< draft-ietf-pkix-gost-cppk-04.txt   draft-ietf-pkix-gost-cppk-05.txt >
PKIX Working Group Serguei Leontiev, CRYPTO-PRO PKIX Working Group Serguei Leontiev, CRYPTO-PRO
Internet Draft Dennis Shefanovski, DEMOS Co Ltd Internet Draft Dennis Shefanovski, DEMOS Co Ltd
Expires June 21, 2006 December 21, 2005 Expires July 17, 2006 January 17, 2006
Intended Category: Standards Track Intended Category: Standards Track
Using the GOST R 34.10-94, GOST R 34.10-2001 and Using the GOST R 34.10-94, GOST R 34.10-2001 and
GOST R 34.11-94 algorithms with the GOST R 34.11-94 algorithms with the
Internet X.509 Public Key Infrastructure Internet X.509 Public Key Infrastructure
Certificate and CRL Profile. Certificate and CRL Profile.
<draft-ietf-pkix-gost-cppk-04.txt> <draft-ietf-pkix-gost-cppk-05.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. http://www.ietf.org/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 21, 2006. This Internet-Draft will expire on July 17, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document supplements RFC 3279. It describes encoding formats, This document supplements RFC 3279. It describes encoding formats,
identifiers and parameter formats for the algorithms GOST R 34.10-94, identifiers and parameter formats for the algorithms GOST R 34.10-94,
GOST R 34.10-2001 and GOST R 34.11-94 for use in Internet X.509 GOST R 34.10-2001 and GOST R 34.11-94 for use in Internet X.509
Public Key Infrastructure (PKI). Public Key Infrastructure (PKI).
Table of Contents Table of Contents
1 Introduction. . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction............................................... 2
2 Algorithm Support . . . . . . . . . . . . . . . . . . . 3 2. Algorithm Support.......................................... 3
2.1 One-way Hash Function . . . . . . . . . . . . . . . . . 3 2.1. One-way Hash Function................................. 3
2.1.1 One-way Hash Function GOST R 34.11-94 . . . . . . . . . 3 2.1.1. One-way Hash Function GOST R 34.11-94............ 3
2.2 Signature Algorithms. . . . . . . . . . . . . . . . . . 3 2.2. Signature Algorithms.................................. 3
2.2.1 Signature Algorithm GOST R 34.10-94 . . . . . . . . . . 4 2.2.1. Signature Algorithm GOST R 34.10-94.............. 4
2.2.2 Signature Algorithm GOST R 34.10-2001 . . . . . . . . . 5 2.2.2. Signature Algorithm GOST R 34.10-2001............ 4
2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 5 2.3. Subject Public Key Algorithms......................... 5
2.3.1 GOST R 34.10-94 Keys. . . . . . . . . . . . . . . . . . 6 2.3.1. GOST R 34.10-94 Keys............................. 5
2.3.2 GOST R 34.10-2001 Keys. . . . . . . . . . . . . . . . . 7 2.3.2. GOST R 34.10-2001 Keys........................... 7
3 Security Considerations . . . . . . . . . . . . . . . . 9 3. Security Considerations.................................... 8
4 Appendix Examples . . . . . . . . . . . . . . . . . . . 10 4. Appendix Examples.......................................... 9
4.1 GOST R 34.10-94 Certificate . . . . . . . . . . . . . . 10 4.1. GOST R 34.10-94 Certificate........................... 9
4.2 GOST R 34.10-2001 Certificate . . . . . . . . . . . . . 12 4.2. GOST R 34.10-2001 Certificate......................... 11
5 References. . . . . . . . . . . . . . . . . . . . . . . 15 5. IANA Considerations........................................ 14
Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 16 6. Acknowledgments............................................ 14
Author's Addresses . . . . . . . . . . . . . . . . . . . . . . 17 7. References................................................. 15
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 18 7.1. Normative References.................................. 15
7.2. Informative References................................ 16
Contact Information........................................... 16
Full Copyright Statement...................................... 18
1 Introduction 1. Introduction
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
This document supplements RFC 3279 [PKALGS]. It describes the This document supplements RFC 3279 [PKALGS]. It describes the
conventions for using the GOST R 34.10-94 and GOST R 34.10-2001 conventions for using the GOST R 34.10-94 and GOST R 34.10-2001
signature algorithms, VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 signature algorithms, VKO GOST R 34.10-94 and VKO GOST R 34.10-2001
key derivation algorithms, and GOST R 34.11-94 one-way hash function key derivation algorithms, and GOST R 34.11-94 one-way hash function
in the Internet X.509 Public Key Infrastructure (PKI) [PROFILE]. in the Internet X.509 Public Key Infrastructure (PKI) [PROFILE].
This document is a proposal put forward by the CRYPT-PRO Company to This document provides supplemental information and specifications
provide supplemental information and specifications needed by the needed by the "Russian Cryptographic Software Compatibility
"Russian Cryptographic Software Compatibility Agreement" community. Agreement" community.
The algorithm identifiers and associated parameters for subject The algorithm identifiers and associated parameters for subject
public keys that employ the GOST R 34.10-94 [GOSTR341094] / VKO GOST public keys that employ the GOST R 34.10-94 [GOSTR341094] / VKO GOST
R 34.10-94 [CPALGS] or the GOST R 34.10-2001 [GOSTR341001] / VKO GOST R 34.10-94 [CPALGS] or the GOST R 34.10-2001 [GOSTR341001] / VKO GOST
R 34.10-2001 [CPALGS] algorithms, and the encoding format for the R 34.10-2001 [CPALGS] algorithms, and the encoding format for the
signatures produced by these algorithms are specified. Also, the signatures produced by these algorithms are specified. Also, the
algorithm identifiers for using the GOST R 34.11-94 one-way hash algorithm identifiers for using the GOST R 34.11-94 one-way hash
function with the GOST R 34.10-94 and GOST R 34.10-2001 signature function with the GOST R 34.10-94 and GOST R 34.10-2001 signature
algorithms are specified. algorithms are specified.
