, Frederick Hirsch, Gayle Noble, | |||
| Annie Yousar | Axel Puhlmann, and Annie Yousar. | |||
| The contributions of the following, listed in alphabetic order, to | The contributions of the following, listed in alphabetic order, to | |||
| [RFC6931], on which this document is based, are gratefully | [RFC6931], on which this document is based, are gratefully | |||
| acknowledged: | acknowledged: | |||
| Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, | Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, | |||
| Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, | Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, | |||
| Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter | Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter | |||
| Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter | Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter | |||
| Saint-Andre, and Sean Turner. | Saint-Andre, and Sean Turner. | |||
| skipping to change at page 38, line 41 ¶ | skipping to change at page 39, line 41 ¶ | |||
| 2.7.1 X25519 | 2.7.1 X25519 | |||
| 2.7.2 HKDF | 2.7.2 HKDF | |||
| 4. Listed ECIES-KEM and RSAES-KEM in Section 2.6.4 so they are | 4. Listed ECIES-KEM and RSAES-KEM in Section 2.6.4 so they are | |||
| easier to find even though the URI for them is specified in | easier to find even though the URI for them is specified in | |||
| [GENERIC]. | [GENERIC]. | |||
| 5. Updated references for [GENERIC] and FIPS 186, added approriate | 5. Updated references for [GENERIC] and FIPS 186, added approriate | |||
| references. | references. | |||
| 6. Minor typo fixes and editorial changes. | 6. Addition of some XML examples. | |||
| 7. Minor typo fixes and editorial changes. | ||||
| Appendix B: Bad URIs | Appendix B: Bad URIs | |||
| [RFC6931] included two bad URIs as shown below. "{Bad}" in the | [RFC6931] included two bad URIs as shown below. "{Bad}" in the | |||
| indexes (Section 4.1 and 4.2) indicates such a Bad value. | indexes (Section 4.1 and 4.2) indicates such a Bad value. | |||
| Implementations SHOULD only generate the correct URI but SHOULD | Implementations SHOULD only generate the correct URI but SHOULD | |||
| understand both the correct and erroneous URI. | understand both the correct and erroneous URI. | |||
| 2006/12/xmlc12n11# | 2006/12/xmlc12n11# | |||
| Appears in the indices (Section 4.1 and 4.2] of [RFC6931] when it | Appears in the indices (Section 4.1 and 4.2] of [RFC6931] when it | |||
| skipping to change at page 41, line 5 ¶ | skipping to change at page 41, line 54 ¶ | |||
| -15 to -16 | -15 to -16 | |||
| Fix text for ChaCha20 to include the required Nonce and Counter | Fix text for ChaCha20 to include the required Nonce and Counter | |||
| inputs. Add ChaCha20+Poly1305 AEAD algorithm. Add HKDF key derivation | inputs. Add ChaCha20+Poly1305 AEAD algorithm. Add HKDF key derivation | |||
| function. | function. | |||
| -16 to -17 | -16 to -17 | |||
| Mostly editorial fixes. | Mostly editorial fixes. | |||
| -17 to -18 | ||||
| Resolve AD review comments. Globally replace "byte" with "octet". | ||||
| Update reference to "US National Institute of Science and Technology, | ||||
| "SHA-3 WINNER", February 2013" to reference [FIPS202]. | ||||
| Normative References | Normative References | |||
| [10118-3] - ISO, "Information technology -- Security techniques -- | [10118-3] - ISO, "Information technology -- Security techniques -- | |||
| Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC | Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC | |||
| 10118-3:2004, 2004. | 10118-3:2004, 2004. | |||
| [18033-2] - ISO, "Information technology -- Security techniques -- | [18033-2] - ISO, "Information technology -- Security techniques -- | |||
| Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC | Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC | |||
| 18033-2:2010, 2010. | 18033-2:2010, 2010. | |||
| skipping to change at page 45, line 32 ¶ | skipping to change at page 47, line 32 ¶ | |||
| <http://www.rfc-editor.org/info/rfc6931>. | <http://www.rfc-editor.org/info/rfc6931>. | |||
| [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, | [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, | |||
| "XML Schema Part 1: Structures Second Edition", W3C | "XML Schema Part 1: Structures Second Edition", W3C | |||
| Recommendation, 28 October 2004, | Recommendation, 28 October 2004, | |||
| <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>. | <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>. | |||
| - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes | - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes | |||
| Second Edition", W3C Recommendation, 28 October 2004, | Second Edition", W3C Recommendation, 28 October 2004, | |||
| <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>. | <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>. | |||
| [SHA-3] - US National Institute of Science and Technology, "SHA-3 | ||||
| WINNER", February 2013, <http://csrc.nist.gov/ | ||||
| groups/ST/hash/sha-3/winner_sha-3.html>. | ||||
| [W3C] - World Wide Web Consortium, <http://www.w3.org>. | [W3C] - World Wide Web Consortium, <http://www.w3.org>. | |||
| [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML | [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML | |||
| Canonicalization Version 1.0", W3C Recommendation, 18 July | Canonicalization Version 1.0", W3C Recommendation, 18 July | |||
| 2002, <http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/>. | 2002, <http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/>. | |||
| [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. | [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. | |||
| Roessler, "XML Signature Syntax and Processing (Second | Roessler, "XML Signature Syntax and Processing (Second | |||
| Edition)", W3C Recommendation, 10 June 2008, | Edition)", W3C Recommendation, 10 June 2008, | |||
| <http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/>./ | <http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/>./ | |||
| End of changes. 44 change blocks. | ||||
| 101 lines changed or deleted | 151 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||