idnits 2.17.1 

draft-blake-wilson-xmldsig-ecdsa-09.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** The document seems to lack a 1id_guidelines paragraph about
     Internet-Drafts being working documents. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 1
     longer page, the longest (page 4) being 59 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 116: '...The XML namespace [XML-ns] URI that MUST be used by implementations of...'
     RFC 2119 keyword, line 146: '...definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]:...'
     RFC 2119 keyword, line 205: '...[X9.62], [FIPS-186-2] or [SEC2], the OIDs of these curves SHOULD be used...'


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (March 2004) is 7346 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'FIPS186-2' is mentioned on line 86, but not defined

  == Missing Reference: 'NIST-ECC' is mentioned on line 481, but not defined

  == Outdated reference: A later version (-09) exists of
     draft-eastlake-xmldsig-uri-06

  -- Possible downref: Non-RFC (?) normative reference: ref. 'XML-schema'


     Summary: 6 errors (**), 0 flaws (~~), 6 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	INTERNET-DRAFT                                      S. Blake-Wilson, BCI
2	                                               G. Karlinger, CIO Austria
3	                                                       T. Kobayashi, NTT
4	                                                           Y. Wang, UNCC
5	Expires: Sept 2004                                            March 2004

7	             Using the Elliptic Curve Signature Algorithm (ECDSA)
8	                        for XML Digital Signatures
9	                 <draft-blake-wilson-xmldsig-ecdsa-09.txt>

11	Status of this Memo

13	This document is an Internet-Draft and is in full conformance with all
14	provisions of Section 10 of RFC2026. Internet-Drafts are working
15	documents of the Internet Engineering Task Force (IETF), its areas,
16	and its working groups. Note that other groups may also distribute
17	working documents as Internet-Drafts.

19	Internet-Drafts are draft documents valid for a maximum of six months
20	and may be updated, replaced, or obsoleted by other documents at any
21	time. It is inappropriate to use Internet-Drafts as reference material
22	or to cite them other than as "work in progress."

24	The list of current Internet-Drafts may be found at
25	http://www.ietf.org/ietf/1id-abstracts.txt

27	The list of Internet-Draft Shadow Directories may be found at
28	http://www.ietf.org/shadow.html.

30	Abstract

32	  This document specifies how to use ECDSA (Elliptic Curve Digital
33	  Signature Algorithm) with XML Signatures. The mechanism
34	  specified provides integrity, message authentication, and/or signer
35	  authentication services for data of any type, whether located
36	  within the XML that includes the signature or included by reference.

38	Table of Contents

40	  1  Introduction . . . . . . . . . . . . . . . . . . . . . . . . . .  3
41	  2  ECDSA  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
42	  3  Specifying ECDSA within XMLDSIG  . . . . . . . . . . . . . . . .  3
43	     3.1  Version, Namespaces and Identifiers . . . . . . . . . . . .  3
44	     3.2  XML Schema Preamble and DTD Replacement . . . . . . . . . .  4
45	          3.2.1 XML Schema Preamble . . . . . . . . . . . . . . . . .  4
46	          3.2.2 DTD Replacement . . . . . . . . . . . . . . . . . . .  4
47	     3.3  ECDSA Signatures  . . . . . . . . . . . . . . . . . . . . .  4
48	     3.4  ECDSA Key Values  . . . . . . . . . . . . . . . . . . . . .  4
49	          3.4.1  Key Value Root Element . . . . . . . . . . . . . . .  4
50	          3.4.2  EC Domain Parameters . . . . . . . . . . . . . . . .  5
51	                 3.4.2.1  Field Parameters  . . . . . . . . . . . . .  6
52	                 3.4.2.2  Curve Parameters  . . . . . . . . . . . . .  8
53	                 3.4.2.3  Base Point Parameters . . . . . . . . . . .  8
54	          3.4.3  EC Points  . . . . . . . . . . . . . . . . . . . . .  9

56	  4  Security Considerations  . . . . . . . . . . . . . . . . . . . . 10
57	  5  Normative References . . . . . . . . . . . . . . . . . . . . . . 10
58	  6  Informative References . . . . . . . . . . . . . . . . . . . . . 12
59	  7  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12

61	  Appendix A: Aggregate XML Schema  . . . . . . . . . . . . . . . . . 13
62	  Appendix B: Aggregate DTD . . . . . . . . . . . . . . . . . . . . . 16

64	  Authors' addresses. . . . . . . . . . . . . . . . . . . . . . . . . 17
65	  Intellectual Property Rights. . . . . . . . . . . . . . . . . . . . 17
66	  Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . . 18

68	1. Introduction

70	This document specifies how to use the Elliptic Curve Digital Signature
71	Algorithm (ECDSA) with XML signatures as specified in [XMLDSIG].
72	[XMLDSIG] defines only two digital signature methods: RSA signatures
73	and DSA (DSS) signatures. This document introduces ECDSA signatures as
74	an additional method.