This specification defines the contents of the signatureAlgorithm, This specification defines the contents of the signatureAlgorithm,
signatureValue, signature, and subjectPublicKeyInfo fields within signatureValue, signature, and subjectPublicKeyInfo fields within
Internet X.509 Certificates and CRLs. For each algorithm, the X.509 Certificates and CRLs. For each algorithm, the appropriate
appropriate alternatives for the keyUsage certificate extension are alternatives for the keyUsage certificate extension are provided.
provided.
ASN.1 modules, including all the definitions used in this document ASN.1 modules, including all the definitions used in this document
can be found in [CPALGS]. can be found in [CPALGS].
2 Algorithm Support 2. Algorithm Support
This section is an overview of cryptographic algorithms, that may be This section is an overview of cryptographic algorithms, that may be
used within the Internet X.509 certificates and CRL profile used within the Internet X.509 certificates and CRL profile
[PROFILE]. It describes one-way hash functions and digital signature [PROFILE]. It describes one-way hash functions and digital signature
algorithms, that may be used to sign certificates and CRLs, and algorithms, that may be used to sign certificates and CRLs, and
identifies OIDs and ASN.1 encoding for public keys contained in a identifies OIDs and ASN.1 encoding for public keys contained in a
certificate. certificate.
The conforming CAs and/or applications MUST fully support digital CAs and/or applications conforming to this standard MUST support at
signatures and public keys for at least one of the specified least one of the specified public key and signature algorithms.
algorithms.
2.1 One-way Hash Function 2.1. One-way Hash Function
This section identifies the use of one-way, collision free hash This section describes the use of a one-way, collision free hash
function GOST R 34.11-94 - the only one that can be used in digital function GOST R 34.11-94 - the only one that can be used in digital
signature algorithms GOST R 34.10-94/2001. The data that is hashed signature algorithms GOST R 34.10-94/2001. The data that is hashed
for certificates and CRL signing is fully described in RFC 3280 for certificates and CRL signing is fully described in RFC 3280
[PROFILE]. [PROFILE].
2.1.1 One-way Hash Function GOST R 34.11-94 2.1.1 One-way Hash Function GOST R 34.11-94
GOST R 34.11-94 has been developed by "GUBS of Federal Agency GOST R 34.11-94 has been developed by "GUBS of Federal Agency
Government Communication and Information" and "All-Russian Scientific Government Communication and Information" and "All-Russian Scientific
and Research Institute of Standardization". The algorithm GOST R and Research Institute of Standardization". The algorithm GOST R
34.11-94 produces a 256-bit hash value of the arbitrary finite bit 34.11-94 produces a 256-bit hash value of an arbitrary finite bit
length input. This document does not contain the full GOST R 34.11-94 length input. This document does not contain the full GOST R 34.11-94
specification, which can be found in [GOSTR3411] in Russian. specification, which can be found in [GOSTR3411] (in Russian).
[Schneier95] ch. 18.11, p. 454. contains a brief technical [Schneier95] ch. 18.11, p. 454. contains a brief technical
description in English. description in English.
This function MUST always be used with parameter set identified by This function MUST always be used with parameter set identified by
id-GostR3411-94-CryptoProParamSet (see section 8.2 of [CPALGS]). id-GostR3411-94-CryptoProParamSet (see section 8.2 of [CPALGS]).
2.2 Signature Algorithms 2.2. Signature Algorithms
Conforming CAs may use GOST R 34.10-94 or GOST R 34.10-2001 signature Conforming CAs may use GOST R 34.10-94 or GOST R 34.10-2001 signature
algorithms to sign certificates and CRLs. algorithms to sign certificates and CRLs.
These signature algorithms MUST always be used with a one-way hash These signature algorithms MUST always be used with a one-way hash
function GOST R 34.11-94 as indicated in [GOSTR341094] and function GOST R 34.11-94 as indicated in [GOSTR341094] and
[GOSTR341001]. [GOSTR341001].
This section defines algorithm identifiers and parameters to be used This section defines algorithm identifiers and parameters to be used
in the signatureAlgorithm field in a Certificate or CertificateList. in the signatureAlgorithm field in a Certificate or CertificateList.
2.2.1 Signature Algorithm GOST R 34.10-94 2.2.1. Signature Algorithm GOST R 34.10-94
GOST R 34.10-94 has been developed by "GUBS of Federal Agency GOST R 34.10-94 has been developed by "GUBS of Federal Agency
Government Communication and Information" and "All-Russian Scientific Government Communication and Information" and "All-Russian Scientific
and Research Institute of Standardization". This document does not and Research Institute of Standardization". This document does not
contain the full GOST R 34.10-94 specification, which can be found in contain the full GOST R 34.10-94 specification, which can be found in
[GOSTR341094] in Russian. [Schneier95] ch. 20.3, p. 495 contains a [GOSTR341094] (in Russian). [Schneier95] ch. 20.3, p. 495 contains a
brief technical description in English. brief technical description in English.
