| < draft-turner-additional-new-asn-07.txt | draft-turner-additional-new-asn-08.txt > | |||
|---|---|---|---|---|
| Network Working Group J. Schaad | Network Working Group J. Schaad | |||
| Internet-Draft Soaring Hawk Consulting | Internet-Draft Soaring Hawk Consulting | |||
| Updates: 5911 (if approved) S. Turner | Updates: 5911 (if approved) S. Turner | |||
| Intended status: Informational IECA, Inc. | Intended status: Informational IECA, Inc. | |||
| Expires: August 11, 2011 February 7, 2011 | Expires: September 29, 2011 March 28, 2011 | |||
| Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) | Additional New ASN.1 Modules for the Cryptographic Message Syntax (CMS) | |||
| and the Public Key Infrastructure Using X.509 (PKIX) | and the Public Key Infrastructure Using X.509 (PKIX) | |||
| draft-turner-additional-new-asn-07 | draft-turner-additional-new-asn-08 | |||
| Abstract | Abstract | |||
| The Cryptographic Message Syntax (CMS) format, and many associated | The Cryptographic Message Syntax (CMS) format, and many associated | |||
| formats, are expressed using ASN.1. The current ASN.1 modules | formats, are expressed using ASN.1. The current ASN.1 modules | |||
| conform to the 1988 version of ASN.1. This document updates some | conform to the 1988 version of ASN.1. This document updates some | |||
| auxiliary ASN.1 modules to conform to the 2008 version of ASN.1; the | auxiliary ASN.1 modules to conform to the 2008 version of ASN.1; the | |||
| 1988 ASN.1 modules remain the normative version. There are no bits- | 1988 ASN.1 modules remain the normative version. There are no bits- | |||
| on-the-wire changes to any of the formats; this is simply a change to | on-the-wire changes to any of the formats; this is simply a change to | |||
| the syntax. | the syntax. | |||
| skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 11, 2011. | This Internet-Draft will expire on September 29, 2011. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2011 IETF Trust and the persons identified as the | Copyright (c) 2011 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 6, line 11 ¶ | skipping to change at page 6, line 11 ¶ | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. ASN.1 Module RFC 3274 | 2. ASN.1 Module RFC 3274 | |||
| We have updated the ASN.1 module associated with this document to be | We have updated the ASN.1 module associated with this document to be | |||
| 2008 compliant and to use the set of classes previously defined in | 2008 compliant and to use the set of classes previously defined in | |||
| [RFC5911]. | [RFC5911]. | |||
| CompressedDataContent | CompressedDataContent-2010 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-compressedDataContent(54) } | smime(16) modules(0) id-mod-compressedDataContent(54) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| CMSVersion, EncapsulatedContentInfo, | CMSVersion, EncapsulatedContentInfo, | |||
| CONTENT-TYPE | CONTENT-TYPE | |||
| FROM CryptographicMessageSyntax-2009 | FROM CryptographicMessageSyntax-2009 | |||
| skipping to change at page 6, line 50 ¶ | skipping to change at page 6, line 50 ¶ | |||
| ContentTypes CONTENT-TYPE ::= {ct-compressedData} | ContentTypes CONTENT-TYPE ::= {ct-compressedData} | |||
| -- | -- | |||
| -- SMimeCaps contains the set of S/MIME capabilities that | -- SMimeCaps contains the set of S/MIME capabilities that | |||
| -- are associated with the algorithms defined in this | -- are associated with the algorithms defined in this | |||
| -- document. | -- document. | |||
| -- | -- | |||
| -- SMimeCaps are added to SMimeCapsSet defined in [RFC3851]. | -- SMimeCaps are added to SMimeCapsSet defined in [RFC3851]. | |||
| -- | -- | |||
| SMimeCaps SMIME-CAPS ::= {cpa-zlibCompress.&smimeCaps} | SMimeCaps SMIME-CAPS ::= {cpa-zlibCompress.&smimeCaps, ...} | |||
| -- | -- | |||
| -- Define the compressed data content type | -- Define the compressed data content type | |||
| -- | -- | |||
| ct-compressedData CONTENT-TYPE ::= { | ct-compressedData CONTENT-TYPE ::= { | |||
| TYPE CompressedData IDENTIFIED BY id-ct-compressedData | TYPE CompressedData IDENTIFIED BY id-ct-compressedData | |||
| } | } | |||
| CompressedData ::= SEQUENCE { | CompressedData ::= SEQUENCE { | |||
| skipping to change at page 9, line 11 ¶ | skipping to change at page 9, line 11 ¶ | |||
| } | } | |||
| END | END | |||
| 3. ASN.1 Module RFC 3779 | 3. ASN.1 Module RFC 3779 | |||