76	This document uses both XML Schemas [XML-schema] (normative) and DTDs
77	[XML] (informational) for specifying the corresponding XML structures.

79	2. ECDSA

81	The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic
82	curve analogue of the DSA (DSS) signature method [FIPS186-2]. It is
83	defined in the ANSI X9.62 standard [X9.62]. Other compatible
84	specifications include FIPS 186-2 [FIPS186-2], IEEE 1363 [IEEE1363],
85	IEEE 1363a [IEEE1363a], and SEC1 [SEC1]. [RFC3279] describes the means
86	to carry ECDSA keys in X.509 certificates. [FIPS186-2], [SEC2], and
87	[X9.62] give recommended elliptic curve domain parameters for use with
88	ECDSA.

90	Like DSA, ECDSA incorporates the use of a hash function. Currently,the
91	only hash function defined for use with ECDSA is the SHA-1 message
92	digest algorithm [FIPS-180-1].

94	ECDSA signatures are smaller than RSA signatures of similar
95	cryptographic strength. ECDSA public keys (and certificates) are smaller
96	than similar strength DSA keys, resulting in improved communications
97	efficiency. Furthermore, on many platforms ECDSA operations can be
98	computed faster than similar strength RSA or DSA operations (see [KEYS]
99	for a security analysis of key sizes across public key algorithms).
100	These advantages of signature size, bandwidth, and computational
101	efficiency may make ECDSA an attractive choice for XMLDSIG
102	implementations.

104	3. Specifying ECDSA within XMLDSIG

106	This section specifies the details of how to use ECDSA with XML
107	Signature Syntax and Processing [XMLDSIG]. It relies heavily on the
108	syntax and namespace defined in [XMLDSIG].

110	3.1 Version, Namespaces and Identifiers

112	This specification makes no provision for an explicit version number in
113	the syntax. If a future version is needed, it will use a different
114	namespace.

116	The XML namespace [XML-ns] URI that MUST be used by implementations of
117	this (dated) specification is:
118	  http://www.w3.org/2001/04/xmldsig-more#

120	Elements in the namespace of the [XMLDSIG] specification are marked as
121	such by using the namespace prefix "dsig" in the remaining sections of
122	this document.

124	The identifier for the ECDSA signature algorithm as defined in
125	[Eastlake] is:
126	  http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1

128	3.2 XML Schema Preamble and DTD Replacement

130	3.2.1 XML Schema Preamble

132	The subsequent preamble is to be used with the XML Schema definitions
133	given in the remaining sections of this document.

135	  <?xml version="1.0" encoding="UTF-8"?>
136	  <xs:schema
137	    targetNamespace="http://www.w3.org/2001/04/xmldsig-more#"
138	    xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#"
139	    xmlns:xs="http://www.w3.org/2001/XMLSchema"
140	    elementFormDefault="qualified" attributeFormDefault="unqualified"
141	    version="0.2">

143	3.2.2 DTD Replacement

145	In order to include ECDSA in XML-signature syntax, the following
146	definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]:

148	  <!ENTITY % KeyValue.ANY '| ecdsa:ECDSAKeyValue'>

150	3.3 ECDSA Signatures

152	The input to the ECDSA algorithm is the canonicalized representation of
153	the dsig:SignedInfo element as specified in Section 3 of [XMLDSIG].

155	The output of the ECDSA algorithm consists of a pair of integers usually
156	referred by the pair (r, s). The signature value (text value of element
157	dsig:SignatureValue - see section 4.2 of [XMLDSIG]) consists of the
158	base64 encoding of the concatenation of two octet-streams that
159	respectively result from the octet-encoding of the values r and s. This
160	concatenation is described in section E3.1 of [IEEE1363].

162	3.4 ECDSA Key Values

164	The syntax used for ECDSA key values closely follows the ASN.1 syntax
165	defined in ANSI X9.62 [X9.62].

167	3.4.1 Key Value Root Element

169	The element ECDSAKeyValue is used for encoding ECDSA public keys. For
170	use with XMLDSIG simply use this element inside dsig:KeyValue, such as
171	the predefined elements dsig:RSAKeyValue or dsig:DSAKeyValue.