The ASN.1 object identifier used to identify this signature algorithm The ASN.1 object identifier used to identify this signature algorithm
is: is:
id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::= id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3411-94-with-gostR3410-94(4) } gostR3411-94-with-gostR3410-94(4) }
When the id-GostR3411-94-with-GostR3410-94 algorithm identifier When the id-GostR3411-94-with-GostR3410-94 algorithm identifier
appears as the algorithm field in an AlgorithmIdentifier, the appears as the algorithm field in an AlgorithmIdentifier, the
encoding SHALL omit the parameters field. That is, the encoding SHALL omit the parameters field. That is, the
AlgorithmIdentifier SHALL be a SEQUENCE of one component: the OBJECT AlgorithmIdentifier SHALL be a SEQUENCE of one component: the OBJECT
IDENTIFIER id-GostR3411-94-with-GostR3410-94. IDENTIFIER id-GostR3411-94-with-GostR3410-94.
The parameters in the subjectPublicKeyInfo field of the certificate Signature algorithm GOST R 34.10-94 generates a digital signature in
of the issuer SHALL apply to the verification of the signature.
Signature algorithm GOST R 34.10-94 generates digital signature in
the form of two 256-bit numbers r' and s. Its octet string the form of two 256-bit numbers r' and s. Its octet string
representation consists of 64 octets, where first 32 octets contain representation consists of 64 octets, where first 32 octets contain
big endian representation of s and second 32 octets contain big the big endian representation of s and second 32 octets contain the
endian representation of r'. big endian representation of r'.
Signature values in CMS [CMS] are represented as octet strings, and
the output is used directly. However, signature values in
certificates and CRLs [PROFILE] are represented as bit strings, and
conversion is needed.
To convert a signature value to a bit string, the most significant This definition of a signature value is directly usable in CMS [CMS],
bit of the first octet of the signature value SHALL become the first where such values are represented as octet strings. However,
bit of the bit string, and so on through the least significant bit of signature values in certificates and CRLs [PROFILE] are represented
the last octet of the signature value, which SHALL become the last as bit strings, and thus the octet string representation must be
bit of the bit string. converted.
2.2.2 Signature Algorithm GOST R 34.10-2001 To convert an octet string signature value to a bit string, the most
significant bit of the first octet of the signature value SHALL
become the first bit of the bit string, and so on through the least
significant bit of the last octet of the signature value, which SHALL
become the last bit of the bit string.
2.2.2. Signature Algorithm GOST R 34.10-2001
GOST R 34.10-2001 was developed by "GUBS of Federal Agency Government GOST R 34.10-2001 was developed by "GUBS of Federal Agency Government
Communication and Information" and "All-Russian Scientific and Communication and Information" and "All-Russian Scientific and
Research Institute of Standardization". This document does not Research Institute of Standardization". This document does not
contain the full GOST R 34.10-2001 specification, which can be found contain the full GOST R 34.10-2001 specification, which can be found
in [GOSTR341001] in Russian. in [GOSTR341001] (in Russian).
The ASN.1 object identifier used to identify this signature algorithm The ASN.1 object identifier used to identify this signature algorithm
is: is:
id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::= id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3411-94-with-gostR3410-2001(3) } gostR3411-94-with-gostR3410-2001(3) }
When the id-GostR3411-94-with-GostR3410-2001 algorithm identifier When the id-GostR3411-94-with-GostR3410-2001 algorithm identifier
appears as the algorithm field in an AlgorithmIdentifier, the appears as the algorithm field in an AlgorithmIdentifier, the
encoding SHALL omit the parameters field. That is, the encoding SHALL omit the parameters field. That is, the
AlgorithmIdentifier SHALL be a SEQUENCE of one component: the OBJECT AlgorithmIdentifier SHALL be a SEQUENCE of one component: the OBJECT
IDENTIFIER id-GostR3411-94-with-GostR3410-2001. IDENTIFIER id-GostR3411-94-with-GostR3410-2001.
The parameters in the subjectPublicKeyInfo field of the certificate Signature algorithm GOST R 34.10-2001 generates a digital signature
of the issuer SHALL apply to the verification of the signature. in the form of two 256-bit numbers r' and s. Its octet string
Signature algorithm GOST R 34.10-2001 generates digital signature in
the form of two 256-bit numbers r' and s. Its octet string
representation consists of 64 octets, where first 32 octets contain representation consists of 64 octets, where first 32 octets contain
big endian representation of s and second 32 octets contain big the big endian representation of s and second 32 octets contain the
endian representation of r'. big endian representation of r'.
Signature values in CMS [CMS] are represented as octet strings, and
the output is used directly. However, signature values in
certificates and CRLs [PROFILE] are represented as bit strings, and
conversion is needed.
To convert a signature value to a bit string, the most significant The process decribed above (Section 2.2.10) MUST be used to convert
bit of the first octet of the signature value SHALL become the first this octet string representation to a bit string for use in
bit of the bit string, and so on through the least significant bit of certificates and CRLs.
the last octet of the signature value, which SHALL become the last
bit of the bit string.
2.3 Subject Public Key Algorithms 2.3. Subject Public Key Algorithms
This section defines OIDs and public key parameters for public keys This section defines OIDs and public key parameters for public keys
that employ the GOST R 34.10-94 [GOSTR341094] / VKO GOST R 34.10-94 that employ the GOST R 34.10-94 [GOSTR341094] / VKO GOST R 34.10-94
[CPALGS] or the GOST R 34.10-2001 [GOSTR341001] / VKO GOST R [CPALGS] or the GOST R 34.10-2001 [GOSTR341001] / VKO GOST R
34.10-2001 [CPALGS] algorithms. 34.10-2001 [CPALGS] algorithms.
