| < draft-ietf-ipsec-ike-auth-ecdsa-05.txt | draft-ietf-ipsec-ike-auth-ecdsa-06.txt > | |||
|---|---|---|---|---|
| IPSec Working Group D. Fu, NSA | IPSec Working Group D. Fu, NSA | |||
| INTERNET-DRAFT J. Solinas, NSA | INTERNET-DRAFT J. Solinas, NSA | |||
| Expires March 30, 2006 September 30, 2005 | Expires January 14, 2007 July 14, 2006 | |||
| IKE and IKEv2 Authentication Using ECDSA | IKE and IKEv2 Authentication Using ECDSA | |||
| <draft-ietf-ipsec-ike-auth-ecdsa-05.txt> | <draft-ietf-ipsec-ike-auth-ecdsa-06.txt> | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 40 ¶ | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Abstract | Abstract | |||
| This document describes how the Elliptic Curve Digital Signature | This document describes how the Elliptic Curve Digital Signature | |||
| Algorithm (ECDSA) may be used as the authentication method within | Algorithm (ECDSA) may be used as the authentication method within | |||
| the Internet Key Exchange (IKE) and Internet Key Exchange version 2 | the Internet Key Exchange (IKE) and Internet Key Exchange version 2 | |||
| (IKEv2) protocols. ECDSA may provide benefits including | (IKEv2) protocols. ECDSA may provide benefits including | |||
| computational efficiency, small signature sizes, and minimal | computational efficiency, small signature sizes, and minimal | |||
| bandwidth compared to other available digital signature methods. | bandwidth compared to other available digital signature methods. | |||
| This document adds ECDSA capability to IKE without introducing any | This document adds ECDSA capability to IKE and IKEv2 without | |||
| changes to existing IKE operation. | introducing any changes to existing IKE operation. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Requirements Terminology. . . . . . . . . . . . . . . . . . 3 | |||
| 3. Specifying ECDSA within IKE and IKEv2 . . . . . . . . . . . 3 | 3. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . 4 | 4. Specifying ECDSA within IKE and IKEv2 . . . . . . . . . . . 4 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 5 | 5. Security Considerations . . . . . . . . . . . . . . . . . . 4 | |||
| 6. Test Vectors. . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.1 Authentication Method 9 . . . . . . . . . . . . . . . 6 | 7. ECDSA Data Formats. . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.2 Authentication Method 10. . . . . . . . . . . . . . . 7 | 8. Test Vectors. . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.3 Authentication Method 11. . . . . . . . . . . . . . . 10 | 8.1 ECDSA-256 . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. References. . . . . . . . . . . . . . . . . . . . . . . . . 11 | 8.2 ECDSA-384 . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 7.1 Normative . . . . . . . . . . . . . . . . . . . . . . 11 | 8.3 ECDSA-521 . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 7.2. Informative . . . . . . . . . . . . . . . . . . . . . 11 | 9. References. . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9.1 Normative . . . . . . . . . . . . . . . . . . . . . . 13 | ||||
| 9.2. Informative . . . . . . . . . . . . . . . . . . . . . 14 | ||||
| 10. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . 14 | ||||
| 1. Introduction | 1. Introduction | |||
| The Internet Key Exchange, or IKE [IKE], is a key agreement and | The Internet Key Exchange, or IKE [IKE], is a key agreement and | |||
| security negotiation protocol; it is used for key establishment in | security negotiation protocol; it is used for key establishment in | |||
| IPSec. In the initial set of exchanges, both parties must | IPSec. In the initial set of exchanges, both parties must | |||
| authenticate each other using a negotiated authentication method. In | authenticate each other using a negotiated authentication method. In | |||
| the original version of IKE, this occurs in Phase 1; in IKEv2, it | the original version of IKE, this occurs in Phase 1; in IKEv2, it | |||
| occurs in the exchange called IKE-AUTH. One option for the | occurs in the exchange called IKE-AUTH. One option for the | |||
| authentication method is digital signatures using public key | authentication method is digital signatures using public key | |||
| cryptography. Currently, there are two digital signature methods | cryptography. Currently, there are two digital signature methods | |||
| defined for use within Phase 1 and IKE-AUTH: RSA signatures and DSA | defined for use within Phase 1 and IKE-AUTH: RSA signatures and DSA | |||
| (DSS) signatures. This document introduces ECDSA signatures as a | (DSS) signatures. This document introduces ECDSA signatures as a | |||
| third method. | third method. | |||
| For any given level of security against the best attacks known, ECDSA | For any given level of security against the best attacks known, ECDSA | |||