| We have updated the ASN.1 module associated with RFC 3779 to be ASN.1 | We have updated the ASN.1 module associated with RFC 3779 to be ASN.1 | |||
| 2008 compliant and to use the set of classes previously defined in | 2008 compliant and to use the set of classes previously defined in | |||
| [RFC5912]. | [RFC5912]. | |||
| IPAddrAndASCertExtn { iso(1) identified-organization(3) dod(6) | IPAddrAndASCertExtn-2010 { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) mod(0) | internet(1) security(5) mechanisms(5) pkix(7) mod(0) | |||
| id-mod-ip-addr-and-as-ident-2(72) } | id-mod-ip-addr-and-as-ident-2(72) } | |||
| DEFINITIONS EXPLICIT TAGS ::= | DEFINITIONS EXPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| EXPORTS ALL; | EXPORTS ALL; | |||
| IMPORTS | IMPORTS | |||
| -- PKIX specific OIDs and arcs -- | -- PKIX specific OIDs and arcs -- | |||
| id-pe | id-pe | |||
| skipping to change at page 13, line 5 ¶ | skipping to change at page 13, line 5 ¶ | |||
| ASId ::= INTEGER | ASId ::= INTEGER | |||
| END | END | |||
| 4. ASN.1 Module RFC 6019 | 4. ASN.1 Module RFC 6019 | |||
| We have updated the ASN.1 module associated with this document to be | We have updated the ASN.1 module associated with this document to be | |||
| 2008 compliant and to use the set of classes previously defined in | 2008 compliant and to use the set of classes previously defined in | |||
| [RFC5911]. | [RFC5911]. | |||
| BinarySigningTimeModule-2009 | BinarySigningTimeModule-2010 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | |||
| pkcs-9(9) smime(16) modules(0) | pkcs-9(9) smime(16) modules(0) | |||
| id-mod-binSigningTime-2009(55) } | id-mod-binSigningTime-2009(55) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| -- From PKIX-CommonTypes-2009 [RFC5912] | -- From PKIX-CommonTypes-2009 [RFC5912] | |||
| ATTRIBUTE | ATTRIBUTE | |||
| skipping to change at page 14, line 11 ¶ | skipping to change at page 14, line 11 ¶ | |||
| BinarySigningTime ::= BinaryTime | BinarySigningTime ::= BinaryTime | |||
| END | END | |||
| 5. ASN.1 Module RFC 4073 | 5. ASN.1 Module RFC 4073 | |||
| We have updated the ASN.1 module associated with this document to be | We have updated the ASN.1 module associated with this document to be | |||
| 2008 compliant and to use the set of classes previously defined in | 2008 compliant and to use the set of classes previously defined in | |||
| [RFC5911]. | [RFC5911]. | |||
| ContentCollectionModule-2009 | ContentCollectionModule-2010 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | |||
| pkcs-9(9) smime(16) modules(0) id-mod-context-Collect-2009(56) } | pkcs-9(9) smime(16) modules(0) id-mod-context-Collect-2009(56) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| -- From CryptographicMessageSyntax-2009 [RFC5911] | -- From CryptographicMessageSyntax-2009 [RFC5911] | |||
| CONTENT-TYPE, ContentInfo | CONTENT-TYPE, ContentInfo | |||
| FROM CryptographicMessageSyntax-2009 | FROM CryptographicMessageSyntax-2009 | |||
| skipping to change at page 16, line 17 ¶ | skipping to change at page 16, line 17 ¶ | |||
| RFC 4231 does not contain an ASN.1 module to be updated. We have | RFC 4231 does not contain an ASN.1 module to be updated. We have | |||
| therefore created an ASN.1 module to represent the ASN.1 that is | therefore created an ASN.1 module to represent the ASN.1 that is | |||
| present in the document. Note that the parameters are defined as | present in the document. Note that the parameters are defined as | |||
| expecting a parameter for the algorithm identifiers in this module, | expecting a parameter for the algorithm identifiers in this module, | |||
| this is different from most of the algorithms used in PKIX and | this is different from most of the algorithms used in PKIX and | |||
| S/MIME. There is no concept of being able to truncate the MAC | S/MIME. There is no concept of being able to truncate the MAC | |||
| (Message Authentication Code) value in the ASN.1 unlike the XML | (Message Authentication Code) value in the ASN.1 unlike the XML | |||
| definitions. This is reflected by not having a minimum MAC length | definitions. This is reflected by not having a minimum MAC length | |||
| defined in the ASN.1. | defined in the ASN.1. | |||
| HMAC { iso(1) identified-organization(3) dod(6) internet(1) | HMAC-2010 { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) mod(0) id-mod-hmac(74) } | security(5) mechanisms(5) pkix(7) mod(0) id-mod-hmac(74) } | |||
