< draft-turner-additional-new-asn-04.txt   draft-turner-additional-new-asn-05.txt >
Network Working Group J. Schaad Network Working Group J. Schaad
Internet-Draft Soaring Hawk Consulting Internet-Draft Soaring Hawk Consulting
Intended status: Informational S. Turner Intended status: Standards Track S. Turner
Expires: May 15, 2011 IECA, Inc. Expires: June 15, 2011 IECA, Inc.
November 11, 2010 December 12, 2010
Additional New ASN.1 Modules Additional New ASN.1 Modules
draft-turner-additional-new-asn-04 draft-turner-additional-new-asn-05
Abstract Abstract
The Cryptographic Message Syntax (CMS) format, and many associated The Cryptographic Message Syntax (CMS) format, and many associated
formats, are expressed using ASN.1. The current ASN.1 modules formats, are expressed using ASN.1. The current ASN.1 modules
conform to the 1988 version of ASN.1. This document updates some conform to the 1988 version of ASN.1. This document updates some
auxiliary ASN.1 modules to conform to the 2008 version of ASN.1. auxiliary ASN.1 modules to conform to the 2008 version of ASN.1.
There are no bits-on-the-wire changes to any of the formats; this is There are no bits-on-the-wire changes to any of the formats; this is
simply a change to the syntax. simply a change to the syntax.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 15, 2011. This Internet-Draft will expire on June 15, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. ASN.1 Updates (2002 to 2008) . . . . . . . . . . . . . . . 3 1.1. ASN.1 Updates (2002 to 2008) . . . . . . . . . . . . . . . 3
1.2. Requirements Terminology . . . . . . . . . . . . . . . . . 4 1.2. Requirements Terminology . . . . . . . . . . . . . . . . . 4
2. ASN.1 Module RFC 3274 . . . . . . . . . . . . . . . . . . . . 5 2. ASN.1 Module RFC 3274 . . . . . . . . . . . . . . . . . . . . 5
3. ASN.1 Module RFC 3779 . . . . . . . . . . . . . . . . . . . . 8 3. ASN.1 Module RFC 3379 . . . . . . . . . . . . . . . . . . . . 8
4. ASN.1 Module RFC 6019 . . . . . . . . . . . . . . . . . . . . 11 4. ASN.1 Module RFC 4049 . . . . . . . . . . . . . . . . . . . . 11
5. ASN.1 Module RFC 4073 . . . . . . . . . . . . . . . . . . . . 13 5. ASN.1 Module RFC 4073 . . . . . . . . . . . . . . . . . . . . 13
6. ASN.1 Module RFC 4231 . . . . . . . . . . . . . . . . . . . . 15 6. ASN.1 Module RFC 4231 . . . . . . . . . . . . . . . . . . . . 15
7. ASN.1 Module RFC 4334 . . . . . . . . . . . . . . . . . . . . 18 7. ASN.1 Module RFC 4334 . . . . . . . . . . . . . . . . . . . . 18
8. ASN.1 Module RFC 5083 . . . . . . . . . . . . . . . . . . . . 20 8. ASN.1 Module RFC 5083 . . . . . . . . . . . . . . . . . . . . 20
9. ASN.1 Module RFC 5652 . . . . . . . . . . . . . . . . . . . . 22 9. ASN.1 Module RFC 5652 . . . . . . . . . . . . . . . . . . . . 22
10. ASN.1 Module RFC 5752 . . . . . . . . . . . . . . . . . . . . 33 10. ASN.1 Module RFC 5752 . . . . . . . . . . . . . . . . . . . . 33
11. Module Identifiers in ASN.1 . . . . . . . . . . . . . . . . . 35 11. Module Identifiers in ASN.1 . . . . . . . . . . . . . . . . . 35
12. Security Considerations . . . . . . . . . . . . . . . . . . . 37 12. Security Considerations . . . . . . . . . . . . . . . . . . . 37
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38
14. Normative References . . . . . . . . . . . . . . . . . . . . . 39 14. Normative References . . . . . . . . . . . . . . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
Some developers would like the IETF to use the latest version of Some developers would like the IETF to use the latest version of
ASN.1 in its standards. Most of the RFCs that relate to security ASN.1 in its standards. Most of the RFCs that relate to security
protocols still use ASN.1 from the 1988 standard, which has been protocols still use ASN.1 from the 1988 standard, which has been
deprecated. This is particularly true for the standards that relate deprecated. This is particularly true for the standards that relate
to PKIX, CMS, and S/MIME. to PKIX, CMS, and S/MIME.