| signatures are smaller than RSA signatures and ECDSA keys require | signatures are smaller than RSA signatures, and ECDSA keys require | |||
| less bandwidth than DSA keys; there are also advantages of | less bandwidth than DSA keys [LV]; there are also advantages of | |||
| computational speed and efficiency in many settings. Additional | computational speed and efficiency in many settings. Additional | |||
| efficiency may be gained by simultaneously using ECDSA for IKE | efficiency may be gained by simultaneously using ECDSA for IKE/IKEv2 | |||
| authentication and using elliptic curve groups for the IKE key | authentication and using elliptic curve groups for the IKE/IKEv2 key | |||
| exchange. Implementers of IPSec and IKE may therefore find it | exchange. Implementers of IPSec and IKE/IKEv2 may therefore find it | |||
| desirable to use ECDSA as the Phase 1/IKE-AUTH authentication method. | desirable to use ECDSA as the Phase 1/IKE-AUTH authentication method. | |||
| 2. ECDSA | 2. Requirements Terminology | |||
| Keywords "MUST" and "SHOULD" that appear in this document are to be | ||||
| interpreted as described in [RFC2119]. | ||||
| 3. ECDSA | ||||
| The Elliptic Curve Digital Signature Algorithm (ECDSA) is the | The Elliptic Curve Digital Signature Algorithm (ECDSA) is the | |||
| elliptic curve analogue of the DSA (DSS) signature method [DSS]. It | elliptic curve analogue of the DSA (DSS) signature method [DSS]. It | |||
| is defined in the ANSI X9.62 standard [X9.62-2003]. Other compatible | is defined in the ANSI X9.62 standard [X9.62-2003]. Other compatible | |||
| specifications include FIPS 186-2 [DSS], IEEE 1363 [IEEE-1363], IEEE | specifications include FIPS 186-2 [DSS], IEEE 1363 [IEEE-1363], IEEE | |||
| 1363A [IEEE-1363A], and SEC1 [SEC1]. | 1363A [IEEE-1363A], and SEC1 [SEC]. | |||
| ECDSA signatures are smaller than RSA signatures of similar | ECDSA signatures are smaller than RSA signatures of similar | |||
| cryptographic strength. ECDSA public keys (and certificates) are | cryptographic strength. ECDSA public keys (and certificates) are | |||
| smaller than similar strength DSA keys, resulting in improved | smaller than similar strength DSA keys, resulting in improved | |||
| communications efficiency. Furthermore, on many platforms ECDSA | communications efficiency. Furthermore, on many platforms ECDSA | |||
| operations can be computed more quickly than similar strength RSA or | operations can be computed more quickly than similar strength RSA or | |||
| DSA operations (see [LV] for a security analysis of key sizes across | DSA operations (see [LV] for a security analysis of key sizes across | |||
| public key algorithms). These advantages of signature size, | public key algorithms). These advantages of signature size, | |||
| bandwidth, and computational efficiency may make ECDSA an attractive | bandwidth, and computational efficiency may make ECDSA an attractive | |||
| choice for many IKE implementations. | choice for many IKE and IKEv2 implementations. | |||
| 3. Specifying ECDSA within IKE and IKEv2 | 4. Specifying ECDSA within IKE and IKEv2 | |||
| The original IKE key negotiation protocol consists of two phases, | The original IKE key negotiation protocol consists of two phases, | |||
| Phase 1 and Phase 2. Within Phase 1, the two negotiating parties | Phase 1 and Phase 2. Within Phase 1, the two negotiating parties | |||
| authenticate each other using either pre-shared keys, digital | authenticate each other using either pre-shared keys, digital | |||
| signatures, or public-key encryption. | signatures, or public-key encryption. | |||
| The IKEv2 key negotiation protocol begins with two exchanges, | The IKEv2 key negotiation protocol begins with two exchanges, | |||
| IKE-SA-INIT and IKE-AUTH. When not using extensible authentication, | IKE-SA-INIT and IKE-AUTH. When not using extensible authentication, | |||
| the IKE-AUTH exchange includes a digital signature or MAC on a block | the IKE-AUTH exchange includes a digital signature or MAC on a block | |||
| of data. | of data. | |||
| The IANA-assigned attribute number for authentication using generic | The IANA-assigned attribute number for authentication using generic | |||
| ECDSA is 8 (see [IANA]), but the parameters and associated hash | ECDSA in IKE is 8 (see [IANA-IKE]), but the corresponding list of | |||
| functions are not specified. The document defines the following | IKEv2 authentication methods does not include ECDSA (see | |||
| authentication algorithms along with their anticipated IANA | [IANA-IKEv2]). Moreover, ECDSA cannot be specified for IKEv2 | |||
| attribute numbers. | independently of an associated hash function since IKEv2 does not | |||
| have a transform type for hash functions. For this reason, it is | ||||
| necessary to specify the hash function as part of the signature | ||||
| algorithm. Furthermore, the elliptic curve group must be specified | ||||