| DEFINITIONS EXPLICIT TAGS ::= | DEFINITIONS EXPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| EXPORTS ALL; | EXPORTS ALL; | |||
| IMPORTS | IMPORTS | |||
| MAC-ALGORITHM, SMIME-CAPS | MAC-ALGORITHM, SMIME-CAPS | |||
| FROM AlgorithmInformation-2009 | FROM AlgorithmInformation-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) security(5) | { iso(1) identified-organization(3) dod(6) internet(1) security(5) | |||
| skipping to change at page 17, line 5 ¶ | skipping to change at page 17, line 5 ¶ | |||
| } | } | |||
| -- | -- | |||
| -- This object set contains all of the S/MIME capabilities that | -- This object set contains all of the S/MIME capabilities that | |||
| -- have been defined for all the MAC algorithms in this module. | -- have been defined for all the MAC algorithms in this module. | |||
| -- One would add this to an object set that is used to restrict | -- One would add this to an object set that is used to restrict | |||
| -- smime capabilities such as the SMimeCapsSet variable in | -- smime capabilities such as the SMimeCapsSet variable in | |||
| -- the S/MIME message draft | -- the S/MIME message draft | |||
| -- | -- | |||
| SMimeCaps SMIME-CAPS ::= { | SMimeCaps SMIME-CAPS ::= { | |||
| maca-hMAC-SHA224.&smimeCaps | | maca-hMAC-SHA224.&smimeCaps | | |||
| maca-hMAC-SHA256.&smimeCaps | | maca-hMAC-SHA256.&smimeCaps | | |||
| maca-hMAC-SHA384.&smimeCaps | | maca-hMAC-SHA384.&smimeCaps | | |||
| maca-hMAC-SHA512.&smimeCaps | maca-hMAC-SHA512.&smimeCaps | |||
| } | } | |||
| -- | -- | |||
| -- Define the base OID for the algorithm identifiers | -- Define the base OID for the algorithm identifiers | |||
| -- | -- | |||
| rsadsi OBJECT IDENTIFIER ::= | rsadsi OBJECT IDENTIFIER ::= | |||
| {iso(1) member-body(2) us(840) rsadsi(113549)} | {iso(1) member-body(2) us(840) rsadsi(113549)} | |||
| digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} | digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} | |||
| skipping to change at page 19, line 11 ¶ | skipping to change at page 19, line 11 ¶ | |||
| } | } | |||
| END | END | |||
| 7. ASN.1 Module RFC 4334 | 7. ASN.1 Module RFC 4334 | |||
| We have updated the ASN.1 module associated with RFC 4334 to be ASN.1 | We have updated the ASN.1 module associated with RFC 4334 to be ASN.1 | |||
| 2008 compliant and to use the set of classes previously defined in | 2008 compliant and to use the set of classes previously defined in | |||
| [RFC5912]. | [RFC5912]. | |||
| WLANCertExtn | WLANCertExtn-2010 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-wlan-extns-2(73) } | id-mod-wlan-extns-2(73) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| EXPORTS ALL; | EXPORTS ALL; | |||
| IMPORTS | IMPORTS | |||
| skipping to change at page 21, line 28 ¶ | skipping to change at page 21, line 28 ¶ | |||
| type of EncryptedContentInfo to minimize the output changes from | type of EncryptedContentInfo to minimize the output changes from | |||
| previous versions. | previous versions. | |||
| Protocol designers can make use of the '08 ASN.1 constraints to | Protocol designers can make use of the '08 ASN.1 constraints to | |||
| define different sets of attributes for EncryptedData and | define different sets of attributes for EncryptedData and | |||
| EnvelopedData and for AuthenticatedData and AuthEnvelopedData. | EnvelopedData and for AuthenticatedData and AuthEnvelopedData. | |||
| Previously, attributes could only be constrained based on whether | Previously, attributes could only be constrained based on whether | |||
| they were in the clear or unauthenticated not on the encapsulating | they were in the clear or unauthenticated not on the encapsulating | |||
| content type. | content type. | |||
| CMS-AuthEnvelopedData-2009 | CMS-AuthEnvelopedData-2010 | |||
| {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cmsAuthEnvData-2009(57) } | smime(16) modules(0) id-mod-cmsAuthEnvData-2009(57) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| CMSVersion, EncryptedContentInfoType{}, | CMSVersion, EncryptedContentInfoType{}, | |||
| MessageAuthenticationCode, OriginatorInfo, RecipientInfos, | MessageAuthenticationCode, OriginatorInfo, RecipientInfos, | |||
| CONTENT-TYPE, Attributes{}, ATTRIBUTE, CONTENT-ENCRYPTION, | CONTENT-TYPE, Attributes{}, ATTRIBUTE, CONTENT-ENCRYPTION, | |||
| AlgorithmIdentifier{}, | AlgorithmIdentifier{}, | |||