173	The element consists of an optional subelement DomainParameters and the
174	mandatory subelement PublicKey. If Domainparameters is missing in an
175	instance, this means that the application knows about them from other
176	means (implicitly).

178	  Schema Definition:

180	  <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>

182	  <xs:complexType name="ECDSAKeyValueType">
183	    <xs:sequence>
184	      <xs:element name="DomainParameters" type="ecdsa:DomainParamsType"
185	                  minOccurs="0"/>
186	      <xs:element name="PublicKey" type="ecdsa:ECPointType"/>
187	    </xs:sequence>
188	  </xs:complexType>

190	  DTD Definition:

192	  <!ELEMENT ECDSAKeyValue (DomainParameters?, PublicKey)>
193	  <!ELEMENT PublicKey (X, Y)?>
194	  <!ELEMENT X EMPTY>
195	  <!ATTLIST X Value CDATA #REQUIRED>
196	  <!ELEMENT Y EMPTY>
197	  <!ATTLIST Y Value CDATA #REQUIRED>

199	3.4.2 EC Domain Parameters

201	Domain parameters can be encoded either explicitly using element
202	ExplicitParams, or by reference using element NamedCurve. The latter
203	simply consists of an attribute named URN, which bears a uniform
204	resource name as its value. For the named curves of standards like
205	[X9.62], [FIPS-186-2] or [SEC2], the OIDs of these curves SHOULD be used
206	in this attribute, e. g. URN="urn:oid:1.2.840.10045.3.1.1". The
207	mechanism for encoding OIDs in URNs is shown in [RFC3061].

209	  Schema Definition:

211	  <xs:complexType name="DomainParamsType">
212	    <xs:choice>
213	      <xs:element name="ExplicitParams"
214	                  type="ecdsa:ExplicitParamsType"/>
215	      <xs:element name="NamedCurve">
216	        <xs:complexType>
217	          <xs:attribute name="URN" type="xs:anyURI" use="required"/>
218	        </xs:complexType>
219	      </xs:element>
220	    </xs:choice>
221	  </xs:complexType>

223	  DTD Definition:

225	  <!ELEMENT DomainParameters (ExplicitParams | NamedCurve)>
226	  <!ELEMENT NamedCurve EMPTY>
227	  <!ATTLIST NamedCurve URN CDATA #REQUIRED>

229	The element ExplicitParams is used for explicit encoding of domain
230	parameters. It contains three subelements: FieldParams describes the
231	underlying field, CurveParams describes the elliptic curve, and
232	BasePointParams describes the base point of the elliptic curve.

234	  Schema Definition:

236	  <xs:complexType name="ExplicitParamsType">
237	    <xs:sequence>
238	      <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
239	      <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
240	      <xs:element name="BasePointParams"
241	                  type="ecdsa:BasePointParamsType"/>
242	    </xs:sequence>
243	  </xs:complexType>

245	  DTD Definition:

247	  <!ELEMENT ExplicitParams (FieldParams, CurveParams, BasePointParams)>

249	3.4.2.1 Field Parameters

251	The element FieldParams is used for encoding field parameters. The
252	corresponding XML Schema type FieldParamsType is declared abstract and
253	will be extended by specialized types for prime field, characteristic
254	two field and odd characteristic extension fields parameters.

256	The XML Schema type PrimeFieldParamsType is derived from FieldParamsType
257	and is used for for encoding prime field parameters. The type contains
258	as its single subelement P, the order of the prime field.

260	The XML Schema type CharTwoFieldParamsType is derived from
261	FieldParamsType as well and is used for encoding parameters of a
262	characteristic two field. It is again an abstract type and will be
263	extended by specialized types for trinomial base fields and pentanomial
264	base fields. F2m Gaussian Normal Base fields are not supported by this
265	specification to relieve interoperability. Common to both specialized
266	types is the element M, the extension degree of the field.

268	The XML Schema type TnBFieldParamsType is derived from
269	CharTwoFieldParamsType and is used for encoding trinomial base fields.
270	It adds the single element K, which represents the integer k, where
271	x^m + x^k + 1 is the reduction polynomial.

273	The XML Schema type PnBFieldParamsType is derived from
274	CharTwoFieldParamsType as well and is used for encoding pentanomial base
275	fields. It adds the three elements K1, K2 and K3, which represent the
276	integers k1, k2 and k3 respectively, where x^m + x^k3 + x^k2 + x^k1 + 1
277	is the reduction polynomial.