| since the choice of hash function depends on it as well. As a | ||||
| result, it is necessary to specify three signature algorithms, | ||||
| named ECDSA-256, ECDSA-384, and ECDSA-521. Each of these algorithms | ||||
| represents an instantiation of the ECDSA algorithm using a | ||||
| particular elliptic curve group and hash function. For reasons of | ||||
| consistency, this document defines the signatures for IKE in the | ||||
| same way. | ||||
| Digital Diffie- | Digital | |||
| IANA Signature Hellman Hash | Signature | |||
| Value Algorithm Group Function | Algorithm Elliptic Curve Group Hash Function | |||
| ----- --------- ------------ ------------- | ----------- -------------------------- --------------- | |||
| 9 ECDSA P-256 [19] SHA-256 [4] | ECDSA-256 256-bit random ECP group SHA2-256 | |||
| 10 ECDSA P-384 [20] SHA-384 [5] | ECDSA-384 384-bit random ECP group SHA2-384 | |||
| 11 ECDSA P-521 [21] SHA-512 [6] | ECDSA-521 521-bit random ECP group SHA2-512 | |||
| The numbers in brackets are the IANA identifiers for the Diffie- | The elliptic curve groups, including their base points, are specified | |||
| Hellman groups and the hash functions. | in [IKE-ECP]. | |||
| The Diffie-Hellman group is understood to use the base points | 5. Security Considerations | |||
| supplied in [IKE-ECP]. Therefore the selection of IANA identifier | ||||
| from the above table completely specifies the parameters necessary | ||||
| for verifying the signature. | ||||
| When ECDSA is used as the digital signature in IKE, the signature | Since this document proposes new digital signatures for use within | |||
| payload SHALL contain an encoding of the computed signature | IKE and IKEv2, many of the security considerations contained within | |||
| consisting of the concatenation of a pair of integers s and t. The | [IKE] and [IKEv2] apply here as well. Implementers should ensure | |||
| definition of s and t are given in Section 6 of this document. | that appropriate security measures are in place when they deploy | |||
| ECDSA within IKE or IKEv2. | ||||
| Implementers may find it convenient, when using ECDSA as the | ECDSA-256, ECDSA-384, and ECDSA-521 are designed to offer security | |||
| authentication method, to specify the hash used by ECDSA as the | comparable with the AES-128, AES-192, and AES-256 respectively. | |||
| value of the hash algorithm attribute. Implementers may also find | ||||
| it convenient to use ECDSA authentication in conjunction with an | ||||
| elliptic curve group for the IKE Diffie-Hellman key agreement; see | ||||
| [IKE-ECP] for some specific curves for the key agreement. | ||||
| 4. Security Considerations | 6. IANA Considerations | |||
| Implementers should ensure that appropriate security measures are in | Before this document can become an RFC, it is required that IANA | |||
| place when they deploy ECDSA within IKE. In particular, the security | update its registry of IPSEC authentication methods in [IANA-IKE] and | |||
| of ECDSA requires the careful selection of both key sizes and | its registry of IKEv2 authentication methods in [IANA-IKEv2] to | |||
| elliptic curve domain parameters. Selection guidelines for these | include ECDSA-256, ECDSA-384, and ECDSA-521. | |||
| parameters and some specific recommended curves that are considered | ||||
| safe are provided in ANSI X9.62 [X9.62], FIPS 186-2 [DSS], and SEC 2 | ||||
| [SEC2]. | ||||
| 5. IANA Considerations | 7. ECDSA Data Formats | |||
| Before this document can become an RFC, it is required that IANA | When ECDSA-256, ECDSA-384, or ECDSA-521 is used as the digital | |||
| update its registry of IKE authentication methods in [IANA] to | signature in IKE or IKEv2, the signature payload SHALL contain an | |||
| include the three options defined in Section 3 of this document. | encoding of the computed signature consisting of the concatenation | |||
| of a pair of integers r and s. The definitions of r and s are given | ||||
| in Section 6 of this document. | ||||
| 6. Test Vectors | Digital | |||
| signature Bit lengths Bit length | ||||
| algorithm of r and s of signature | ||||
| ----------- ------------- -------------- | ||||
| The following are examples of the IKEv2 key exchange payload for each | ECDSA-256 256 512 | |||
| of the three groups specified in this document. | ECDSA-384 384 768 | |||
| ECDSA-521 528 1056 | ||||
| The bit lengths of r and s are enforced, if necessary, by | ||||
| pre-pending the value with zeros. | ||||
| 8. Test Vectors | ||||
| The following are examples of the IKEv2 authentication payload for | ||||
| each of the three signatures specified in this document. | ||||
| The following notation is used. The Diffie-Hellman group is given by | The following notation is used. The Diffie-Hellman group is given by | |||
| the elliptic curve y^2 = x^3 - 3 x + b modulo p. If (x,y) is a | the elliptic curve y^2 = (x^3 - 3 x + b) modulo p. If (x,y) is a | |||