In this document we have either changed the syntax to use the 2008 In this document we have either change the syntax to use the 2008
ASN.1 standard, or done some updates from previous conversions: ASN.1 standard, or done some updates from previous conversions:
RFC 3274, Compressed Data Content Type for Cryptographic Message RFC 3274, Compressed Data Content Type for Cryptographic Message
Syntax (CMS) [RFC3274]. Syntax (CMS) [RFC3274].
RFC 3779, X.509 Extensions for IP Addresses and AS Identifiers RFC 3379, Delegated Path Validation and Delegated Path Discovery
[RFC3779]. Protocol Requirements [RFC3379].
RFC 6019, BinaryTime: An Alternate Format for Representing Date RFC 4049, BinaryTime: An Alternate Format for Representing Date
and Time in ASN.1 [RFC6019]. and Time in ASN.1 [RFC4049].
RFC 4073, Protecting Multiple Contents with the Cryptographic RFC 4073, Protecting Multiple Contents with the Cryptographic
Message Syntax (CMS) [RFC4073]. Message Syntax (CMS) [RFC4073].
RFC 4231, Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA- RFC 4231, Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-
256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4231]. 256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4231].
RFC 4334, Certificate Extensions and Attributes Supporting RFC 4334, Certificate Extensions and Attributes Supporting
Authentication in Point-to-Point Protocol (PPP) and Wireless Local Authentication in Point-to-Point Protocol (PPP) and Wireless Local
Area Networks (WLAN) [RFC4334]. Area Networks (WLAN) [RFC4334].
RFC 5083, Cryptographic Message Syntax (CMS) Authenticated- RFC 5083, Cryptographic Message Syntax (CMS) Authenticated-
Enveloped-Data Content Type [RFC5083]. Enveloped-Data Content Type [RFC5083].
RFC 5652, Cryptographic Message Syntax (CMS) [RFC5652]. RFC 5652, Cryptogrphic Message Syntax (CMS) [RFC5652].
RFC 5752, Multiple Signatures in Cryptographic Message Syntax RFC 5752, Multiple Signatures in Cryptographic Message Syntax
(CMS) [RFC5752]. (CMS) [RFC5752].
Note that some of the modules in this document get some of their Note that some of the modules in this document get some of their
definitions from places different than the modules in the original definitions from places different than the modules in the original
RFCs. The idea is that these modules, when combined with the modules RFCs. The idea is that these modules, when combined with the modules
in [RFC5912] and [RFC5911] can stand on their own and do not need to in [RFC5912] and [RFC5911] can stand on their own and do not need to
import definitions from anywhere else. import definitions from anywhere else.
1.1. ASN.1 Updates (2002 to 2008) 1.1. ASN.1 Updates (2002 to 2008)
The modules defined in this document are compatible with the most The modules defined in this document are compatable with the most
current ASN.1 specification published in 2008 (see [ASN1-2008]). The current ASN.1 specification published in 2008 (see [ASN1-2008]). The
changes between the 2002 specification and the 2008 specification changes between the 2002 specification and the 2008 specification
include the creation of some additional pre-defined types (DATE, include the creation of some additional pre-defined types (DATE,
DATE-TIME, DURATION, NOT-A-NUMBER, OID-IRI, RELATIVE-OID-IRI, TIME, DATE-TIME, DURATION, NOT-A-NUMBER, OID-IRI, RELATIVE-OID-IRI, TIME,
TIME-OF-DAY). The ability to define different encoding rules TIME-OF-DAY). The ability to define different encoding rules
(ENCODING-CONTROL, INSTRUCTIONS). None of the newly defined tokens (ENCODING-CONTROL, INSTRUCTIONS). None of the newly defined tokens
are currently used in any of the ASN.1 specifications published here. are currently used in any of the ASN.1 specifications published here.
1.2. Requirements Terminology 1.2. Requirements Terminology
skipping to change at page 5, line 13 skipping to change at page 5, line 13
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. ASN.1 Module RFC 3274 2. ASN.1 Module RFC 3274
We have updated the ASN.1 module associated with this document to be We have updated the ASN.1 module associated with this document to be
2008 compliant and to use the set of classes previously defined in 2008 compliant and to use the set of classes previously defined in
[RFC5911]. [RFC5911].