279	The XML Schema type OddCharExtensionFieldParamsType is derived from
280	FieldParamsType as well and is used for encoding parameters of an
281	odd characteristic extension field. The type contains two elements M,
282	which represents the extension degree of the field m, and W, which
283	represents the integer w, where x^m - w is the reduction polynomial.

285	  Schema Definition:

287	  <xs:complexType name="FieldParamsType" abstract="true"/>

289	  <xs:complexType name="PrimeFieldParamsType">
290	    <xs:complexContent>
291	      <xs:extension base="ecdsa:FieldParamsType">
292	        <xs:sequence>
293	          <xs:element name="P" type="xs:positiveInteger"/>
294	        </xs:sequence>
295	      </xs:extension>
296	    </xs:complexContent>
297	  </xs:complexType>

299	  <xs:complexType name="CharTwoFieldParamsType" abstract="true">
300	    <xs:complexContent>
301	      <xs:extension base="ecdsa:FieldParamsType">
302	        <xs:sequence>
303	          <xs:element name="M" type="xs:positiveInteger"/>
304	        </xs:sequence>
305	      </xs:extension>
306	    </xs:complexContent>
307	  </xs:complexType>

309	  <xs:complexType name="OddCharExtensionFieldParamsType">
310	    <xs:complexContent>
311	      <xs:extension base="ecdsa:FieldParamsType">
312	        <xs:sequence>
313	          <xs:element name="M" type="xs:positiveInteger"/>
314	          <xs:element name="W" type="xs:positiveInteger"/>
315	        </xs:sequence>
316	      </xs:extension>
317	    </xs:complexContent>
318	  </xs:complexType>

320	  <xs:complexType name="TnBFieldParamsType">
321	    <xs:complexContent>
322	      <xs:extension base="ecdsa:CharTwoFieldParamsType">
323	        <xs:sequence>
324	          <xs:element name="K" type="xs:positiveInteger"/>
325	        </xs:sequence>
326	      </xs:extension>
327	    </xs:complexContent>
328	  </xs:complexType>

330	  <xs:complexType name="PnBFieldParamsType">
331	    <xs:complexContent>
332	      <xs:extension base="ecdsa:CharTwoFieldParamsType">
333	        <xs:sequence>
334	          <xs:element name="K1" type="xs:positiveInteger"/>
335	          <xs:element name="K2" type="xs:positiveInteger"/>
336	          <xs:element name="K3" type="xs:positiveInteger"/>

338	        </xs:sequence>
339	      </xs:extension>
340	    </xs:complexContent>
341	  </xs:complexType>

343	  DTD Definition:

345	  <!ELEMENT FieldParams (P | (M, K) | (M, K1, K2, K3) | (M, W))>
346	  <!ELEMENT P (#PCDATA)>
347	  <!ELEMENT M (#PCDATA)>
348	  <!ELEMENT K (#PCDATA)>
349	  <!ELEMENT K1 (#PCDATA)>
350	  <!ELEMENT K2 (#PCDATA)>
351	  <!ELEMENT K3 (#PCDATA)>
352	  <!ELEMENT W (#PCDATA)>

354	3.4.2.2 Curve Parameters

356	The element CurveParams is used for encoding parameters of the elliptic
357	curve. The corresponding XML Schema type CurveParamsType bears the
358	elements A and B representing the coefficients a and b of the elliptic
359	curve, while the optional element Seed contains the value used to derive
360	the coefficients of a randomly generated elliptic curve, according to
361	the algorithm specified in annex A3.3 of [X9.62].

363	  Schema Definition:

365	  <xs:complexType name="CurveParamsType">
366	    <xs:sequence>
367	      <xs:element name="A" type="ecdsa:FieldElemType"/>
368	      <xs:element name="B" type="ecdsa:FieldElemType"/>
369	      <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
370	    </xs:sequence>
371	  </xs:complexType>

373	  DTD Definition:

375	  <!ELEMENT CurveParams (A, B, Seed?)>
376	  <!ELEMENT A EMPTY>
377	  <!ATTLIST A Value CDATA #REQUIRED>
378	  <!ELEMENT B EMPTY>
379	  <!ATTLIST B Value CDATA #REQUIRED>
380	  <!ELEMENT Seed (#PCDATA)>

382	3.4.2.3 Base Point Parameters

384	The element BasePointParams is used for encoding parameters regarding
385	the base point of the elliptic curve. BasePoint represents the base
386	point itself, Order provides the order of the base point, and Cofactor
387	optionally provides the cofactor of the base point.