| point on the curve (i.e. x and y satisfy the above equation), then | point on the curve (i.e. x and y satisfy the above equation), then | |||
| (x,y)^n denotes the scalar multiple of the point (x,y) by the | (x,y)^n denotes the scalar multiple of the point (x,y) by the | |||
| integer n; it is another point on the curve. In the literature, the | integer n; it is another point on the curve. In the literature, the | |||
| scalar multiple is typically denoted n(x,y); the notation (x,y)^n is | scalar multiple is typically denoted n(x,y); the notation (x,y)^n is | |||
| used in order to conform to the notation used in [IKE], [IKEv2], and | used in order to conform to the notation used in [IKE], [IKEv2], and | |||
| [IKE-ECP]. | [IKE-ECP]. | |||
| The group order for the Diffie-Hellman group is denoted q. The | The group order for the curve group is denoted q. The generator is | |||
| generator is denoted g=(gx,gy). The hash of the message is denoted | denoted g=(gx,gy). The hash of the message is denoted h. The | |||
| h. The signer's static private key is denoted w; it is an integer | signer's static private key is denoted w; it is an integer between | |||
| between zero and q. The signer's static public key is | zero and q. The signer's static public key is g^w=(gwx,gwy). The | |||
| g^w=(gwx,gwy). The ephemeral private key is denoted k; it is an | ephemeral private key is denoted k; it is an integer between zero | |||
| integer between zero and q. The ephemeral public key is | and q. The ephemeral public key is g^k=(gkx,gky). The quantity | |||
| g^k=(gkx,gky). The quantity kinv is the integer between zero and | kinv is the integer between zero and q such that k*kinv = 1 modulo q. | |||
| q such that k*kinv = 1 modulo q. The first signature component is | The first signature component is denoted r; it is equal to gkx | |||
| denoted s; it is equal to gkx reduced modulo q. The second signature | reduced modulo q. The second signature component is denoted s; it is | |||
| component is denoted t; it is equal to (h+s*w)*kinv reduced modulo q. | equal to (h+r*w)*kinv reduced modulo q. | |||
| The test vectors below also include the data for verifying the ECDSA | The test vectors below also include the data for verifying the ECDSA | |||
| signature. The verifier computes h and the quantity tinv, which is | signature. The verifier computes h and the quantity sinv, which is | |||
| the integer between zero and q such that t*tinv = 1 modulo q. The | the integer between zero and q such that s*sinv = 1 modulo q. The | |||
| verifier computes | verifier computes | |||
| u = h*tinv modulo q | u = h*sinv modulo q | |||
| and | and | |||
| v = s*tinv modulo q. | v = r*sinv modulo q. | |||
| The verifier computes (gx,gy)^u = (gux,guy) and | The verifier computes (gx,gy)^u = (gux,guy) and | |||
| (gwx,gwy)^v = (gwvx,gwvy). The verifier computes the sum | (gwx,gwy)^v = (gwvx,gwvy). The verifier computes the sum | |||
| (sumx,sumy) = (gux,guy) + (gwvx,gwvy) | (sumx,sumy) = (gux,guy) + (gwvx,gwvy) | |||
| where + denotes addition of points on the elliptic curve. The | where + denotes addition of points on the elliptic curve. The | |||
| signature is verified if | signature is verified if | |||
| sumx modulo q = s. | sumx modulo q = r. | |||
| 6.1 Authentication Method 9 | 8.1 ECDSA-256 | |||
| The parameters for Diffie-Hellman group 19 are | It is assumed for this example that ECDSA-256 is assigned the id | |||
| number 9 by IANA. | ||||
| The parameters for the group for this signature are | ||||
| p: | p: | |||
| FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF | FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF | |||
| b: | b: | |||
| 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B | 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B | |||
| q: | q: | |||
| FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551 | FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551 | |||
| skipping to change at page 6, line 44 ¶ | skipping to change at page 7, line 17 ¶ | |||
| k: | k: | |||
| 9E56F509 196784D9 63D1C0A4 01510EE7 ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE | 9E56F509 196784D9 63D1C0A4 01510EE7 ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE | |||
| gkx: | gkx: | |||
| CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E 97566EA1 C066957C | CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E 97566EA1 C066957C | |||
| gky: | gky: | |||
| 2B57C023 5FB74897 68D058FF 4911C20F DBE71E36 99D91339 AFBB903E E17255DC | 2B57C023 5FB74897 68D058FF 4911C20F DBE71E36 99D91339 AFBB903E E17255DC | |||
| The SHA-256 hash of the message "abc" (hex 616263) is | The SHA2-256 hash of the message "abc" (hex 616263) is | |||
| h: | h: | |||
| BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD | BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD | |||