Use of the same key for both signature and key derivation is NOT Use of the same key for both signature and key derivation is NOT
RECOMMENDED. The intended application for the key MAY be indicated in RECOMMENDED. The intended application for the key MAY be indicated in
the keyUsage certificate extension (see [PROFILE], Section 4.2.1.3). the keyUsage certificate extension (see [PROFILE], Section 4.2.1.3).
2.3.1 GOST R 34.10-94 Keys 2.3.1. GOST R 34.10-94 Keys
GOST R 34.10-94 public keys can be used for signature algorithm GOST GOST R 34.10-94 public keys can be used for signature algorithm GOST
R 34.10-94 [GOSTR341094] and for key derivation algorithm VKO GOST R R 34.10-94 [GOSTR341094] and for key derivation algorithm VKO GOST R
34.10-94 [CPALGS]. 34.10-94 [CPALGS].
GOST R 34.10-94 public keys are identified by the following OID: GOST R 34.10-94 public keys are identified by the following OID:
id-GostR3410-94 OBJECT IDENTIFIER ::= id-GostR3410-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3410-94(20) } gostR3410-94(20) }
SubjectPublicKeyInfo.algorithm.algorithm field (see RFC 3280 The SubjectPublicKeyInfo.algorithm.algorithm field (see RFC 3280
[PROFILE]) for GOST R 34.10-94 keys MUST be id-GostR3410-94. [PROFILE]) for GOST R 34.10-94 keys MUST be set to id-GostR3410-94.
When the id-GostR3410-94 algorithm identifier appears as the When the id-GostR3410-94 algorithm identifier appears as the
algorithm field in an AlgorithmIdentifier, the encoding MAY algorithm field in an AlgorithmIdentifier, the encoding MAY omit the
completely omit the parameters field or set it to null. Otherwise parameters field or set it to NULL. Otherwise this field MUST have
this field MUST have the following structure: the following structure:
GostR3410-94-PublicKeyParameters ::= GostR3410-94-PublicKeyParameters ::=
SEQUENCE { SEQUENCE {
publicKeyParamSet publicKeyParamSet
OBJECT IDENTIFIER, OBJECT IDENTIFIER,
digestParamSet digestParamSet
OBJECT IDENTIFIER, OBJECT IDENTIFIER,
encryptionParamSet encryptionParamSet
OBJECT IDENTIFIER DEFAULT OBJECT IDENTIFIER DEFAULT
id-Gost28147-89-CryptoPro-A-ParamSet id-Gost28147-89-CryptoPro-A-ParamSet
skipping to change at page 6, line 50 skipping to change at page 6, line 38
where: where:
* publicKeyParamSet - public key parameters identifier for GOST R * publicKeyParamSet - public key parameters identifier for GOST R
34.10-94 (see section 8.3 of [CPALGS]) 34.10-94 (see section 8.3 of [CPALGS])
* digestParamSet - parameters identifier for GOST R 34.11-94 (see * digestParamSet - parameters identifier for GOST R 34.11-94 (see
section 8.2 of [CPALGS]) section 8.2 of [CPALGS])
* encryptionParamSet - parameters identifier for GOST 28147-89 (see * encryptionParamSet - parameters identifier for GOST 28147-89 (see
section 8.1 of [CPALGS]) section 8.1 of [CPALGS])
Absence of parameters SHALL be processed as described in RFC 3280 Absence of parameters SHALL be processed as described in RFC 3280
[PROFILE], section 6.1, that is, parameters are inherited from the [PROFILE], section 6.1, that is, parameters are inherited from the
issuer certificate if possible. issuer certificate. When the working_public_key_parameters variable
is set to null, any signature SHALL be rejected.
The GOST R 34.10-94 public key MUST be ASN.1 DER encoded as an OCTET The GOST R 34.10-94 public key MUST be ASN.1 DER encoded as an OCTET
STRING; this encoding shall be used as the contents (i.e., the value) STRING; this encoding shall be used as the contents (i.e., the value)
of the subjectPublicKey component (a BIT STRING) of the of the subjectPublicKey component (a BIT STRING) of the
SubjectPublicKeyInfo data element. SubjectPublicKeyInfo data element.
GostR3410-94-PublicKey ::= OCTET STRING -- public key, Y GostR3410-94-PublicKey ::= OCTET STRING -- public key, Y
GostR3410-94-PublicKey MUST must contain 128 octets of the little- GostR3410-94-PublicKey MUST contain 128 octets of the little-endian
endian representation of the public key Y = a^x (mod p), where a and representation of the public key Y = a^x (mod p), where a and p are
p - parameters. public key parameters, and x is a private key.
If the keyUsage extension is present in an end-entity certificate, If the keyUsage extension is present in an end-entity certificate
which contains a GOST R 34.10-94 public key, the following values MAY that contains a GOST R 34.10-94 public key, the following values MAY
be present: be present:
digitalSignature; digitalSignature;
nonRepudiation. nonRepudiation;
keyEncipherment; keyEncipherment; and
keyAgreement. keyAgreement.
If the keyAgreement or keyEnchiperment extension is present in a If the keyAgreement or keyEnchiperment extension is present in a
certificate GOST R 34.10-94 public key, the following values MAY be certificate GOST R 34.10-94 public key, the following values MAY be
present as well: present as well:
encipherOnly; encipherOnly; and
decipherOnly. decipherOnly.
