idnits 2.17.1 draft-eastlake-rfc6931bis-xmlsec-uris-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 5, 2014) is 3491 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1600' on line 303 -- Possible downref: Non-RFC (?) normative reference: ref. '10118-3' -- Possible downref: Non-RFC (?) normative reference: ref. '18033-2' -- Possible downref: Non-RFC (?) normative reference: ref. 'Camellia' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-3' -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEEP1363a' -- Possible downref: Non-RFC (?) normative reference: ref. 'RC4' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 2315 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Obsolete normative reference: RFC 3447 (Obsoleted by RFC 8017) ** Downref: Normative reference to an Informational RFC: RFC 3713 ** Downref: Normative reference to an Informational RFC: RFC 4050 ** Downref: Normative reference to an Informational RFC: RFC 4269 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 6234 -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC10' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC11' -- Possible downref: Non-RFC (?) normative reference: ref. 'XPointer' -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3597') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err3965', was also mentioned in 'Err3597'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3965') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err4004', was also mentioned in 'Err3965'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err4004') (Obsoleted by RFC 9231) -- Obsolete informational reference (is this intentional?): RFC 3075 (Obsoleted by RFC 3275) -- Obsolete informational reference (is this intentional?): RFC 4051 (Obsoleted by RFC 6931) -- Duplicate reference: RFC6931, mentioned in 'RFC6931', was also mentioned in 'Err4004'. -- Obsolete informational reference (is this intentional?): RFC 6931 (Obsoleted by RFC 9231) Summary: 10 errors (**), 0 flaws (~~), 1 warning (==), 21 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Donald Eastlake 2 Obsoletes: 6931 Huawei 3 Intended Status: Proposed Standard 4 Expires: April 4, 2014 October 5, 2014 6 Additional XML Security Uniform Resource Identifiers (URIs) 7 9 Abstract 11 This document updates and corrects the IANA registry for the list of 12 URIs intended for use with XML digital signatures, encryption, 13 canonicalization, and key management. These URIs identify algorithms 14 and types of information. This document corrrects three errata 15 against and obsoletes RFC 6931. 17 Status of This Memo 19 This Internet-Draft is submitted to IETF in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Distribution of this document is unlimited. Comments should be sent 23 to the author. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF), its areas, and its working groups. Note that 27 other groups may also distribute working documents as Internet- 28 Drafts. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 The list of current Internet-Drafts can be accessed at 36 http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft 37 Shadow Directories can be accessed at 38 http://www.ietf.org/shadow.html. 40 Table of Contents 42 1. Introduction............................................4 43 1.1 Terminology...........................................5 44 1.2 Acronyms..............................................5 46 2. Algorithms..............................................7 47 2.1 DigestMethod (Hash) Algorithms........................7 48 2.1.1 MD5.................................................7 49 2.1.2 SHA-224.............................................8 50 2.1.3 SHA-384.............................................8 51 2.1.4 Whirlpool...........................................8 52 2.1.5 New SHA Functions...................................9 53 2.2 SignatureMethod MAC Algorithms........................9 54 2.2.1 HMAC-MD5............................................9 55 2.2.2 HMAC SHA Variations................................10 56 2.2.3 HMAC-RIPEMD160.....................................10 57 2.3 SignatureMethod Public Key Signature Algorithms......11 58 2.3.1 RSA-MD5............................................11 59 2.3.2 RSA-SHA256.........................................12 60 2.3.3 RSA-SHA384.........................................12 61 2.3.4 RSA-SHA512.........................................12 62 2.3.5 RSA-RIPEMD160......................................12 63 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......13 64 2.3.7 ESIGN-SHA*.........................................14 65 