| The signature of the message is (s,t) where | The signature of the message is (r,s) where | |||
| kinv: | kinv: | |||
| AFA27894 5AF74B1E 295008E0 3A8984E2 E1C69D9B BBC74AF1 4E3AC4E4 21ABFA61 | AFA27894 5AF74B1E 295008E0 3A8984E2 E1C69D9B BBC74AF1 4E3AC4E4 21ABFA61 | |||
| s: | r: | |||
| CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E 97566EA1 C066957C | CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E 97566EA1 C066957C | |||
| t: | s: | |||
| 86FA3BB4 E26CAD5B F90B7F81 899256CE 7594BB1E A0C89212 748BFF3B 3D5B0315 | 86FA3BB4 E26CAD5B F90B7F81 899256CE 7594BB1E A0C89212 748BFF3B 3D5B0315 | |||
| The quantities required for verification of the signature are | The quantities required for verification of the signature are | |||
| tinv: | sinv: | |||
| 33BDC294 E90CFAD6 2A9F2FD1 F8741DA7 7C02A573 E1B53BA1 7A60BA90 4F491952 | 33BDC294 E90CFAD6 2A9F2FD1 F8741DA7 7C02A573 E1B53BA1 7A60BA90 4F491952 | |||
| u: | u: | |||
| C3875E57 C85038A0 D60370A8 7505200D C8317C8C 534948BE A6559C7C 18E6D4CE | C3875E57 C85038A0 D60370A8 7505200D C8317C8C 534948BE A6559C7C 18E6D4CE | |||
| v: | v: | |||
| 3B4E49C4 FDBFC006 FF993C81 A50EAE22 1149076D 6EC09DDD 9FB3B787 F85B6483 | 3B4E49C4 FDBFC006 FF993C81 A50EAE22 1149076D 6EC09DDD 9FB3B787 F85B6483 | |||
| gux: | gux: | |||
| 4F749762 9362EFBB EE591206 D036568F 239789B2 34960635 C6607EC6 99062600 | 4F749762 9362EFBB EE591206 D036568F 239789B2 34960635 C6607EC6 99062600 | |||
| skipping to change at page 7, line 37 ¶ | skipping to change at page 8, line 11 ¶ | |||
| gwvy: | gwvy: | |||
| 0C10CBA8 DD2620C1 12A4F9BE 578E4BE1 E64DC0F7 D1D526CA 167749F9 CEC0DF08 | 0C10CBA8 DD2620C1 12A4F9BE 578E4BE1 E64DC0F7 D1D526CA 167749F9 CEC0DF08 | |||
| sumx: | sumx: | |||
| CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E 97566EA1 C066957C | CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E 97566EA1 C066957C | |||
| sumy: | sumy: | |||
| 2B57C023 5FB74897 68D058FF 4911C20F DBE71E36 99D91339 AFBB903E E17255DC | 2B57C023 5FB74897 68D058FF 4911C20F DBE71E36 99D91339 AFBB903E E17255DC | |||
| The signature is valid since sumx modulo q equals s. | The signature is valid since sumx modulo q equals r. | |||
| If the signature (s,t) were the one appearing in the authentication | If the signature (r,s) were the one appearing in the authentication | |||
| payload, then the payload would be as follows. | payload, then the payload would be as follows. | |||
| 00000048 00090000 CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E | 00000048 00090000 CB28E099 9B9C7715 FD0A80D8 E47A7707 9716CBBF 917DD72E | |||
| 97566EA1 C066957C 86FA3BB4 E26CAD5B F90B7F81 899256CE 7594BB1E A0C89212 | 97566EA1 C066957C 86FA3BB4 E26CAD5B F90B7F81 899256CE 7594BB1E A0C89212 | |||
| 748BFF3B 3D5B0315 | 748BFF3B 3D5B0315 | |||
| 6.2 Authentication Method 10 | 8.2 ECDSA-384 | |||
| The parameters for Diffie-Hellman group 20 are | It is assumed for this example that ECDSA-384 is assigned the id | |||
| number 10 by IANA. | ||||
| The parameters for the group for this signature are | ||||
| p: | p: | |||
| FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE | FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE | |||
| FFFFFFFF 00000000 00000000 FFFFFFFF | FFFFFFFF 00000000 00000000 FFFFFFFF | |||
| b: | b: | |||
| B3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A | B3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A | |||
| C656398D 8A2ED19D 2A85C8ED D3EC2AEF | C656398D 8A2ED19D 2A85C8ED D3EC2AEF | |||
| q: | q: | |||
| skipping to change at page 8, line 47 ¶ | skipping to change at page 9, line 25 ¶ | |||
| 854D7FA9 92F934D9 27376285 E63414FA | 854D7FA9 92F934D9 27376285 E63414FA | |||
| gkx: | gkx: | |||
| FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 8084E293 0F1C8F7E | FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 8084E293 0F1C8F7E | |||
| 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 | 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 | |||
| gky: | gky: | |||
| 2C735822 48686C41 8485E7B7 4E707625 A1832769 F7F56E81 7CF83B1E 4690E782 | 2C735822 48686C41 8485E7B7 4E707625 A1832769 F7F56E81 7CF83B1E 4690E782 | |||
| 65B7AD37 BC2F865F DC290DB6 15CDF17F | 65B7AD37 BC2F865F DC290DB6 15CDF17F | |||
| The SHA-384 hash of the message "abc" (hex 616263) is | The SHA2-384 hash of the message "abc" (hex 616263) is | |||
| h: | h: | |||
| CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163 1A8B605A 43FF5BED | CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163 1A8B605A 43FF5BED | |||
| 8086072B A1E7CC23 58BAECA1 34C825A7 | 8086072B A1E7CC23 58BAECA1 34C825A7 | |||
| The signature of the message is (s,t) where | The signature of the message is (r,s) where | |||
| kinv: | kinv: | |||
| EB12876B F6191A29 1AA5780A 3887C3BF E7A5C7E3 21CCA674 886B1228 D9BB3D52 | EB12876B F6191A29 1AA5780A 3887C3BF E7A5C7E3 21CCA674 886B1228 D9BB3D52 | |||