CompressedDataContent CompressedDataContent
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) TBD4 } smime(16) modules(0) id-mod-compressedDataContent(54) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
CMSVersion, EncapsulatedContentInfo, CMSVersion, EncapsulatedContentInfo,
CONTENT-TYPE CONTENT-TYPE
FROM CryptographicMessageSyntax-2009 FROM CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) TBD1 } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
AlgorithmIdentifier{}, SMIME-CAPS, ParamOptions AlgorithmIdentifier{}, SMIME-CAPS, ParamOptions
FROM AlgorithmInformation-2009 FROM AlgorithmInformation-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5) {iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58)} id-mod-algorithmInformation-02(58)}
; ;
-- --
-- ContentTypes contains the set of content types that are -- ContentTypes contains the set of content types that are
skipping to change at page 8, line 5 skipping to change at page 8, line 5
} }
WITH SYNTAX { WITH SYNTAX {
IDENTIFIER &id IDENTIFIER &id
[PARAMS [TYPE &Params] ARE &paramPresence] [PARAMS [TYPE &Params] ARE &paramPresence]
[SMIME-CAPS &smimeCaps] [SMIME-CAPS &smimeCaps]
} }
END END
3. ASN.1 Module RFC 3779 3. ASN.1 Module RFC 3379
We have updated the ASN.1 module associated with RFC 3779 to be ASN.1 We have updated the ASN.1 module assocated with RFC 3379 to be ASN.1
2008 compliant and to use the set of classes previously defined in 2008 compliant and to use the set of classes previously defined in
[RFC5912]. [RFC5912].
IPAddrAndASCertExtn { iso(1) identified-organization(3) dod(6) IPAddrAndASCertExtn { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) mod(0) internet(1) security(5) mechanisms(5) pkix(7) mod(0)
TBD6 } id-mod-ip-addr-and-as-ident-2(72) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
EXPORTS ALL; EXPORTS ALL;
IMPORTS IMPORTS
-- PKIX specific OIDs and arcs -- -- PKIX specific OIDs and arcs --
id-pe id-pe
FROM PKIX1Explicit-2009 FROM PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
skipping to change at page 11, line 5 skipping to change at page 11, line 5
range ASRange } range ASRange }
ASRange ::= SEQUENCE { ASRange ::= SEQUENCE {
min ASId, min ASId,
max ASId } max ASId }
ASId ::= INTEGER ASId ::= INTEGER
END END
4. ASN.1 Module RFC 6019 4. ASN.1 Module RFC 4049
We have updated the ASN.1 module associated with this document to be We have updated the ASN.1 module associated with this document to be
2008 compliant and to use the set of classes previously defined in 2008 compliant and to use the set of classes previously defined in
[RFC5911]. [RFC5911].
BinarySigningTimeModule-2009 BinarySigningTimeModule-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) TBD6 } pkcs-9(9) smime(16) modules(0)
id-mod-binSigningTime-2009(55) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
-- From PKIX-CommonTypes-2009 [RFC5912] -- From PKIX-CommonTypes-2009 [RFC5912]
ATTRIBUTE ATTRIBUTE
FROM PKIX-CommonTypes-2009 FROM PKIX-CommonTypes-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
skipping to change at page 13, line 11 skipping to change at page 13, line 11
BinarySigningTime ::= BinaryTime BinarySigningTime ::= BinaryTime
END END
5. ASN.1 Module RFC 4073 5. ASN.1 Module RFC 4073
We have updated the ASN.1 module associated with this document to be We have updated the ASN.1 module associated with this document to be
2008 compliant and to use the set of classes previously defined in 2008 compliant and to use the set of classes previously defined in
[RFC5911]. [RFC5911].
ContentCollectionModule-2009 ContentCollectionModule-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) TBD7 } pkcs-9(9) smime(16) modules(0) id-mod-context-Collect-2009(56) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
-- From CryptographicMessageSyntax-2009 [RFC5911] -- From CryptographicMessageSyntax-2009 [RFC5911]
CONTENT-TYPE, ContentInfo CONTENT-TYPE, ContentInfo
FROM CryptographicMessageSyntax-2009 FROM CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs-9(9) smime(16) modules(0) TBD1 } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
AttributeSet{}, ATTRIBUTE AttributeSet{}, ATTRIBUTE
FROM PKIX-CommonTypes-2009 FROM PKIX-CommonTypes-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkixCommon-02(57) } id-mod-pkixCommon-02(57) }
; ;
-- --
-- An object set of all content types defined by this module. -- An object set of all content types defined by this module.
-- This is to be added to ContentSet in the CMS module -- This is to be added to ContentSet in the CMS module
-- --
ContentSet CONTENT-TYPE ::= { ContentSet CONTENT-TYPE ::= {
ct-ContentCollection | ct-ContentWithAttributes, ... ct-ContentCollection | ct-ContentWithAttributes, ...