The keyUsage extension MUST NOT assert both encipherOnly and The keyUsage extension MUST NOT assert both encipherOnly and
decipherOnly. decipherOnly.
If the keyUsage extension is present in an CA or CRL signer If the keyUsage extension is present in an CA or CRL signer
certificate which contains a GOST R 34.10-94 public key, the certificate which contains a GOST R 34.10-94 public key, the
following values MAY be present: following values MAY be present:
digitalSignature; digitalSignature;
nonRepudiation; nonRepudiation;
keyCertSign; keyCertSign; and
cRLSign. cRLSign.
2.3.2 GOST R 34.10-2001 Keys 2.3.2. GOST R 34.10-2001 Keys
GOST R 34.10-2001 public keys can be used for signature algorithm GOST R 34.10-2001 public keys can be used for signature algorithm
GOST R 34.10-2001 [GOSTR341001] and for key derivation algorithm VKO GOST R 34.10-2001 [GOSTR341001] and for key derivation algorithm VKO
GOST R 34.10-2001 [CPALGS]. GOST R 34.10-2001 [CPALGS].
GOST R 34.10-2001 public keys are identified by the following OID: GOST R 34.10-2001 public keys are identified by the following OID:
id-GostR3410-2001 OBJECT IDENTIFIER ::= id-GostR3410-2001 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3410-2001(19) } gostR3410-2001(19) }
SubjectPublicKeyInfo.algorithm.algorithm field (see RFC 3280 The SubjectPublicKeyInfo.algorithm.algorithm field (see RFC 3280
[PROFILE]) for GOST R 34.10-2001 keys MUST be id-GostR3410-2001. [PROFILE]) for GOST R 34.10-2001 keys MUST be set to id-
GostR3410-2001.
When the id-GostR3410-2001 algorithm identifier appears as the When the id-GostR3410-2001 algorithm identifier appears as the
algorithm field in an AlgorithmIdentifier, the encoding MAY algorithm field in an AlgorithmIdentifier, the encoding MAY omit the
completely omit the parameters field or set it to null. Otherwise parameters field or set it to NULL. Otherwise this field MUST have
this field MUST have the following structure: the following structure:
GostR3410-2001-PublicKeyParameters ::= GostR3410-2001-PublicKeyParameters ::=
SEQUENCE { SEQUENCE {
publicKeyParamSet publicKeyParamSet
OBJECT IDENTIFIER, OBJECT IDENTIFIER,
digestParamSet digestParamSet
OBJECT IDENTIFIER, OBJECT IDENTIFIER,
encryptionParamSet encryptionParamSet
OBJECT IDENTIFIER DEFAULT OBJECT IDENTIFIER DEFAULT
id-Gost28147-89-CryptoPro-A-ParamSet id-Gost28147-89-CryptoPro-A-ParamSet
skipping to change at page 8, line 35 skipping to change at page 8, line 26
where: where:
* publicKeyParamSet - public key parameters identifier for GOST R * publicKeyParamSet - public key parameters identifier for GOST R
34.10-2001 (see section 8.4 of [CPALGS]) 34.10-2001 (see section 8.4 of [CPALGS])
* digestParamSet - parameters identifier for GOST R 34.11-94 (see * digestParamSet - parameters identifier for GOST R 34.11-94 (see
section 8.2 of [CPALGS]) section 8.2 of [CPALGS])
* encryptionParamSet - parameters identifier for GOST 28147-89 (see * encryptionParamSet - parameters identifier for GOST 28147-89 (see
section 8.1 of [CPALGS]) section 8.1 of [CPALGS])
Absence of parameters SHALL be processed as described in RFC 3280 Absence of parameters SHALL be processed as described in RFC 3280
[PROFILE], section 6.1, that is, parameters are inherited from the [PROFILE], section 6.1, that is, parameters are inherited from the
issuer certificate if possible. issuer certificate. When the working_public_key_parameters variable
is set to null, any signature SHALL be rejected.
The GOST R 34.10-2001 public key MUST be ASN.1 DER encoded as an The GOST R 34.10-2001 public key MUST be ASN.1 DER encoded as an
OCTET STRING; this encoding shall be used as the contents (i.e., the OCTET STRING; this encoding shall be used as the contents (i.e., the
value) of the subjectPublicKey component (a BIT STRING) of the value) of the subjectPublicKey component (a BIT STRING) of the
SubjectPublicKeyInfo data element. SubjectPublicKeyInfo data element.
GostR3410-2001-PublicKey ::= OCTET STRING -- public key vector, Q GostR3410-2001-PublicKey ::= OCTET STRING -- public key vector, Q
According to [GOSTR341001], public key is a point on the elliptic According to [GOSTR341001], a public key is a point on the elliptic
curve Q = (x,y). curve Q = (x,y).
GostR3410-2001-PublicKey MUST must contain 64 octets, where first 32 GostR3410-2001-PublicKey MUST contain 64 octets, where first 32
octets contain little endian representation of x and second 32 octets octets contain little endian representation of x and second 32 octets
contain little endian representation of y. This corresponds to the contain little endian representation of y. This corresponds to the
binary representation of (<y>256||<x>256) from [GOSTR341001], ch. binary representation of (<y>256||<x>256) from [GOSTR341001], ch.
5.3. 5.3.