| 918EF19F E5CE67E9 80BEDC1E 613D39C0 | 918EF19F E5CE67E9 80BEDC1E 613D39C0 | |||
| s: | r: | |||
| FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 8084E293 0F1C8F7E | FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 8084E293 0F1C8F7E | |||
| 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 | 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 | |||
| t: | s: | |||
| B263A130 5E057F98 4D38726A 1B468741 09F417BC A112674C 528262A4 0A629AF1 | B263A130 5E057F98 4D38726A 1B468741 09F417BC A112674C 528262A4 0A629AF1 | |||
| CBB9F516 CE0FA7D2 FF630863 A00E8B9F | CBB9F516 CE0FA7D2 FF630863 A00E8B9F | |||
| The quantities required for verification of the signature are | The quantities required for verification of the signature are | |||
| tinv: | sinv: | |||
| 06EFACEE 8A657F77 584C5A03 9F7E2720 D61DF84C 8FAC6FA4 9A06F6C4 6E8CDA28 | 06EFACEE 8A657F77 584C5A03 9F7E2720 D61DF84C 8FAC6FA4 9A06F6C4 6E8CDA28 | |||
| 6ADD7D3B 90E1CDA4 79BD899B EE14B99D | 6ADD7D3B 90E1CDA4 79BD899B EE14B99D | |||
| u: | u: | |||
| CA5E3714 B4B68BB8 5AF0BC69 E12B16C8 8FAFA26A A6598D7E 2D5C3C40 26F7A944 | CA5E3714 B4B68BB8 5AF0BC69 E12B16C8 8FAFA26A A6598D7E 2D5C3C40 26F7A944 | |||
| 7D731721 ABE62CC0 1165ABFD 847088E9 | 7D731721 ABE62CC0 1165ABFD 847088E9 | |||
| v: | v: | |||
| 1342C935 5F1A4563 5435899A C24AEF06 3947CA47 951E89F6 83D73172 F964C359 | 1342C935 5F1A4563 5435899A C24AEF06 3947CA47 951E89F6 83D73172 F964C359 | |||
| 69E75EF9 06DA2396 2C747C04 A01137B8 | 69E75EF9 06DA2396 2C747C04 A01137B8 | |||
| skipping to change at page 9, line 55 ¶ | skipping to change at page 10, line 33 ¶ | |||
| 173F1ABF F3980DF1 F7EC4335 B185CEBF | 173F1ABF F3980DF1 F7EC4335 B185CEBF | |||
| sumx: | sumx: | |||
| FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 8084E293 0F1C8F7E | FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 8084E293 0F1C8F7E | |||
| 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 | 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 | |||
| sumy: | sumy: | |||
| 2C735822 48686C41 8485E7B7 4E707625 A1832769 F7F56E81 7CF83B1E 4690E782 | 2C735822 48686C41 8485E7B7 4E707625 A1832769 F7F56E81 7CF83B1E 4690E782 | |||
| 65B7AD37 BC2F865F DC290DB6 15CDF17F | 65B7AD37 BC2F865F DC290DB6 15CDF17F | |||
| The signature is valid since sumx modulo q equals s. | The signature is valid since sumx modulo q equals r. | |||
| If the signature (s,t) were the one appearing in the authentication | If the signature (r,s) were the one appearing in the authentication | |||
| payload, then the payload would be as follows. | payload, then the payload would be as follows. | |||
| 00000068 000A0000 FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 | 00000068 000A0000 FB017B91 4E291494 32D8BAC2 9A514640 B46F53DD AB2C6994 | |||
| 8084E293 0F1C8F7E 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 B263A130 5E057F98 | 8084E293 0F1C8F7E 08E07C9C 63F2D21A 07DCB56A 6AF56EB3 B263A130 5E057F98 | |||
| 4D38726A 1B468741 09F417BC A112674C 528262A4 0A629AF1 CBB9F516 CE0FA7D2 | 4D38726A 1B468741 09F417BC A112674C 528262A4 0A629AF1 CBB9F516 CE0FA7D2 | |||
| FF630863 A00E8B9F | FF630863 A00E8B9F | |||
| 6.3 Authentication Method 11 | 8.3 ECDSA-521 | |||
| The parameters for Diffie-Hellman group 21 are | It is assumed for this example that ECDSA-521 is assigned the id | |||
| number 11 by IANA. | ||||
| The parameters for the group for this signature are | ||||
| p: | p: | |||
| 01FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF | 01FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF | |||
| FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF | FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF | |||
| FFFF | FFFF | |||
| b: | b: | |||
| 0051953E B9618E1C 9A1F929A 21A0B685 40EEA2DA 725B99B3 15F3B8B4 89918EF1 | 0051953E B9618E1C 9A1F929A 21A0B685 40EEA2DA 725B99B3 15F3B8B4 89918EF1 | |||
| 09E15619 3951EC7E 937B1652 C0BD3BB1 BF073573 DF883D2C 34F1EF45 1FD46B50 | 09E15619 3951EC7E 937B1652 C0BD3BB1 BF073573 DF883D2C 34F1EF45 1FD46B50 | |||
| 3F00 | 3F00 | |||
| skipping to change at page 11, line 24 ¶ | skipping to change at page 12, line 4 ¶ | |||
| gkx: | gkx: | |||
| 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 AAAAB68E 2E6F4339 | 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 AAAAB68E 2E6F4339 | |||
| B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 2CAEACEE 54432055 | B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 2CAEACEE 54432055 | |||
| 2251 | 2251 | |||
| gky: | gky: | |||
| 006D073D 72B272EA 86388D86 8EF64D4C 300A67AC 2981C0F8 E6710AEF A2FCF845 | 006D073D 72B272EA 86388D86 8EF64D4C 300A67AC 2981C0F8 E6710AEF A2FCF845 | |||
| 8117B05E B91BA11C 68BCFC1B C24587E3 A1D0CA2A FE398CDB CFD79CB3 0B36B218 | 8117B05E B91BA11C 68BCFC1B C24587E3 A1D0CA2A FE398CDB CFD79CB3 0B36B218 | |||
| B437 | B437 | |||
| The hash of the message "abc" (hex 616263) is | The hash of the message "abc" (hex 616263) is | |||