389	  Schema Definition:

391	  <xs:complexType name="BasePointParamsType">
392	    <xs:sequence>
393	      <xs:element name="BasePoint" type="ecdsa:ECPointType"/>
394	      <xs:element name="Order" type="xs:positiveInteger"/>
395	      <xs:element name="Cofactor" type="xs:positiveInteger"
396	                  minOccurs="0"/>
397	    </xs:sequence>
398	  </xs:complexType>

400	  DTD Definition:

402	  <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)>
403	  <!ELEMENT BasePoint (X, Y)?>
404	  <!ELEMENT Order (#PCDATA)>
405	  <!ELEMENT Cofactor (#PCDATA)>

407	3.4.3 EC Points

409	The XML Schema type ECPointType is used for encoding a point on the
410	elliptic curve. It consists of the subelements X and Y, providing the
411	x and y coordinates of the point. Point compression representation is
412	not supported by this specification for the sake of simple design.

414	The point at infinity is encoded by omitting both elements X and Y.

416	The subelements X and Y are of type FieldElemType. This is an abstract
417	type for encoding elements of the elliptic curves underlying field and
418	is extended by specialized types for prime field elements and
419	characteristic two field elements.

421	The XML Schema type PrimeFieldElemType is used for encoding prime field
422	elements. It contains a single attribute named Value, whose value
423	represents the field element as an integer.

425	The XML Schema type CharTwoFieldElemType is used for encoding
426	characteristic two field elements. It contains a single attribute named
427	Value, whose value represents the field element as an octet string. The
428	octet string must be composed as shown in paragraph 2 of section 4.3.3
429	of [X9.62].

431	The XML Schema type OddCharExtensionFieldElemType is used for encoding
432	odd characteristic extension field elements. It contains a single
433	attribute named Value, whose value represents the field element as an
434	integer. The integer must be composed as shown in section
435	5.3.3 of [IEEE1363a].

437	  Schema Definition:

439	  <xs:complexType name="ECPointType">
440	    <xs:sequence minOccurs="0">
441	      <xs:element name="X" type="ecdsa:FieldElemType"/>
442	      <xs:element name="Y" type="ecdsa:FieldElemType"/>
443	    </xs:sequence>
444	  </xs:complexType>
445	  <xs:complexType name="FieldElemType" abstract="true"/>

447	  <xs:complexType name="PrimeFieldElemType">
448	    <xs:complexContent>
449	      <xs:extension base="ecdsa:FieldElemType">
450	        <xs:attribute name="Value" type="xs:nonNegativeInteger"
451	                      use="required"/>
452	      </xs:extension>
453	    </xs:complexContent>
454	  </xs:complexType>

456	  <xs:complexType name="CharTwoFieldElemType">
457	    <xs:complexContent>
458	      <xs:extension base="ecdsa:FieldElemType">
459	        <xs:attribute name="Value" type="xs:hexBinary"
460	                      use="required"/>
461	      </xs:extension>
462	    </xs:complexContent>
463	  </xs:complexType>

465	  <xs:complexType name="OddCharExtensionFieldElemType">
466	    <xs:complexContent>
467	      <xs:extension base="ecdsa:FieldElemType">
468	        <xs:attribute name="Value" type="xs:nonNegativeInteger"
469	                      use="required"/>
470	      </xs:extension>
471	    </xs:complexContent>
472	  </xs:complexType>

474	4. Security Considerations

476	Implementers should ensure that appropriate security measures are in
477	place when they deploy ECDSA within XMLDSIG. In particular, the security
478	of ECDSA requires the careful selection of both key sizes and elliptic
479	curve domain parameters. Selection guidelines for these parameters and
480	some specific recommended curves that are considered safe are provided
481	in [X9.62], [NIST-ECC], and [SEC2]. For further security discussion,
482	see [XMLDSIG].

484	5. Normative References

486	  [Eastlake] Eastlake, D. Additional XML Security URIs. IETF
487	             Internet-Draft. March 2004.
488	             http://www.ietf.org/internet-drafts/
489	             draft-eastlake-xmldsig-uri-06.txt.

491	  [X9.62] American National Standards Institute. ANSI X9.62-1998,
492	          Public Key Cryptography for the Financial Services Industry:
493	          The Elliptic Curve Digital Signature Algorithm. January 1999.

495	  [XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., RFC 3275,
496	            XML-Signature Syntax and Processing. IETF RFC, March 2002.
497	            http://www.ietf.org/rfc/rfc3275.txt.
498	            (Also W3C Recommendation, February 2002.
499	            http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/.)