} }
-- --
-- Content Collection Content Type and Object Identifier -- Content Collection Content Type and Object Identifier
-- --
ct-ContentCollection CONTENT-TYPE ::= { ct-ContentCollection CONTENT-TYPE ::= {
TYPE ContentCollection IDENTIFIED BY id-ct-contentCollection } TYPE ContentCollection IDENTIFIED BY id-ct-contentCollection }
id-ct-contentCollection OBJECT IDENTIFIER ::= { id-ct-contentCollection OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) ct(1) 19 } smime(16) ct(1) 19 }
ContentCollection ::= SEQUENCE SIZE (1..MAX) OF ContentInfo ContentCollection ::= SEQUENCE SIZE (1..MAX) OF ContentInfo
-- --
-- Content With Attributes Content Type and Object Identifier -- Content With Attributes Content Type and Object Identifier
-- --
ct-ContentWithAttributes CONTENT-TYPE ::= { ct-ContentWithAttributes CONTENT-TYPE ::= {
TYPE ContentWithAttributes IDENTIFIED BY id-ct-contentWithAttrs } TYPE ContentWithAttributes IDENTIFIED BY id-ct-contentWithAttrs }
id-ct-contentWithAttrs OBJECT IDENTIFIER ::= { id-ct-contentWithAttrs OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) ct(1) 20 } smime(16) ct(1) 20 }
ContentWithAttributes ::= SEQUENCE { ContentWithAttributes ::= SEQUENCE {
content ContentInfo, content ContentInfo,
attrs SEQUENCE SIZE (1..MAX) OF AttributeSet attrs SEQUENCE SIZE (1..MAX) OF AttributeSet
{{ ContentAttributeSet }} {{ ContentAttributeSet }}
} }
ContentAttributeSet ATTRIBUTE ::= { ... }
END
ContentAttributeSet ATTRIBUTE ::= { ... }
END
6. ASN.1 Module RFC 4231 6. ASN.1 Module RFC 4231
RFC 4231 does not contain an ASN.1 module to be updated. We have RFC 4231 does not contain an ASN.1 module to be updated. We have
therefore created an ASN.1 module to represent the ASN.1 that is therefore created an ASN.1 module to represent the ASN.1 that is
present in the document. Note that the parameters are defined as present in the document. Note that the parameters are defined as
expecting a parameter for the algorithm identifiers in this module, expecting a parameter for the algorithm identifiers in this module,
this is different from most of the algorithms used in PKIX and this is different from most of the algorithms used in PKIX and
S/MIME. There is no concept of being able to truncate the MAC S/MIME. There is no concept of being able to truncate the MAC value
(Message Authentication Code) value in the ASN.1 unlike the XML in the ASN.1 unlike the XML definitions. This is reflected by not
definitions. This is reflected by not having a minimum MAC length having a minimum MAC length defined in the ASN.1.
defined in the ASN.1.
HMAC -- { TBD } -- HMAC { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0) id-mod-hmac(74) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
EXPORTS ALL; EXPORTS ALL;
IMPORTS IMPORTS
MAC-ALGORITHM, SMIME-CAPS MAC-ALGORITHM, SMIME-CAPS
FROM AlgorithmInformation-2009 FROM AlgorithmInformation-2009
{ iso(1) identified-organization(3) dod(6) internet(1) security(5) { iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) mechanisms(5) pkix(7) id-mod(0)
skipping to change at page 18, line 7 skipping to change at page 18, line 7
IDENTIFIER id-hmacWithSHA512 IDENTIFIER id-hmacWithSHA512
PARAMS TYPE NULL ARE preferredPresent PARAMS TYPE NULL ARE preferredPresent
IS-KEYED-MAC TRUE IS-KEYED-MAC TRUE
SMIME-CAPS {IDENTIFIED BY id-hmacWithSHA512} SMIME-CAPS {IDENTIFIED BY id-hmacWithSHA512}
} }
END END
7. ASN.1 Module RFC 4334 7. ASN.1 Module RFC 4334
We have updated the ASN.1 module associated with RFC 4334 to be ASN.1 We have updated the ASN.1 module assocated with RFC 4334 to be ASN.1
2008 compliant and to use the set of classes previously defined in 2008 compliant and to use the set of classes previously defined in
[RFC5912]. [RFC5912].