| skipping to change at page 23, line 28 ¶ | skipping to change at page 23, line 28 ¶ | |||
| type of EncryptedContentInfo to minimize the output changes from | type of EncryptedContentInfo to minimize the output changes from | |||
| previous versions. | previous versions. | |||
| We are anticipating the definition of attributes that are going to be | We are anticipating the definition of attributes that are going to be | |||
| resticted to the use of only EnvelopedData. We are therefore | resticted to the use of only EnvelopedData. We are therefore | |||
| separating the different attribute sets so that protocol designers | separating the different attribute sets so that protocol designers | |||
| that need to do this will be able to define attributes that are used | that need to do this will be able to define attributes that are used | |||
| for EnvelopedData, but not for EncryptedData. The same separation is | for EnvelopedData, but not for EncryptedData. The same separation is | |||
| also being applied to AuthenticatedData and AuthEnvelopedData. | also being applied to AuthenticatedData and AuthEnvelopedData. | |||
| CryptographicMessageSyntax-2009 | CryptographicMessageSyntax-2010 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) | { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } | pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| IMPORTS | IMPORTS | |||
| ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, | ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, | |||
| PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, | PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, | |||
| KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, | KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, | |||
| AlgorithmIdentifier{} | AlgorithmIdentifier{} | |||
| skipping to change at page 34, line 11 ¶ | skipping to change at page 34, line 11 ¶ | |||
| SET SIZE (1..MAX) OF Attribute {{ AttrList }} | SET SIZE (1..MAX) OF Attribute {{ AttrList }} | |||
| END | END | |||
| 10. ASN.1 Module RFC 5752 | 10. ASN.1 Module RFC 5752 | |||
| We have updated the ASN.1 module associated with this document to be | We have updated the ASN.1 module associated with this document to be | |||
| 2008 compliant and to use the set of classes previously defined in | 2008 compliant and to use the set of classes previously defined in | |||
| [RFC5911]. | [RFC5911]. | |||
| MultipleSignatures-2009 | MultipleSignatures-2010 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) | |||
| smime(16) modules(0) id-mod-multipleSign-2009(59) } | smime(16) modules(0) id-mod-multipleSign-2009(59) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS All | -- EXPORTS All | |||
| -- The types and values defined in this module are exported for use | -- The types and values defined in this module are exported for use | |||
| -- in the other ASN.1 modules. Other applications may use them for | -- in the other ASN.1 modules. Other applications may use them for | |||
| -- their own purposes. | -- their own purposes. | |||
| IMPORTS | IMPORTS | |||
| skipping to change at page 36, line 35 ¶ | skipping to change at page 36, line 35 ¶ | |||
| This means that when a module is replaced, one can replace the | This means that when a module is replaced, one can replace the | |||
| previous module, update the module number assignment module and | previous module, update the module number assignment module and | |||
| recompile without having to modify any other modules. | recompile without having to modify any other modules. | |||
| A sample module assignment module would be: | A sample module assignment module would be: | |||
| ModuleNumbers | ModuleNumbers | |||
| DEFINITIONS TAGS ::= | DEFINITIONS TAGS ::= | |||
| BEGIN | BEGIN | |||
| id-mod-CMS ::= { iso(1) member-body(2) us(840) rsadsi(113549) | id-mod-CMS ::= { iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0) TBD } | pkcs(1) pkcs-9(9) smime(16) modules(0) 58 } | |||
| id-mod-AlgInfo ::= | id-mod-AlgInfo ::= | |||
| {iso(1) identified-organization(3) dod(6) internet(1) | {iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation-02(58)} | id-mod-algorithmInformation-02(58)} | |||
| END | END | |||
| This would be used in the following import statement: | This would be used in the following import statement: | |||
| IMPORTS | IMPORTS | |||
| End of changes. 15 change blocks. | ||||
| 18 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||