2.3.8 RSA-Whirlpool......................................14 66 2.3.9 RSASSA-PSS with Parameters.........................14 67 2.3.10 RSASSA-PSS without Parameters.....................16 68 2.3.11 RSA-SHA224........................................16 69 2.4 Minimal Canonicalization.............................17 70 2.5 Transform Algorithms.................................17 71 2.5.1 XPointer...........................................17 72 2.6 EncryptionMethod Algorithms..........................18 73 2.6.1 ARCFOUR Encryption Algorithm.......................18 74 2.6.2 Camellia Block Encryption..........................19 75 2.6.3 Camellia Key Wrap..................................19 76 2.6.4 PSEC-KEM...........................................20 77 2.6.5 SEED Block Encryption..............................20 78 2.6.6 SEED Key Wrap......................................20 80 3. KeyInfo................................................22 81 3.1 PKCS #7 Bag of Certificates and CRLs.................22 82 3.2 Additional RetrievalMethod Type Values...............22 84 4. Indexes................................................23 85 4.1 Fragment Index.......................................23 86 4.2 URI Index............................................26 88 Table of Contents (continued) 90 5. Allocation Considerations..............................31 91 5.1 W3C Allocation Considerations........................31 92 5.2 IANA Considerations..................................31 94 6. Security Considerations................................32 96 Acknowledgements..........................................33 98 Appendix A: Changes from RFC 6931.........................34 99 Appendix B: Bad URIs......................................35 101 Appendix Z: Change History................................36 103 Normative References......................................37 104 Informational References..................................40 106 Author's Address..........................................43 108 1. Introduction 110 XML digital signatures, canonicalization, and encryption have been 111 standardized by the W3C and by the joint IETF/W3C XMLDSIG working 112 group [W3C]. All of these are now W3C Recommendations and some are 113 also RFCs. They are available as follows: 115 RFC 116 Status W3C REC Topic 117 ----------- ------- ----- 119 [RFC3275] [XMLDSIG10] XML Digital Signatures 120 Draft Standard 122 [RFC3076] [CANON10] Canonical XML 123 Informational 125 - - - - - - [XMLENC10] XML Encryption 1.0 127 [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 128 Informational 130 All of these documents and recommendations use URIs [RFC3986] to 131 identify algorithms and keying information types. The W3C has 132 subsequently produced updated XML Signature 1.1 [XMLDSIG11], 133 Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] 134 versions, as well as a new XML Signature Properties specification 135 [XMLDSIG-PROP]. 137 All camel-case element names herein, such as DigestValue, are from 138 these documents. 140 This document is an updated convenient reference list of URIs and 141 corresponding algorithms in which there is expressed interest. This 142 document fixes Errata [Err3597], [Err3965], [Err4004] against and 143 obsoletes [RFC6931]. 145 All of the URIs appear in the indexes in Section 4. Only the URIs 146 that were added by [RFC4051], [RFC6931], or this document have a 147 subsection in Section 2 or 3, with the exception of Minimal 148 Canonicalization (Section 2.4). For example, use of SHA-256 is 149 defined in [XMLENC11] and hence there is no subsection on that 150 algorithm here, but its URI is included in the indexes in Section 4. 152 Specification in this document of the URI representing an algorithm 153 does not imply endorsement of the algorithm for any particular 154 purpose. A protocol specification, which this is not, generally 155 gives algorithm and implementation requirements for the protocol. 156 Security considerations for algorithms are constantly evolving, as 157 documented elsewhere. This specification simply provides some URIs 158 and relevant formatting for when those URIs are used. 160 Note that progressing XML Digital Signature [RFC3275] along the 161 Standards Track required removal of any algorithms from the original 162 version [RFC3075] for which there was not demonstrated 163 interoperability. This required removal of the Minimal 164 Canonicalization algorithm, in which there appears to be continued 165 interest. The URI for Minimal Canonicalization was included in 166 [RFC4051] and [RFC6931] and is included here. 168 1.1 Terminology 170 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 171 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 172 "OPTIONAL" in this document are to be interpreted as described in 173 [RFC2119]. 