If the keyUsage extension is present in an end-entity certificate, The same keyUsage constraints apply for use of GOST R 34.10-2001 keys
which contains a GOST R 34.10-2001 public key, the following values as described in Section 2.3.1 for GOST R 34.10-94 keys.
MAY be present:
digitalSignature,
nonRepudiation,
keyEncipherment,
keyAgreement.
If the keyAgreement or keyEnchiperment extension is present in a
certificate, the following values MAY be present:
encipherOnly,
decipherOnly.
The keyUsage extension MUST NOT assert both encipherOnly and
decipherOnly.
If the keyUsage extension is present in an CA or CRL signer
certificate which contains a GOST R 34.10-2001 public key, the
following values MAY be present:
digitalSignature,
nonRepudiation,
keyCertSign,
cRLSign.
3 Security Considerations 3. Security Considerations
It is RECOMMENDED, that applications verify signature values and It is RECOMMENDED, that applications verify signature values and
subject public keys to conform to [GOSTR341001] [GOSTR341094] subject public keys to conform to [GOSTR341001] [GOSTR341094]
standards prior to their use. standards prior to their use.
When certificate is used as analogue to a manual signing, in the When a certificate is used to support digital signatures as an
context of Russian Federal Digital Signature Law [RFDSL], certificate analogue to manual ("wet") signatures, in the context of Russian
MUST contain keyUsage extension, it MUST be critical, and keyUsage Federal Digital Signature Law [RFDSL], the certificate MUST contain
MUST NOT include keyEncipherment and keyAgreement. keyUsage extension, it MUST be critical, and keyUsage MUST NOT
include keyEncipherment and keyAgreement.
When certificate validity period (typicaly 5 years for end entities It is RECOMMENDED, that CAs and applications make sure that the
and 7 years for CAs in Russia) is not equal to the private key private key is not used for more than it's allowed validity period
validity period (typicaly 15 months in Russia) it is RECOMMENDED to (typically 15 months for both GOST R 34.10-94 and GOST R 34.10-2001
use private key usage period extension. algorithms).
For security discussion concerning use of algorithm parameters, see For security discussion concerning use of algorithm parameters, see
section Security Considerations from [CPALGS]. section Security Considerations from [CPALGS].
4 Appendix Examples 4. Appendix Examples
4.1 GOST R 34.10-94 Certificate
4.1. GOST R 34.10-94 Certificate
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM
FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV
BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w
HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0 HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0
UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS
VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG
BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo
GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo
skipping to change at page 12, line 29 skipping to change at page 11, line 46
: 81 83 50 E3 07 CC F2 E4 31 23 89 42 C8 73 E1 DE : 81 83 50 E3 07 CC F2 E4 31 23 89 42 C8 73 E1 DE
: 22 F7 85 F3 55 BD 94 EC 46 91 9C 67 AC 58 D7 05 : 22 F7 85 F3 55 BD 94 EC 46 91 9C 67 AC 58 D7 05
: 2A A7 8C B7 85 2A 01 75 85 F7 D7 38 03 FB CD 43 : 2A A7 8C B7 85 2A 01 75 85 F7 D7 38 03 FB CD 43
: } : }
In the signature of the above certificate, r' equals to In the signature of the above certificate, r' equals to
0x22F785F355BD94EC46919C67AC58D7052AA78CB7852A017585F7D73803FBCD43 0x22F785F355BD94EC46919C67AC58D7052AA78CB7852A017585F7D73803FBCD43
and s equals to and s equals to
0x11C7087E12DC02F102232947768F472A818350E307CCF2E431238942C873E1DE 0x11C7087E12DC02F102232947768F472A818350E307CCF2E431238942C873E1DE
4.2 GOST R 34.10-2001 Certificate 4.2. GOST R 34.10-2001 Certificate
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM MIIB0DCCAX8CECv1xh7CEb0Xx9zUYma0LiEwCAYGKoUDAgIDMG0xHzAdBgNVBAMM
Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG Fkdvc3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkG
A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu A1UEBhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUu
Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW Y29tMB4XDTA1MDgxNjE0MTgyMFoXDTE1MDgxNjE0MTgyMFowbTEfMB0GA1UEAwwW
R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD R29zdFIzNDEwLTIwMDEgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYD
VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j VQQGEwJSVTEpMCcGCSqGSIb3DQEJARYaR29zdFIzNDEwLTIwMDFAZXhhbXBsZS5j
b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1 b20wYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARAhJVodWACGkB1
CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9CafIWuD+SN6qa7flbHy7Df
skipping to change at page 15, line 4 skipping to change at page 14, line 19
: C1 DE 17 6E 8D 1B EC 71 B5 93 F3 DD 36 93 55 77 : C1 DE 17 6E 8D 1B EC 71 B5 93 F3 DD 36 93 55 77
: 68 89 89 17 62 20 F4 DA B1 31 D5 B5 1C 33 DE E2 : 68 89 89 17 62 20 F4 DA B1 31 D5 B5 1C 33 DE E2
: } : }
In the public key of the above certificate, x equals to In the public key of the above certificate, x equals to
0x577E324FE70F2B6DF45C437A0305E5FD2C89318C13CD0875401A026075689584 0x577E324FE70F2B6DF45C437A0305E5FD2C89318C13CD0875401A026075689584
and y equals to and y equals to
0x601AEACABC660FDFB0CBC7567EBBA6EA8DE40FAE857C9AD0038895B916CCEB8F 0x601AEACABC660FDFB0CBC7567EBBA6EA8DE40FAE857C9AD0038895B916CCEB8F
Corresponding private key d equals to Corresponding private key d equals to
0x0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77 0x0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77
In the signature of the above certificate, r' equals to In the signature of the above certificate, r' equals to
0xC1DE176E8D1BEC71B593F3DD36935577688989176220F4DAB131D5B51C33DEE2 0xC1DE176E8D1BEC71B593F3DD36935577688989176220F4DAB131D5B51C33DEE2
and s equals to and s equals to
0x3C2FC90944B727A9ECA7D5E9FB536DD2C3AA647C442EDEED3116454FBC543FDD 0x3C2FC90944B727A9ECA7D5E9FB536DD2C3AA647C442EDEED3116454FBC543FDD
5 References 5. IANA Considerations
Normative references: No IANA actions are necessary.