WLANCertExtn WLANCertExtn
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
TBD8 } id-mod-wlan-extns-2(73) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
EXPORTS ALL; EXPORTS ALL;
IMPORTS IMPORTS
EXTENSION, ATTRIBUTE EXTENSION, ATTRIBUTE
FROM PKIX-CommonTypes-2009 FROM PKIX-CommonTypes-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5) {iso(1) identified-organization(3) dod(6) internet(1) security(5)
skipping to change at page 20, line 10 skipping to change at page 20, line 10
id-aca-wlanSSID OBJECT IDENTIFIER ::= { id-aca 7 } id-aca-wlanSSID OBJECT IDENTIFIER ::= { id-aca 7 }
END END
8. ASN.1 Module RFC 5083 8. ASN.1 Module RFC 5083
This module is updated from RFC 5911 [RFC5911] by the following This module is updated from RFC 5911 [RFC5911] by the following
changes: changes:
1. Define separate attribute sets for the unprotected attributes 1. Define seperate attribute sets for the unprotected attributes
used in EnvelopedData, EncryptedData and used in EnvelopedData, EncryptedData and
AuthenticatedEnvelopedData (RFC 5083). AuthenticatedEnvelopedData (RFC 5083).
2. Define a parameterized type EncryptedContentInfoType so that the 2. Define a parameterized type EncryptedContentInfoType so that the
basic type can be used with different algorithm sets (used for basic type can be used with algorithm sets (used for
EnvelopedData, EncryptedData and AuthenticatedEnvelopedData (RFC EnvelopedData, EncryptedData and AuthenticatedEnvelopedData (RFC
5083)). The parameterized type is assigned to an unparameterized 5083)). The parameterized type is assigned to an unparameterized
type of EncryptedContentInfo to minimize the output changes from type of EncryptedContentInfo to minimize the output changes from
previous versions. previous versions.
Protocol designers can make use of the '08 ASN.1 contraints to define The use of different attribute sets for EncryptedData and
different sets of attributes for EncryptedData and EnvelopedData and EnvelopedData as well as for AuthenticatedData and AuthEnvelopedData,
for AuthenticatedData and AuthEnvelopedData. Previously, attributes protocol designers can make use of the '08 ASN.1 constraints to
could only be constrained based on whether they were in the clear or define different sets of attributes for EncryptedData and
unauthenticated not on the encapsulating content type. EnvelopedData and for AuthenticatedData and AuthEnvelopedData.
Previously, attributes could only be constrained based on whether
CMS-AuthEnvelopedData-2009 they were in the clear or unauthenticated not on the encapsulating
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) content type.
smime(16) modules(0) TBD2}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
CMSVersion, EncryptedContentInfoType{},
MessageAuthenticationCode, OriginatorInfo, RecipientInfos,
CONTENT-TYPE, Attributes{}, ATTRIBUTE, CONTENT-ENCRYPTION,
AlgorithmIdentifier{},
aa-signingTime, aa-messageDigest, aa-contentType
FROM CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-cms-2004-02(TBD1)}
ContentEncryptionAlgs CMS-AuthEnvelopedData-2009
FROM CMS-AES-CCM-and-AES-GCM-2009 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) smime(16) modules(0) id-mod-cmsAuthEnvData-2009(57) }
pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } DEFINITIONS IMPLICIT TAGS ::=
; BEGIN
IMPORTS
ContentTypes CONTENT-TYPE ::= {ct-authEnvelopedData, ... } CMSVersion, EncryptedContentInfoType{},
MessageAuthenticationCode, OriginatorInfo, RecipientInfos,
CONTENT-TYPE, Attributes{}, ATTRIBUTE, CONTENT-ENCRYPTION,
AlgorithmIdentifier{},
aa-signingTime, aa-messageDigest, aa-contentType
FROM CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
ct-authEnvelopedData CONTENT-TYPE ::= { ContentEncryptionAlgs
TYPE AuthEnvelopedData IDENTIFIED BY id-ct-authEnvelopedData FROM CMS-AES-CCM-and-AES-GCM-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) }
;
} ContentTypes CONTENT-TYPE ::= {ct-authEnvelopedData, ... }