175 This document is not intended to change the algorithm implementation 176 requirements of any IETF or W3C document. Use of [RFC2119] 177 terminology is intended to be only such as is already stated or 178 implied by other authoritative documents. 180 1.2 Acronyms 182 The following acronyms are used in this document: 184 HMAC - Keyed-Hashing MAC [RFC2104] 186 IETF - Internet Engineering Task Force 188 MAC - Message Authentication Code 190 MD - Message Digest 192 NIST - United States National Institute of Standards and 193 Technology 195 RC - Rivest Cipher 197 RSA - Rivest, Shamir, and Adleman 199 SHA - Secure Hash Algorithm 201 URI - Uniform Resource Identifier [RFC3986] 203 W3C - World Wide Web Consortium 204 XML - eXtensible Markup Language 206 2. Algorithms 208 The URI [RFC3986] that was dropped from the XML Digital Signature 209 standard due to the transition from Proposed Standard to Draft 210 Standard [RFC3275] is included in Section 2.4 below with its original 212 http://www.w3.org/2000/09/xmldsig# 214 prefix so as to avoid changing the XMLDSIG standard's namespace. 216 Additional algorithms in [RFC4051] were given URIs that start with 218 http://www.w3.org/2001/04/xmldsig-more# 220 while further algorithms added in this document are given URIs that 221 start with 223 http://www.w3.org/2007/05/xmldsig-more# 225 In addition, for ease of reference, this document includes in the 226 indexes in Section 4 many cryptographic algorithm URIs from several 227 XML security documents using the namespaces with which they are 228 defined in those documents. For example, 2000/09/xmldsig# for some 229 URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs 230 specified in [XMLENC10]. 232 See also [XMLSECXREF]. 234 2.1 DigestMethod (Hash) Algorithms 236 These algorithms are usable wherever a DigestMethod element occurs. 238 2.1.1 MD5 240 Identifier: 241 http://www.w3.org/2001/04/xmldsig-more#md5 243 The MD5 algorithm [RFC1321] takes no explicit parameters. An example 244 of an MD5 DigestAlgorithm element is: 246 249 An MD5 digest is a 128-bit string. The content of the DigestValue 250 element SHALL be the base64 [RFC2045] encoding of this bit string 251 viewed as a 16-octet octet stream. See [RFC6151] for MD5 security 252 considerations. 254 2.1.2 SHA-224 256 Identifier: 257 http://www.w3.org/2001/04/xmldsig-more#sha224 259 The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit 260 parameters. An example of a SHA-224 DigestAlgorithm element is: 262 265 A SHA-224 digest is a 224-bit string. The content of the DigestValue 266 element SHALL be the base64 [RFC2045] encoding of this string viewed 267 as a 28-octet stream. 269 2.1.3 SHA-384 271 Identifier: 272 http://www.w3.org/2001/04/xmldsig-more#sha384 274 The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An 275 example of a SHA-384 DigestAlgorithm element is: 277 280 A SHA-384 digest is a 384-bit string. The content of the DigestValue 281 element SHALL be the base64 [RFC2045] encoding of this string viewed 282 as a 48-octet stream. 284 2.1.4 Whirlpool 286 Identifier: 287 http://www.w3.org/2007/05/xmldsig-more#whirlpool 289 The Whirlpool algorithm [10118-3] takes no explicit parameters. A 290 Whirlpool digest is a 512-bit string. The content of the DigestValue 291 element SHALL be the base64 [RFC2045] encoding of this string viewed 292 as a 64-octet stream. 294 2.1.5 New SHA Functions 296 Identifiers: 297 http://www.w3.org/2007/05/xmldsig-more#sha3-224 298 http://www.w3.org/2007/05/xmldsig-more#sha3-256 299 http://www.w3.org/2007/05/xmldsig-more#sha3-384 300 http://www.w3.org/2007/05/xmldsig-more#sha3-512 302 NIST has recently completed a hash function competition for an 303 alternative to the SHA family. The Keccak-f[1600] algorithm was 304 selected [Keccak] [SHA-3]. This hash function is commonly referred 305 to as "SHA-3", and this section is a space holder and reservation of 306 URIs for future information on Keccak use in XML security. 308 A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and 309 512-bit string, respectively. The content of the DigestValue element 310 SHALL be the base64 [RFC2045] encoding of this string viewed as a 311 28-, 32-, 48-, and 64-octet stream, respectively. 313 2.2 SignatureMethod MAC Algorithms 315 This section covers SignatureMethod MAC (Message Authentication Code) 316 Algorithms. 318 Note: Some text in this section is duplicated from [RFC3275] for the 319 convenience of the reader. RFC 3275 is normative in case of conflict. 