idnits 2.17.1 draft-bryan-http-digest-algorithm-values-update-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.ii or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC3230]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 15, 2009) is 5304 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 3230 (Obsoleted by RFC 9530) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Bryan 3 Internet-Draft October 15, 2009 4 Intended status: Informational 5 Expires: April 18, 2010 7 Additional Hash Algorithms for HTTP Instance Digests 8 draft-bryan-http-digest-algorithm-values-update-02 10 Status of this Memo 12 This Internet-Draft is submitted to IETF in full conformance with the 13 provisions of BCP 78 and BCP 79. 15 Internet-Drafts are working documents of the Internet Engineering 16 Task Force (IETF), its areas, and its working groups. Note that 17 other groups may also distribute working documents as Internet- 18 Drafts. 20 Internet-Drafts are draft documents valid for a maximum of six months 21 and may be updated, replaced, or obsoleted by other documents at any 22 time. It is inappropriate to use Internet-Drafts as reference 23 material or to cite them other than as "work in progress." 25 The list of current Internet-Drafts can be accessed at 26 http://www.ietf.org/ietf/1id-abstracts.txt. 28 The list of Internet-Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 This Internet-Draft will expire on April 18, 2010. 33 Copyright Notice 35 Copyright (c) 2009 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents in effect on the date of 40 publication of this document (http://trustee.ietf.org/license-info). 41 Please review these documents carefully, as they describe your rights 42 and restrictions with respect to this document. 44 Abstract 46 [RFC3230] created the IANA registry named "Hypertext Transfer 47 Protocol (HTTP) Digest Algorithm Values" which defines values for 48 digest algorithms used in HTTP. This draft adds new values to the 49 registry and updates previous values. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 1.1. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3 56 2.1. Previous Registrations Updated . . . . . . . . . . . . . . 3 57 2.2. New Registrations . . . . . . . . . . . . . . . . . . . . . 3 58 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 59 4. Changes compared to RFC3230 . . . . . . . . . . . . . . . . . . 4 60 5. Normative References . . . . . . . . . . . . . . . . . . . . . 4 61 Appendix A. Acknowledgements and Contributors . . . . . . . . . . 4 62 Appendix B. Document History (to be removed by RFC Editor 63 before publication) . . . . . . . . . . . . . . . . . 5 64 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 66 1. Introduction 68 The IANA registry named "Hypertext Transfer Protocol (HTTP) Digest 69 Algorithm Values" defines values for digest algorithms used in HTTP. 71 Note: This is unrelated to HTTP Digest Authentication. 73 The registry was created by [RFC3230] in 2002. This draft adds new 74 values to the registry and updates previous values which had 75 redundant or outdated references. 77 [[ Discussion of this draft should take place on IETF HTTP WG mailing 78 list at ietf-http-wg@w3.org or directly to the author. ]] 80 1.1. Examples 82 Examples of Instance Digest for SHA-256: 84 Digest: SHA-256=MWVkMWQxYTRiMzk5MDQ0MzI3NGU5NDEyZTk5OWY1ZGFmNzgyZTJlO 85 DYzYjRjYzFhOTlmNTQwYzI2M2QwM2U2MQ== 87 2. IANA Considerations 89 This document makes use of the IANA registry named "Hypertext 90 Transfer Protocol (HTTP) Digest Algorithm Values" specified in 91 [RFC3230]. 93 2.1. Previous Registrations Updated 95 Accordingly, IANA has updated the following registrations: 97 Digest Algorithm: MD5 98 Description: The MD5 algorithm, as specified in [RFC1321]. The 99 output of this algorithm is encoded using the base64 encoding 100 [RFC4648]. 101 Reference: [RFC1321] [RFC4648] 103 Digest Algorithm: SHA 104 Description: The SHA-1 algorithm [FIPS-180-3]. The output of this 105 algorithm is encoded using the base64 encoding [RFC4648]. 106 Reference: [FIPS-180-3] [RFC4648] 108 2.2. New Registrations 110 Accordingly, IANA has made the following registrations: 112 Digest Algorithm: SHA-256 113 Description: The SHA-256 algorithm [FIPS-180-3]. The output of 114 this algorithm is encoded using the base64 encoding [RFC4648]. 115 Reference: [FIPS-180-3] [RFC4648] 117 Digest Algorithm: SHA-512 118 Description: The SHA-512 algorithm [FIPS-180-3]. The output of 119 this algorithm is encoded using the base64 encoding [RFC4648]. 120 Reference: [FIPS-180-3] [RFC4648] 122 3. Security Considerations 124 Same as [RFC3230]. 126 4. Changes compared to RFC3230 128 All previous values to the registry are still valid. 130 The reference for base64 encoding has been updated for both MD5 and 131 SHA. 133 The reference for SHA has been updated. 135 5. Normative References 137 [FIPS-180-3] 138 National Institute of Standards and Technology (NIST), 139 "Secure Hash Standard (SHS)", FIPS PUB 180-3, 140 October 2008. 142 [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 143 April 1992. 145 [RFC3230] Mogul, J. and A. Van Hoff, "Instance Digests in HTTP", 146 RFC 3230, January 2002. 148 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 149 Encodings", RFC 4648, October 2006. 151 Appendix A. Acknowledgements and Contributors 153 Thanks to Mark Nottingham, Eran Hammer-Lahav, Nils Maier, Lisa 154 Dusseault, Alfred Hoenes, and Pasi Eronen. 156 Appendix B. Document History (to be removed by RFC Editor before 157 publication) 159 [[ to be removed by the RFC editor before publication as an RFC. ]] 161 Known issues concerning this draft: 162 o None known. 164 -02 : October 15, 2009. 165 o New title. 166 o "Note: This is unrelated to HTTP Digest Authentication." 167 o Remove SHA-224 and SHA-384. 168 o "Changes compared to RFC3230" section added. 170 -01 : October 07, 2009. 171 o Update previous values that are outdated. 172 o RFC 4648 for Base64 encoding. 174 -00 : September 08, 2009. 175 o Initial draft. 177 Author's Address 179 Anthony Bryan 180 Pompano Beach, FL 181 USA 183 Email: anthonybryan@gmail.com 184 URI: http://www.metalinker.org