ct-authEnvelopedData CONTENT-TYPE ::= {
TYPE AuthEnvelopedData IDENTIFIED BY id-ct-authEnvelopedData
}
id-ct-authEnvelopedData OBJECT IDENTIFIER ::= id-ct-authEnvelopedData OBJECT IDENTIFIER ::=
{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) ct(1) 23} smime(16) ct(1) 23}
AuthEnvelopedData ::= SEQUENCE { AuthEnvelopedData ::= SEQUENCE {
version CMSVersion, version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos, recipientInfos RecipientInfos,
authEncryptedContentInfo EncryptedContentInfo, authEncryptedContentInfo EncryptedContentInfo,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL, authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode, mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL
} }
EncryptedContentInfo ::= EncryptedContentInfo ::=
EncryptedContentInfoType { AuthContentEncryptionAlgorithmIdentifier } EncryptedContentInfoType { AuthContentEncryptionAlgorithmIdentifier }
AuthContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier AuthContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
{CONTENT-ENCRYPTION, {AuthContentEncryptionAlgorithmSet}} {CONTENT-ENCRYPTION, {AuthContentEncryptionAlgorithmSet}}
AuthContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::= { AuthContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::= {
ContentEncryptionAlgs, ...} ContentEncryptionAlgs, ...}
AuthAttributes ::= Attributes{{AuthEnvDataAttributeSet}} AuthAttributes ::= Attributes{{AuthEnvDataAttributeSet}}
UnauthAttributes ::= Attributes{{UnauthEnvDataAttributeSet}} UnauthAttributes ::= Attributes{{UnauthEnvDataAttributeSet}}
AuthEnvDataAttributeSet ATTRIBUTE ::= { AuthEnvDataAttributeSet ATTRIBUTE ::= {
aa-contentType | aa-messageDigest | aa-signingTime, ... } aa-contentType | aa-messageDigest | aa-signingTime, ... }
UnauthEnvDataAttributeSet ATTRIBUTE ::= {...} UnauthEnvDataAttributeSet ATTRIBUTE ::= {...}
END END
9. ASN.1 Module RFC 5652 9. ASN.1 Module RFC 5652
This module is updated from RFC 5911 [RFC5911] by the following This module is updated from RFC 5911 [RFC5911] by the following
changes: changes:
1. Define separate attribute sets for the unprotected attributes 1. Define seperate attribute sets for the unprotected attributes
used in EnvelopedData, EncryptedData and used in EnvelopedData, EncryptedData and
AuthenticatedEnvelopedData (RFC 5083). AuthenticatedEnvelopedData (RFC 5083).
2. Define a parameterized type EncryptedContentInfoType so that the 2. Define a parameterized type EncryptedContentInfoType so that the
basic type can be used with algorithm sets (used for basic type can be used with algorithm sets (used for
EnvelopedData, EncryptedData and AuthenticatedEnvelopedData (RFC EnvelopedData, EncryptedData and AuthenticatedEnvelopedData (RFC
5083)). The parameterized type is assigned to an unparameterized 5083)). The parameterized type is assigned to an unparameterized
type of EncryptedContentInfo to minimize the output changes from type of EncryptedContentInfo to minimize the output changes from
previous versions. previous versions.
We are anticipating the definition of attributes that are going to be The use of different attribute sets for EncryptedData and
resticted to the use of only EnvelopedData. We are therefore EnvelopedData as well as for AuthenticatedData and AuthEnvelopedData,
separating the different attribute sets so that protocol designers protocol designers can make use of the '08 ASN.1 constraints to
that need to do this will be able to define attributes that are used define different sets of attributes for EncryptedData and
for EnvelopedData but not for EncryptedData. The same separation is EnvelopedData and for AuthenticatedData and AuthEnvelopedData.
also being applied to AuthenticatedData and AuthEnvelopedData. Previously, attributes could only be constrained based on whether
they were in the clear or unauthenticated not on the encapsulating
content type.