321 2.2.1 HMAC-MD5 323 Identifier: 324 http://www.w3.org/2001/04/xmldsig-more#hmac-md5 326 The HMAC algorithm [RFC2104] takes the truncation length in bits as a 327 parameter; if the parameter is not specified, then all the bits of 328 the hash are output. An example of an HMAC-MD5 SignatureMethod 329 element is as follows: 331 333 112 334 336 The output of the HMAC algorithm is ultimately the output (possibly 337 truncated) of the chosen digest algorithm. This value SHALL be base64 338 [RFC2045] encoded in the same straightforward fashion as the output 339 of the digest algorithms. Example: the SignatureValue element for the 340 HMAC-MD5 digest 342 9294727A 3638BB1C 13F48EF8 158BFC9D 344 from the test vectors in [RFC2104] would be 346 kpRyejY4uxwT9I74FYv8nQ== 348 Schema Definition: 350 351 352 354 DTD: 356 358 The Schema Definition and DTD immediately above are copied from 359 [RFC3275]. 361 See [RFC6151] for HMAC-MD5 security considerations. 363 2.2.2 HMAC SHA Variations 365 Identifiers: 366 http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 367 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 368 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 369 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 371 SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also 372 be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. 374 2.2.3 HMAC-RIPEMD160 376 Identifier: 377 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 379 RIPEMD-160 [10118-3] can also be used in HMAC as described in Section 380 2.2.1 above for HMAC-MD5. 382 2.3 SignatureMethod Public Key Signature Algorithms 384 These algorithms are distinguished from those in Section 2.2 above in 385 that they use public key methods. That is to say, the verification 386 key is different from and not feasibly derivable from the signing 387 key. 389 2.3.1 RSA-MD5 391 Identifier: 392 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 394 This implies the PKCS#1 v1.5 padding algorithm described in 395 [RFC3447]. An example of use is 397 400 The SignatureValue content for an RSA-MD5 signature is the base64 401 [RFC2045] encoding of the octet string computed as per [RFC3447], 402 Section 8.2.1, signature generation for the RSASSA-PKCS1-v1_5 403 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function 404 in [RFC3447], Section 9.2, the value input to the signature function 405 MUST contain a pre-pended algorithm object identifier for the hash 406 function, but the availability of an ASN.1 parser and recognition of 407 OIDs is not required of a signature verifier. The PKCS#1 v1.5 408 representation appears as: 410 CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) 412 Note that the padded ASN.1 will be of the following form: 414 01 | FF* | 00 | prefix | hash 416 Vertical bar ("|") represents concatenation. "01", "FF", and "00" are 417 fixed octets of the corresponding hexadecimal value, and the asterisk 418 ("*") after "FF" indicates repetition. "hash" is the MD5 digest of 419 the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix 420 required in PKCS #1 [RFC3447], that is, 422 hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 424 This prefix is included to make it easier to use standard 425 cryptographic libraries. The FF octet MUST be repeated enough times 426 that the value of the quantity being CRYPTed is exactly one octet 427 shorter than the RSA modulus. 429 See [RFC6151] for MD5 security considerations. 431 2.3.2 RSA-SHA256 433 Identifier: 434 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 436 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 437 in Section 2.3.1, but with the ASN.1 BER SHA-256 algorithm designator 438 prefix. An example of use is 440 443 2.3.3 RSA-SHA384 445 Identifier: 446 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 448 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 449 in Section 2.3.1, but with the ASN.1 BER SHA-384 algorithm designator 450 prefix. An example of use is 452 455 Because it takes about the same effort to calculate a SHA-384 message 456 digest as it does a SHA-512 message digest, it is suggested that RSA- 457 SHA512 be used in preference to RSA-SHA384 where possible. 