6. Acknowledgments
This document was created in accordance with "Russian Cryptographic
Software Compatibility Agreement", signed by FGUE STC "Atlas",
CRYPTO-PRO, Factor-TS, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
Cryptocom, R-Alpha. The goal of this agreement is to achieve mutual
compatibility of the products and solutions.
The authors wish to thank the following:
Microsoft Corporation Russia for providing information about
company products and solutions, and also for technical consulting
in PKI.
RSA Security Russia and Demos Co Ltd for active collaboration and
critical help in creation of this document.
RSA Security Inc for compatibility testing of the proposed data
formats while incorporating them into the RSA Keon product.
Baltimore Technology plc for compatibility testing of the proposed
data formats while incorporating them into their UniCERT product.
Peter Gutmann for his helpful "dumpasn1" program.
Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for encouraging the
authors to create this document.
Grigorij Chudov for navigating the IETF process for this document.
7. References
7.1. Normative references
[GOST28147] "Cryptographic Protection for Data Processing System", [GOST28147] "Cryptographic Protection for Data Processing System",
GOST 28147-89, Gosudarstvennyi Standard of USSR, Gov- GOST 28147-89, Gosudarstvennyi Standard of USSR, Gov-
ernment Committee of the USSR for Standards, 1989. (In ernment Committee of the USSR for Standards, 1989. (In
Russian); Russian)
[GOSTR341094] "Information technology. Cryptographic Data Security. [GOSTR341094] "Information technology. Cryptographic Data Security.
Produce and check procedures of Electronic Digital Sig- Produce and check procedures of Electronic Digital Sig-
natures based on Asymmetric Cryptographic Algorithm.", natures based on Asymmetric Cryptographic Algorithm.",
GOST R 34.10-94, Gosudarstvennyi Standard of Russian GOST R 34.10-94, Gosudarstvennyi Standard of Russian
Federation, Government Committee of the Russia for Federation, Government Committee of the Russia for
Standards, 1994. (In Russian); Standards, 1994. (In Russian)
[GOSTR341001] "Information technology. Cryptographic data security. [GOSTR341001] "Information technology. Cryptographic data security.
Signature and verification processes of [electronic] Signature and verification processes of [electronic]
digital signature.", GOST R 34.10-2001, Gosudarstvennyi digital signature.", GOST R 34.10-2001, Gosudarstvennyi
Standard of Russian Federation, Government Committee of Standard of Russian Federation, Government Committee of
the Russia for Standards, 2001. (In Russian); the Russia for Standards, 2001. (In Russian)
[GOSTR341194] "Information technology. Cryptographic Data Security. [GOSTR341194] "Information technology. Cryptographic Data Security.
Hashing function.", GOST R 34.10-94, Gosudarstvennyi Hashing function.", GOST R 34.10-94, Gosudarstvennyi
Standard of Russian Federation, Government Committee of Standard of Russian Federation, Government Committee of
the Russia for Standards, 1994. (In Russian); the Russia for Standards, 1994. (In Russian)
[CPALGS] "Additional cryptographic algorithms for use with GOST [CPALGS] Popov, V., Kurepkin, I., and S. Leontiev, "Additional
28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST Cryptographic Algorithms for Use with GOST 28147-89,
R 34.11-94 algorithms", V. Popov, I. Kurepkin, S. Leon- GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
tiev, September 2005, draft-popov-cryptopro- Algorithms", RFC 4357, January 2006.
cpalgs-04.txt work in progress;
[PROFILE] Housley, R., Polk, W., Ford, W. and D. Solo, "Inter- [PROFILE] Housley, R., Polk, W., Ford, W. and D. Solo, "Inter-
net X.509 Public Key Infrastructure Certificate and net X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280, Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002. April 2002.
[PKALGS] L. Bassham, W. Polk, R. Housley, "Algorithms and [PKALGS] L. Bassham, W. Polk, R. Housley, "Algorithms and
Identifiers for the Internet X.509 Public Key Infras- Identifiers for the Internet X.509 Public Key Infras-
tructure Certificate and Certificate Revocation List tructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 3279, April 2002. (CRL) Profile", RFC 3279, April 2002.
[X.660] ITU-T Recommendation X.660 Information Technology - [X.660] ITU-T Recommendation X.660 Information Technology -
ASN.1 encoding rules: Specification of Basic Encoding ASN.1 encoding rules: Specification of Basic Encoding
Rules (BER), Canonical Encoding Rules (CER) and Distin- Rules (BER), Canonical Encoding Rules (CER) and Distin-
guished Encoding Rules (DER), 1997. guished Encoding Rules (DER), 1997.
Informative references: 7.2. Informative references
[Schneier95] B. Schneier, Applied cryptography, second edition, John [Schneier95] B. Schneier, Applied cryptography, second edition, John
Wiley & Sons, Inc., 1995; Wiley & Sons, Inc., 1995.