501	  [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson,
502	               H., XML Schema Part 1: Structures, W3C Recommendation,
503	               May 2001.
504	               http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/
505	               Biron, P., and Malhotra, A., ML Schema Part 2:
506	               Datatypes, W3C Recommendation, May 2001.
507	               http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/

509	6. Informative References

511	  [FIPS-180-1] Federal Information Processing Standards Publication
512	               (FIPS PUB) 180-1, Secure Hash Standard, April 1995.

514	  [FIPS-186-2] Federal Information Processing Standards Publication
515	               (FIPS PUB) 186-2, Digital Signature Standard, January
516	               2000.

518	  [IEEE1363] Institute for Electrical and Electronics Engineers (IEEE)
519	             Standard 1363-2000, Standard Specifications for Public Key
520	             Cryptography, January 2000.

522	  [IEEE1363a] Institute for Electrical and Electronics Engineers (IEEE)
523	              Standard 1363, Draft Standard Specifications for Public
524	              Key Cryptography -- Amendment 1: Additional Techniques,
525	              October 2002.

527	  [KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key
528	         Sizes. October 1999. Presented at Public Key Cryptography
529	         Conference, Melbourne, Australia, January 2000.
530	         http://www.cryptosavvy.com/

532	  [RFC3061] Mealling, M., RFC 3061, A URN Namespace of Object
533	            Identifiers. IETF Informational RFC, February 2001.
534	            http://www.ietf.org/rfc/rfc3061.txt

536	  [RFC3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, Algorithms
537	            and Identifiers for the Internet X.509 Public Key
538	            Infrastructure Certificate and Certificate Revocation List
539	            (CRL) Profile. IETF Proposed Standard, April 2002.
540	            http://www.ietf.org/rfc/rfc3279.txt

542	  [SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic
543	         Curve Cryptography, Version 1.0, September 2000.
544	         http://www.secg.org

546	  [SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended
547	         Elliptic Curve Domain Parameters, Version 1.0, September 2000.
548	         http://www.secg.org

550	  [XML] Bray, T., Maler, E., Paoli, J. , and Sperberg-McQueen, C. M.,
551	        Extensible Markup Language (XML) 1.0 (Second Edition), W3C
552	        Recommendation, October 2000.
553	        http://www.w3.org/TR/2000/REC-xml-20001006

555	  [XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML,
556	           W3C Recommendation, January 1999.
557	           http://www.w3.org/TR/1999/REC-xml-names-19990114/

559	7. Acknowledgements

561	  The authors would like to acknowledge the many helpful comments of
562	  Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Akihiro Kato,
563	  Shiho Moriai, Joseph M. Reagle Jr., and Francois Rousseau.

565	Appendix A: Aggregate XML Schema

567	  <?xml version="1.0" encoding="UTF-8"?>
568	  <xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/
569	                              ecdsa/200206030#"
570	             xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
571	             xmlns:xs="http://www.w3.org/2001/XMLSchema"
572	             xmlns:ecdsa="http://www.buergerkarte.at/namespaces/
573	                          ecdsa/200206030#"
574	             elementFormDefault="qualified"
575	             attributeFormDefault="unqualified" version="0.3">

577	    <!--ECDSA key value root element-->

579	    <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>
580	    <xs:complexType name="ECDSAKeyValueType">
581	      <xs:sequence>
582	        <xs:element name="DomainParameters"
583	                    type="ecdsa:DomainParamsType" minOccurs="0"/>
584	        <xs:element name="PublicKey" type="ecdsa:ECPointType"/>
585	      </xs:sequence>
586	    </xs:complexType>

588	    <!--EC domain parameters-->

590	    <xs:complexType name="DomainParamsType">
591	      <xs:choice>
592	        <xs:element name="ExplicitParams"
593	                    type="ecdsa:ExplicitParamsType"/>
594	        <xs:element name="NamedCurve">
595	          <xs:complexType>
596	            <xs:attribute name="URN" type="xs:anyURI" use="required"/>
597	          </xs:complexType>
598	        </xs:element>
599	      </xs:choice>
600	    </xs:complexType>
601	    <xs:complexType name="FieldParamsType" abstract="true"/>