| SHA-512(616263): | SHA2-512(616263): | |||
| DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A | DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A | |||
| 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F | 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F | |||
| Therefore the quantity h is | Therefore the quantity h is | |||
| h: | h: | |||
| 0000DDAF 35A19361 7ABACC41 7349AE20 413112E6 FA4E89A9 7EA20A9E EEE64B55 | 0000DDAF 35A19361 7ABACC41 7349AE20 413112E6 FA4E89A9 7EA20A9E EEE64B55 | |||
| D39A2192 992A274F C1A836BA 3C23A3FE EBBD454D 4423643C E80E2A9A C94FA54C | D39A2192 992A274F C1A836BA 3C23A3FE EBBD454D 4423643C E80E2A9A C94FA54C | |||
| A49F | A49F | |||
| The signature of the message is (s,t) where | The signature of the message is (r,s) where | |||
| kinv: | kinv: | |||
| 00E90EF3 CE52F8D1 E5A4EEBD 0905F425 2400B0AE 73B49E33 23BCE258 A55F507D | 00E90EF3 CE52F8D1 E5A4EEBD 0905F425 2400B0AE 73B49E33 23BCE258 A55F507D | |||
| 7C45F3A2 DE3A3EA2 E51D9343 46D71593 A80C8C62 FE229DDF 5D2B64B7 AF4A0837 | 7C45F3A2 DE3A3EA2 E51D9343 46D71593 A80C8C62 FE229DDF 5D2B64B7 AF4A0837 | |||
| 0D32 | 0D32 | |||
| s: | r: | |||
| 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 AAAAB68E 2E6F4339 | 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 AAAAB68E 2E6F4339 | |||
| B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 2CAEACEE 54432055 | B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 2CAEACEE 54432055 | |||
| 2251 | 2251 | |||
| t: | s: | |||
| 017705A7 030290D1 CEB605A9 A1BB03FF 9CDD521E 87A696EC 926C8C10 C8362DF4 | 017705A7 030290D1 CEB605A9 A1BB03FF 9CDD521E 87A696EC 926C8C10 C8362DF4 | |||
| 97536710 1F67D1CF 9BCCBF2F 3D239534 FA509E70 AAC851AE 01AAC68D 62F86647 | 97536710 1F67D1CF 9BCCBF2F 3D239534 FA509E70 AAC851AE 01AAC68D 62F86647 | |||
| 2660 | 2660 | |||
| The quantities required for verification of the signature are | The quantities required for verification of the signature are | |||
| tinv: | sinv: | |||
| 00DDA6B8 83CB36BF CB21D5B0 B7D1F443 9D3C7797 B23A8D73 58032D5C C917142E | 00DDA6B8 83CB36BF CB21D5B0 B7D1F443 9D3C7797 B23A8D73 58032D5C C917142E | |||
| 3F6778BD 977D8460 867853AE 9C74EF5E 417CFA96 F7C937C1 418D9343 738A1BA8 | 3F6778BD 977D8460 867853AE 9C74EF5E 417CFA96 F7C937C1 418D9343 738A1BA8 | |||
| 78E0 | 78E0 | |||
| u: | u: | |||
| 019E5FDB ECC2A88B 72679233 11B27868 427AE2B8 83ED0346 9CBABE65 ACD3F2F8 | 019E5FDB ECC2A88B 72679233 11B27868 427AE2B8 83ED0346 9CBABE65 ACD3F2F8 | |||
| D74FA657 8A23C85D 598D1DC6 C1DA074E 0AB83852 BDAAE2F1 857713D3 5BB9BDB7 | D74FA657 8A23C85D 598D1DC6 C1DA074E 0AB83852 BDAAE2F1 857713D3 5BB9BDB7 | |||
| 32D8 | 32D8 | |||
| v: | v: | |||
| skipping to change at page 12, line 50 ¶ | skipping to change at page 13, line 30 ¶ | |||
| sumx: | sumx: | |||
| 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 AAAAB68E 2E6F4339 | 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 AAAAB68E 2E6F4339 | |||
| B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 2CAEACEE 54432055 | B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 2CAEACEE 54432055 | |||
| 2251 | 2251 | |||
| sumy: | sumy: | |||
| 006D073D 72B272EA 86388D86 8EF64D4C 300A67AC 2981C0F8 E6710AEF A2FCF845 | 006D073D 72B272EA 86388D86 8EF64D4C 300A67AC 2981C0F8 E6710AEF A2FCF845 | |||
| 8117B05E B91BA11C 68BCFC1B C24587E3 A1D0CA2A FE398CDB CFD79CB3 0B36B218 | 8117B05E B91BA11C 68BCFC1B C24587E3 A1D0CA2A FE398CDB CFD79CB3 0B36B218 | |||
| B437 | B437 | |||
| The signature is valid since sumx modulo q equals s. | The signature is valid since sumx modulo q equals r. | |||
| If the signature (s,t) were the one appearing in the authentication | If the signature (r,s) were the one appearing in the authentication | |||
| payload, then the payload would be as follows. | payload, then the payload would be as follows. | |||
| 0000008C 000B0000 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 | 0000008C 000B0000 0154FD38 36AF92D0 DCA57DD5 341D3053 988534FD E8318FC6 | |||
| AAAAB68E 2E6F4339 B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 | AAAAB68E 2E6F4339 B19F2F28 1A7E0B22 C269D93C F8794A92 78880ED7 DBB8D936 | |||
| 2CAEACEE 54432055 22510177 05A70302 90D1CEB6 05A9A1BB 03FF9CDD 521E87A6 | 2CAEACEE 54432055 22510177 05A70302 90D1CEB6 05A9A1BB 03FF9CDD 521E87A6 | |||
| 96EC926C 8C10C836 2DF49753 67101F67 D1CF9BCC BF2F3D23 9534FA50 9E70AAC8 | 96EC926C 8C10C836 2DF49753 67101F67 D1CF9BCC BF2F3D23 9534FA50 9E70AAC8 | |||
| 51AE01AA C68D62F8 66472660 | 51AE01AA C68D62F8 66472660 | |||
| 7. References | 9. References | |||
| 7.1 Normative | 9.1 Normative | |||
| [IANA] Internet Assigned Numbers Authority, Internet Key Exchange | [IANA-IKE] Internet Assigned Numbers Authority, Internet Key Exchange | |||
| (IKE) Attributes. (http://www.iana.org/assignments/ipsec-registry) | (IKE) Attributes. (http://www.iana.org/assignments/ipsec-registry) | |||
| [IANA-IKEv2] IKEv2 Parameters. | ||||