[RFDSL] Russian Federal Digital Signature Law, 10 Jan 2002 [RFDSL] Russian Federal Digital Signature Law, 10 Jan 2002 N
N1-FZ 1-FZ.
[RFC2119] Bradner, S., "Key Words for Use in RFCs to Indicate [RFC2119] Bradner, S., "Key Words for Use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC [CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC
3852, July 2004. 3852, July 2004.
Acknowledgments Contact Information
This document was created in accordance with "Russian Cryptographic
Software Compatibility Agreement", signed by FGUE STC "Atlas",
CRYPTO-PRO, Factor-TS, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
Cryptocom, R-Alpha. The goal of this agreement is to achieve mutual
compatibility of the products and solutions.
The authors wish to thank:
Microsoft Corporation Russia for provided information about
company products and solutions, and also for technical consulting
in PKI.
RSA Security Russia and Demos Co Ltd for active colaboration and
critical help in creation of this document.
RSA Security Inc for compatibility testing of the proposed data
formats while incorporating them into RSA Keon product.
Baltimore Technology plc for compatibility testing of the proposed
data formats while incorporating them into UniCERT product.
Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative
creating this document.
Grigorij Chudov for navigating the IETF process for this document.
Author's Addresses
Serguei Leontiev Serguei Leontiev
CRYPTO-PRO CRYPTO-PRO
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: lse@cryptopro.ru EMail: lse@cryptopro.ru
Dennis Shefanovski Dennis Shefanovski
DEMOS Co Ltd DEMOS Co Ltd
6/1, Ovchinnikovskaja naberezhnaya, 6/1, Ovchinnikovskaja naberezhnaya,
Moscow, 113035, Russian Federation Moscow, 113035, Russian Federation
EMail: sdb@dol.ru EMail: sdb@dol.ru
Grigorij Chudov Grigorij Chudov
CRYPTO-PRO CRYPTO-PRO
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: chudov@cryptopro.ru EMail: chudov@cryptopro.ru
Alexandr Afanasiev Alexandr Afanasiev
Factor-TS Factor-TS
skipping to change at page 17, line 32 skipping to change at page 17, line 10
Grigorij Chudov Grigorij Chudov
CRYPTO-PRO CRYPTO-PRO
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: chudov@cryptopro.ru EMail: chudov@cryptopro.ru
Alexandr Afanasiev Alexandr Afanasiev
Factor-TS Factor-TS
office 711, 14, Presnenskij val, office 711, 14, Presnenskij val,
Moscow, 123557, Russian Federation Moscow, 123557, Russian Federation
EMail: afa1@factor-ts.ru EMail: afa1@factor-ts.ru
Nikolaj Nikishin Nikolaj Nikishin
Infotecs GmbH Infotecs GmbH
p/b 35, 80-5, Leningradskij prospekt, p/b 35, 80-5, Leningradskij prospekt,
Moscow, 125315, Russian Federation Moscow, 125315, Russian Federation
EMail: nikishin@infotecs.ru EMail: nikishin@infotecs.ru
Boleslav Izotov Boleslav Izotov
FGUE STC "Atlas" FGUE STC "Atlas"
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: izotov@nii.voskhod.ru EMail: izotov@nii.voskhod.ru
Elena Minaeva Elena Minaeva
MD PREI MD PREI
build 3, 6A, Vtoroj Troitskij per., build 3, 6A, Vtoroj Troitskij per.,
Moscow, Russian Federation Moscow, Russian Federation
EMail: evminaeva@mail.ru EMail: evminaeva@mail.ru
Igor Ovcharenko
MD PREI
Office 600, 14, B.Novodmitrovskaya,
Moscow, Russian Federation
EMail: igori@mo.msk.ru
Serguei Murugov Serguei Murugov
R-Alpha R-Alpha
4/1, Raspletina, 4/1, Raspletina,
Moscow, 123060, Russian Federation Moscow, 123060, Russian Federation
EMail: msm@top-cross.ru EMail: msm@top-cross.ru
Igor Ustinov Igor Ustinov
Cryptocom Cryptocom
office 239, 51, Leninskij prospekt, office 239, 51, Leninskij prospekt,
Moscow, 119991, Russian Federation Moscow, 119991, Russian Federation
skipping to change at page 18, line 14 skipping to change at page 18, line 10
Serguei Murugov Serguei Murugov
R-Alpha R-Alpha
4/1, Raspletina, 4/1, Raspletina,
Moscow, 123060, Russian Federation Moscow, 123060, Russian Federation
EMail: msm@top-cross.ru EMail: msm@top-cross.ru
Igor Ustinov Igor Ustinov
Cryptocom Cryptocom
office 239, 51, Leninskij prospekt, office 239, 51, Leninskij prospekt,
Moscow, 119991, Russian Federation Moscow, 119991, Russian Federation
EMail: igus@cryptocom.ru EMail: igus@cryptocom.ru
Anatolij Erkin Anatolij Erkin
SPRCIS (SPbRCZI) SPRCIS (SPbRCZI)
1, Obrucheva, 1, Obrucheva,
St.Petersburg, 195220, Russian Federation St.Petersburg, 195220, Russian Federation
EMail: erkin@nevsky.net EMail: erkin@nevsky.net
Disclaimer of Validity Disclaimer of Validity
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the ISOC's procedures with respect to rights in ISOC Documents can
be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 73 change blocks. 
186 lines changed or deleted 201 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/