603	    <xs:complexType name="PrimeFieldParamsType">
604	      <xs:complexContent>
605	        <xs:extension base="ecdsa:FieldParamsType">
606	          <xs:sequence>
607	            <xs:element name="P" type="xs:positiveInteger"/>
608	          </xs:sequence>
609	        </xs:extension>
610	      </xs:complexContent>
611	    </xs:complexType>
612	    <xs:complexType name="CharTwoFieldParamsType" abstract="true">
613	      <xs:complexContent>
614	        <xs:extension base="ecdsa:FieldParamsType">
615	          <xs:sequence>
616	            <xs:element name="M" type="xs:positiveInteger"/>
617	          </xs:sequence>
618	        </xs:extension>
619	      </xs:complexContent>
620	    </xs:complexType>
621	    <xs:complexType name="OddCharExtensionFieldParamsType">
622	      <xs:complexContent>
623	        <xs:extension base="ecdsa:FieldParamsType">
624	          <xs:sequence>
625	            <xs:element name="M" type="xs:positiveInteger"/>
626	            <xs:element name="W" type="xs:positiveInteger"/>
627	          </xs:sequence>
628	        </xs:extension>
629	      </xs:complexContent>
630	    </xs:complexType>
631	    <xs:complexType name="TnBFieldParamsType">
632	      <xs:complexContent>
633	        <xs:extension base="ecdsa:CharTwoFieldParamsType">
634	          <xs:sequence>
635	            <xs:element name="K" type="xs:positiveInteger"/>
636	          </xs:sequence>
637	        </xs:extension>
638	      </xs:complexContent>
639	    </xs:complexType>
640	    <xs:complexType name="PnBFieldParamsType">
641	      <xs:complexContent>
642	        <xs:extension base="ecdsa:CharTwoFieldParamsType">
643	          <xs:sequence>
644	            <xs:element name="K1" type="xs:positiveInteger"/>
645	            <xs:element name="K2" type="xs:positiveInteger"/>
646	            <xs:element name="K3" type="xs:positiveInteger"/>
647	          </xs:sequence>
648	        </xs:extension>
649	      </xs:complexContent>
650	    </xs:complexType>
651	    <xs:complexType name="ExplicitParamsType">
652	      <xs:sequence>
653	        <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
654	        <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
655	        <xs:element name="BasePointParams"
656	                    type="ecdsa:BasePointParamsType"/>
657	      </xs:sequence>
658	    </xs:complexType>
659	    <xs:complexType name="CurveParamsType">
660	      <xs:sequence>
661	        <xs:element name="A" type="ecdsa:FieldElemType"/>
662	        <xs:element name="B" type="ecdsa:FieldElemType"/>
663	        <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
664	      </xs:sequence>
665	    </xs:complexType>
666	    <xs:complexType name="BasePointParamsType">
667	      <xs:sequence>
668	        <xs:element name="BasePoint" type="ecdsa:ECPointType"/>
669	        <xs:element name="Order" type="xs:positiveInteger"/>
670	        <xs:element name="Cofactor" type="xs:positiveInteger"
671	                    minOccurs="0"/>
672	      </xs:sequence>
673	    </xs:complexType>

675	    <!--EC point-->

677	    <xs:complexType name="ECPointType">
678	      <xs:sequence minOccurs="0">
679	        <xs:element name="X" type="ecdsa:FieldElemType"/>
680	        <xs:element name="Y" type="ecdsa:FieldElemType"/>
681	      </xs:sequence>
682	    </xs:complexType>

684	    <!--Field element-->

686	    <xs:complexType name="FieldElemType" abstract="true"/>
687	    <xs:complexType name="PrimeFieldElemType">
688	      <xs:complexContent>
689	        <xs:extension base="ecdsa:FieldElemType">
690	          <xs:attribute name="Value" type="xs:nonNegativeInteger"
691	                        use="required"/>
692	        </xs:extension>
693	      </xs:complexContent>
694	    </xs:complexType>
695	    <xs:complexType name="CharTwoFieldElemType">
696	      <xs:complexContent>
697	        <xs:extension base="ecdsa:FieldElemType">
698	          <xs:attribute name="Value" type="xs:hexBinary"
699	                        use="required"/>
700	        </xs:extension>
701	      </xs:complexContent>
702	    </xs:complexType>
703	    <xs:complexType name="OddCharExtensionFieldElemType">
704	      <xs:complexContent>
705	        <xs:extension base="ecdsa:FieldElemType">
706	          <xs:attribute name="Value" type="xs:nonNegativeInteger"
707	                        use="required"/>
708	        </xs:extension>
709	      </xs:complexContent>
710	    </xs:complexType>
711	  </xs:schema>