| (http://www.iana.org/assignments/ikev2-parameters) | ||||
| [IKE] D. Harkins and D. Carrel, The Internet Key Exchange, RFC 2409, | [IKE] D. Harkins and D. Carrel, The Internet Key Exchange, RFC 2409, | |||
| November 1998. | November 1998. | |||
| [IKEv2] C. Kaufman, Internet Key Exchange (IKEv2) Protocol, 2004, | [IKEv2] C. Kaufman, Internet Key Exchange (IKEv2) Protocol, RFC 4306, | |||
| http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-17.txt | December 2005. | |||
| [IKE-ECP] D. Fu and J. Solinas, ECP Groups For IKE and IKEv2, 2005. | [IKE-ECP] D. Fu and J. Solinas, ECP Groups For IKE and IKEv2, 2006. | |||
| (draft-ietf-ipsec-ike-ecp-groups-02.txt) | (draft-ietf-ipsec-ike-ecp-groups-03.txt) | |||
| [SHS] FIPS 180-2, "Secure Hash Standard", National Institute of | [SHS] FIPS 180-2, "Secure Hash Standard", National Institute of | |||
| Standards and Technology, 2002. | Standards and Technology, 2002. | |||
| [X9.62-2003] American National Standards Institute, X9.62-1998: | [X9.62-2003] American National Standards Institute, X9.62-1998: | |||
| Public Key Cryptography for the Financial Services Industry: The | Public Key Cryptography for the Financial Services Industry: The | |||
| Elliptic Curve Digital Signature Algorithm, | Elliptic Curve Digital Signature Algorithm, | |||
| Revised-Draft-2003-02-26, February 2003. | Revised-Draft-2003-02-26, February 2003. | |||
| 7.2 Informative | 9.2 Informative | |||
| [DSS] U.S. Department of Commerce/National Institute of Standards | [DSS] U.S. Department of Commerce/National Institute of Standards | |||
| and Technology, Digital Signature Standard (DSS), FIPS PUB 186-2, | and Technology, Digital Signature Standard (DSS), FIPS PUB 186-2, | |||
| January 2000. (http://csrc.nist.gov/publications/fips/index.html) | January 2000. (http://csrc.nist.gov/publications/fips/index.html) | |||
| [IEEE-1363] Institute of Electrical and Electronics Engineers. | [IEEE-1363] Institute of Electrical and Electronics Engineers. | |||
| IEEE 1363-2000, Standard for Public Key Cryptography. | IEEE 1363-2000, Standard for Public Key Cryptography. | |||
| (http://grouper.ieee.org/groups/1363/index.html) | (http://grouper.ieee.org/groups/1363/index.html) | |||
| [IEEE-1363A] Institute of Electrical and Electronics Engineers. | [IEEE-1363A] Institute of Electrical and Electronics Engineers. | |||
| IEEE 1363A-2004, Standard for Public Key Cryptography - | IEEE 1363A-2004, Standard for Public Key Cryptography - | |||
| Amendment 1: Additional Techniques. | Amendment 1: Additional Techniques. | |||
| (http://grouper.ieee.org/groups/1363/index.html) | (http://grouper.ieee.org/groups/1363/index.html) | |||
| [LV] A. Lenstra and E. Verheul, "Selecting Cryptographic Key | [LV] A. Lenstra and E. Verheul, "Selecting Cryptographic Key | |||
| Sizes", Journal of Cryptology 14 (2001), pp. 255-293. | Sizes", Journal of Cryptology 14 (2001), pp. 255-293. | |||
| [RFC-3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, | [SEC] Standards for Efficient Cryptography Group. SEC 1 - Elliptic | |||
| Algorithms and Identifiers for the Internet X.509 Public Key | ||||
| Infrastructure Certificate and Certificate Revocation List (CRL) | ||||
| Profile, 2002. (http://www.ietf.org/rfc/rfc3279.txt) | ||||
| [RFC-3280] Housley, R., Polk, W., Ford, W. and D. Solo, RFC 3280, | ||||
| Internet X.509 Public Key Infrastructure Certificate and | ||||
| Certificate Revocation List (CRL) Profile, 2002. | ||||
| (http://www.ietf.org/rfc/rfc3279.txt) | ||||
| [SEC1] Standards for Efficient Cryptography Group. SEC 1 - Elliptic | ||||
| Curve Cryptography, v. 1.0, 2000. (http://www.secg.org) | Curve Cryptography, v. 1.0, 2000. (http://www.secg.org) | |||
| [SEC2] Standards for Efficient Cryptography Group. SEC 2 - | 10. Authors' Addresses | |||
| Recommended Elliptic Curve Domain Parameters, v. 1.0, 2000. | ||||
| (http://www.secg.org) | ||||
| 7. Authors' Addresses | ||||
| David E. Fu | David E. Fu | |||
| National Information Assurance Research Laboratory | National Information Assurance Research Laboratory | |||
| National Security Agency | National Security Agency | |||
| defu@orion.ncsc.mil | defu@orion.ncsc.mil | |||
| Jerome A. Solinas | Jerome A. Solinas | |||
| National Information Assurance Research Laboratory | National Information Assurance Research Laboratory | |||
| National Security Agency | National Security Agency | |||
| jasolin@orion.ncsc.mil | jasolin@orion.ncsc.mil | |||
| Comments are solicited and should be addressed to the authors. | Comments are solicited and should be addressed to the authors. | |||
| Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2006). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Expires March 30, 2006 | Expires January 14, 2007 | |||
| End of changes. 68 change blocks. | ||||
| 135 lines changed or deleted | 156 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||