CryptographicMessageSyntax-2009 CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) TBD1 } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
AlgorithmIdentifier{} AlgorithmIdentifier{}
FROM AlgorithmInformation-2009 FROM AlgorithmInformation-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5) {iso(1) identified-organization(3) dod(6) internet(1) security(5)
skipping to change at page 23, line 4 skipping to change at page 23, line 7
SignatureAlgs, MessageDigestAlgs, KeyAgreementAlgs, SignatureAlgs, MessageDigestAlgs, KeyAgreementAlgs,
MessageAuthAlgs, KeyWrapAlgs, ContentEncryptionAlgs, MessageAuthAlgs, KeyWrapAlgs, ContentEncryptionAlgs,
KeyTransportAlgs, KeyDerivationAlgs, KeyAgreePublicKeys KeyTransportAlgs, KeyDerivationAlgs, KeyAgreePublicKeys
FROM CryptographicMessageSyntaxAlgorithms-2009 FROM CryptographicMessageSyntaxAlgorithms-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-cmsalg-2001-02(37) } smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
Certificate, CertificateList, CertificateSerialNumber, Certificate, CertificateList, CertificateSerialNumber,
Name, ATTRIBUTE Name, ATTRIBUTE
FROM PKIX1Explicit-2009 FROM PKIX1Explicit-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-explicit-02(51) } id-mod-pkix1-explicit-02(51) }
AttributeCertificate AttributeCertificate
FROM PKIXAttributeCertificate-2009 FROM PKIXAttributeCertificate-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-attribute-cert-02(47) } id-mod-attribute-cert-02(47) }
AttributeCertificateV1 AttributeCertificateV1
FROM AttributeCertificateVersion1-2009 FROM AttributeCertificateVersion1-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) identified-organization(3) dod(6) internet(1)
smime(16) modules(0) id-mod-v1AttrCert-02(49) } ; security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-v1AttrCert-02(49) } ;
-- Cryptographic Message Syntax -- Cryptographic Message Syntax
-- The following are used for version numbers using the ASN.1 -- The following are used for version numbers using the ASN.1
-- idiom "[[n:" -- idiom "[[n:"
-- Version 1 = PKCS #7 -- Version 1 = PKCS #7
-- Version 2 = S/MIME V2 -- Version 2 = S/MIME V2
-- Version 3 = RFC 2630 -- Version 3 = RFC 2630
-- Version 4 = RFC 3369 -- Version 4 = RFC 3369
-- Version 5 = RFC 3852 -- Version 5 = RFC 3852
skipping to change at page 29, line 50 skipping to change at page 30, line 4
IssuerAndSerialNumber ::= SEQUENCE { IssuerAndSerialNumber ::= SEQUENCE {
issuer Name, issuer Name,
serialNumber CertificateSerialNumber } serialNumber CertificateSerialNumber }
CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
UserKeyingMaterial ::= OCTET STRING UserKeyingMaterial ::= OCTET STRING
KEY-ATTRIBUTE ::= TYPE-IDENTIFIER KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
OtherKeyAttribute ::= SEQUENCE { OtherKeyAttribute ::= SEQUENCE {
keyAttrId KEY-ATTRIBUTE. keyAttrId KEY-ATTRIBUTE.
&id({SupportedKeyAttributes}), &id({SupportedKeyAttributes}),
keyAttr KEY-ATTRIBUTE. keyAttr KEY-ATTRIBUTE.
&Type({SupportedKeyAttributes}{@keyAttrId})} &Type({SupportedKeyAttributes}{@keyAttrId})}
SupportedKeyAttributes KEY-ATTRIBUTE ::= { ... } SupportedKeyAttributes KEY-ATTRIBUTE ::= { ... }
-- Content Type Object Identifiers -- Content Type Object Identifiers
id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 } us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
ct-Data CONTENT-TYPE ::= {IDENTIFIED BY id-data } ct-Data CONTENT-TYPE ::= { IDENTIFIED BY id-data }
id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
ct-SignedData CONTENT-TYPE ::= ct-SignedData CONTENT-TYPE ::=
{ TYPE SignedData IDENTIFIED BY id-signedData} { TYPE SignedData IDENTIFIED BY id-signedData}
id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
skipping to change at page 33, line 13 skipping to change at page 33, line 13
END END
10. ASN.1 Module RFC 5752 10. ASN.1 Module RFC 5752
We have updated the ASN.1 module associated with this document to be We have updated the ASN.1 module associated with this document to be
2008 compliant and to use the set of classes previously defined in 2008 compliant and to use the set of classes previously defined in
[RFC5911]. [RFC5911].
MultipleSignatures-2009 MultipleSignatures-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) modules(0) TBD9 } smime(16) modules(0) id-mod-multipleSign-2009(59) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS All -- EXPORTS All
-- The types and values defined in this module are exported for use -- The types and values defined in this module are exported for use
-- in the other ASN.1 modules. Other applications may use them for -- in the other ASN.1 modules. Other applications may use them for
-- their own purposes. -- their own purposes.