713	Appendix B: Aggregate DTD

715	  <!ELEMENT ECDSAKeyValue (DomainParameters?, PublicKey)>
716	  <!ELEMENT PublicKey (X, Y)?>
717	  <!ELEMENT X EMPTY>
718	  <!ATTLIST X Value CDATA #REQUIRED>
719	  <!ELEMENT Y EMPTY>
720	  <!ATTLIST Y Value CDATA #REQUIRED>
721	  <!ELEMENT DomainParameters (ExplicitParams | NamedCurve)>
722	  <!ELEMENT NamedCurve EMPTY>
723	  <!ATTLIST NamedCurve URN CDATA #REQUIRED>
724	  <!ELEMENT ExplicitParams (FieldParams, CurveParams, BasePointParams)>
725	  <!ELEMENT FieldParams (P | (M, K) | (M, K1, K2, K3) | (M, W))>
726	  <!ELEMENT P (#PCDATA)>
727	  <!ELEMENT M (#PCDATA)>
728	  <!ELEMENT W (#PCDATA)>
729	  <!ELEMENT K (#PCDATA)>
730	  <!ELEMENT K1 (#PCDATA)>
731	  <!ELEMENT K2 (#PCDATA)>
732	  <!ELEMENT K3 (#PCDATA)>
733	  <!ELEMENT CurveParams (A, B, Seed?)>
734	  <!ELEMENT A EMPTY>
735	  <!ATTLIST A Value CDATA #REQUIRED>
736	  <!ELEMENT B EMPTY>
737	  <!ATTLIST B Value CDATA #REQUIRED>
738	  <!ELEMENT Seed (#PCDATA)>
739	  <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)>
740	  <!ELEMENT BasePoint (X, Y)?>
741	  <!ELEMENT Order (#PCDATA)>
742	  <!ELEMENT Cofactor (#PCDATA)>

744	Authors' Addresses

746	   Simon Blake-Wilson
747	   BCI
748	   96 Spadina Ave, Unit 606
749	   Toronto, ON, M5V 2J6, Canada
750	   e-mail: sblakewilson@bcisse.com

752	   Gregor Karlinger
753	   Federal Staff Office for IT Strategies/Federal Chancellery
754	   Ballhausplatz 2
755	   1014 Wien, Austria
756	   e-mail: gregor.karlinger@cio.gv.at

758	   Tetsutaro Kobayashi
759	   NTT Laboratories
760	   1-1 Hikarinooka, Yokosuka, 239-0847, Japan
761	   e-mail: kotetsu@isl.ntt.co.jp

763	   Yongge Wang
764	   University of North Carolina at Charlotte
765	   9201 University City Blvd
766	   Charlotte, NC 28223, USA
767	   e-mail: yonwang@uncc.edu

769	Intellectual Property Rights

771	The IETF has been notified of intellectual property rights claimed in
772	regard to the specification contained in this document.
773	For more information, consult the online list of claimed rights
774	(http://www.ietf.org/ipr.html).

776	The IETF takes no position regarding the validity or scope of any
777	intellectual property or other rights that might be claimed to
778	pertain to the implementation or use of the technology described in
779	this document or the extent to which any license under such rights
780	might or might not be available; neither does it represent that it
781	has made any effort to identify any such rights. Information on the
782	IETF's procedures with respect to rights in standards-track and
783	standards-related documentation can be found in BCP-11. Copies of
784	claims of rights made available for publication and any assurances of
785	licenses to be made available, or the result of an attempt made to
786	obtain a general license or permission for the use of such
787	proprietary rights by implementers or users of this specification can
788	be obtained from the IETF Secretariat.

790	Full Copyright Statement

792	  Copyright (C) The Internet Society (1999).  All Rights Reserved.
793	  This document and translations of it may be copied and furnished to
794	  others, and derivative works that comment on or otherwise explain
795	  it or assist in its implementation may be prepared, copied,
796	  published and distributed, in whole or in part, without restriction
797	  of any kind, provided that the above copyright notice and this
798	  paragraph are included on all such copies and derivative works.
799	  However, this document itself may not be modified in any way, such
800	  as by removing the copyright notice or references to the Internet
801	  Society or other Internet organizations, except as needed for the
802	  purpose of developing Internet standards in which case the procedures
803	  for copyrights defined in the Internet Standards process must be
804	  followed, or as required to translate it into languages other than
805	  English.

807	  The limited permissions granted above are perpetual and will not be
808	  revoked by the Internet Society or its successors or assigns.

810	  This document and the information contained herein is provided on an
811	  "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
812	  TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
813	  BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
814	  HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
815	  MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.