IMPORTS IMPORTS
-- Imports from PKIX-Common-Types-2009 [RFC5912] -- Imports from PKIX-Common-Types-2009 [RFC5912]
ATTRIBUTE ATTRIBUTE
FROM PKIX-CommonTypes-2009 FROM PKIX-CommonTypes-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkixCommon-02(57) } id-mod-pkixCommon-02(57)}
-- Imports from CryptographicMessageSyntax-2009 [RFC5911] -- Imports from CryptographicMessageSyntax-2009 [RFC5911]
DigestAlgorithmIdentifier, SignatureAlgorithmIdentifier DigestAlgorithmIdentifier, SignatureAlgorithmIdentifier
FROM CryptographicMessageSyntax-2009 FROM CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) TBD1 } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
-- Imports from ExtendedSecurityServices-2009 [RFC5911] -- Imports from ExtendedSecurityServices-2009 [RFC5911]
ESSCertIDv2 ESSCertIDv2
FROM ExtendedSecurityServices-2009 FROM ExtendedSecurityServices-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-ess-2006-02(42) } smime(16) modules(0) id-mod-ess-2006-02(42) }
; ;
-- --
skipping to change at page 35, line 26 skipping to change at page 35, line 26
matching using first the object identifier and if that is not present matching using first the object identifier and if that is not present
the textual name of the module. Note however that some older the textual name of the module. Note however that some older
implementations used the textual name of the module for the purposes implementations used the textual name of the module for the purposes
of matching. In a full implementation the name assigned to the of matching. In a full implementation the name assigned to the
module is scoped to the ASN.1 module that it appears in (and thus module is scoped to the ASN.1 module that it appears in (and thus
need to match the module it is importing from). need to match the module it is importing from).
One can create a module that contains only the module number One can create a module that contains only the module number
assignments and import the module assignments from the new module. assignments and import the module assignments from the new module.
This means that when a module is replaced, one can replace the This means that when a module is replaced, one can replace the
previous module, update the module number assignment module and previous module, update the module number assigment module and
recompile without having to modify any other modules. recompile without having to modify any other modules.
A sample module assignment module would be: A sample module assigment module would be:
ModuleNumbers ModuleNumbers
DEFINITIONS TAGS ::= DEFINITIONS TAGS ::=
BEGIN BEGIN
id-mod-CMS ::= { iso(1) member-body(2) us(840) rsadsi(113549) id-mod-CMS ::= { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) TBD } pkcs(1) pkcs-9(9) smime(16) modules(0) TBD }
id-mod-AlgInfo ::= id-mod-AlgInfo ::=
{iso(1) identified-organization(3) dod(6) internet(1) {iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
skipping to change at page 39, line 13 skipping to change at page 39, line 13
None. None.
14. Normative References 14. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3274] Gutmann, P., "Compressed Data Content Type for [RFC3274] Gutmann, P., "Compressed Data Content Type for
Cryptographic Message Syntax (CMS)", RFC 3274, June 2002. Cryptographic Message Syntax (CMS)", RFC 3274, June 2002.
[RFC3779] Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP [RFC3379] Pinkas, D. and R. Housley, "Delegated Path Validation and
Addresses and AS Identifiers", RFC 3779, June 2004. Delegated Path Discovery Protocol Requirements", RFC 3379,
September 2002.
[RFC6019] Housley, R., "BinaryTime: An Alternate Format for [RFC4049] Housley, R., "BinaryTime: An Alternate Format for
Representing Date and Time in ASN.1", RFC 6019, Representing Date and Time in ASN.1", RFC 4049,
September 2010. April 2005.
[RFC4073] Housley, R., "Protecting Multiple Contents with the [RFC4073] Housley, R., "Protecting Multiple Contents with the
Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. Cryptographic Message Syntax (CMS)", RFC 4073, May 2005.
[RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA- [RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA-
224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", 224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512",
RFC 4231, December 2005. RFC 4231, December 2005.
[RFC4334] Housley, R. and T. Moore, "Certificate Extensions and [RFC4334] Housley, R. and T. Moore, "Certificate Extensions and
Attributes Supporting Authentication in Point-to-Point Attributes Supporting Authentication in Point-to-Point
Protocol (PPP) and Wireless Local Area Networks (WLAN)", Protocol (PPP) and Wireless Local Area Networks (WLAN)",
RFC 4334, February 2006. RFC 4334, February 2006.
[RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type", RFC 5083, Authenticated-Enveloped-Data Content Type", RFC 5083,
November 2007. November 2007.
[RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated
Encryption in the Cryptographic Message Syntax (CMS)",
RFC 5084, November 2007.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, September 2009. RFC 5652, September 2009.
[RFC5752] Turner, S. and J. Schaad, "Multiple Signatures in [RFC5752] Turner, S. and J. Schaad, "Multiple Signatures in
Cryptographic Message Syntax (CMS)", RFC 5752, Cryptographic Message Syntax (CMS)", RFC 5752,
January 2010. January 2010.
[RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for
Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911,
June 2010. June 2010.
 End of changes. 67 change blocks. 
155 lines changed or deleted 164 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/