459 2.3.4 RSA-SHA512 461 Identifier: 462 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 464 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 465 in Section 2.3.1, but with the ASN.1 BER SHA-512 algorithm designator 466 prefix. An example of use is 468 471 2.3.5 RSA-RIPEMD160 473 Identifier: 474 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 476 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 477 in Section 2.3.1, but with the ASN.1 BER RIPEMD160 algorithm 478 designator prefix. An example of use is 480 484 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool 486 Identifiers: 487 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 488 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 489 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 490 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 491 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 492 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 493 http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool 495 The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is 496 the elliptic curve analogue of the Digital Signature Algorithm (DSA) 497 signature method, i.e., the Digital Signature Standard (DSS). It 498 takes no explicit parameters. For detailed specifications of how to 499 use it with SHA hash functions and XML Digital Signature, please see 500 [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool 501 fragments in the new namespace identifies a signature method 502 processed in the same way as specified by the #ecdsa-sha1 fragment of 503 this namespace, with the exception that RIPEMD160 or Whirlpool is 504 used instead of SHA-1. 506 The output of the ECDSA algorithm consists of a pair of integers 507 usually referred by the pair (r, s). The signature value consists of 508 the base64 encoding of the concatenation of two octet streams that 509 respectively result from the octet encoding of the values r and s in 510 that order. Conversion from integer to octet-stream must be done 511 according to the I2OSP operation defined in the [RFC3447] 512 specification with the l parameter equal to the size of the base 513 point order of the curve in bytes (e.g., 32 for the P-256 curve and 514 66 for the P-521 curve [FIPS186-3]). 516 For an introduction to elliptic curve cryptographic algorithms, see 517 [RFC6090] and note the errata (Errata ID 2773-2777). 519 2.3.7 ESIGN-SHA* 521 Identifiers: 522 http://www.w3.org/2001/04/xmldsig-more#esign-sha1 523 http://www.w3.org/2001/04/xmldsig-more#esign-sha224 524 http://www.w3.org/2001/04/xmldsig-more#esign-sha256 525 http://www.w3.org/2001/04/xmldsig-more#esign-sha384 526 http://www.w3.org/2001/04/xmldsig-more#esign-sha512 528 The ESIGN algorithm specified in [IEEEP1363a] is a signature scheme 529 based on the integer factorization problem. It is much faster than 530 previous digital signature schemes, so ESIGN can be implemented on 531 smart cards without special co-processors. 533 An example of use is 535 539 2.3.8 RSA-Whirlpool 541 Identifier: 542 http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool 544 As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the 545 designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in 546 [RFC3447]. When identified through the #rsa-whirlpool fragment 547 identifier, Whirlpool is used as the hash algorithm instead. Use of 548 the ASN.1 BER Whirlpool algorithm designator is implied. That 549 designator is 550 hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 551 as an explicit octet sequence. This corresponds to OID 552 1.0.10118.3.0.55 defined in [10118-3]. 554 An example of use is 556 560 2.3.9 RSASSA-PSS with Parameters 562 Identifiers: 563 http://www.w3.org/2007/05/xmldsig-more#rsa-pss 564 http://www.w3.org/2007/05/xmldsig-more#MGF1 566 These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm 567 [RFC3447]. The RSASSA-PSS algorithm takes the digest method (hash 568 function), a mask generation function, the salt length in bytes 569 (SaltLength), and the trailer field as explicit parameters. 571 Algorithm identifiers for hash functions specified in XML encryption 572 [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid 573 algorithm identifiers for hash functions. According to [RFC3447], 574 the default value for the digest function is SHA-1, but due to the 575 discovered weakness of SHA-1 [RFC6194], it is recommended that 576 SHA-256 or a stronger hash function be used. Notwithstanding 577 [RFC3447], SHA-256 is the default to be used with these 578 SignatureMethod identifiers if no hash function has been specified. 580 The default salt length for these SignatureMethod identifiers if the 581 SaltLength is not specified SHALL be the number of octets in the hash 582 value of the digest method, as recommended in [RFC4055]. In a 583 parameterized RSASSA-PSS signature the ds:DigestMethod and the 584 SaltLength parameters usually appear. If they do not, the defaults 585 make this equivalent to http://www.w3.org/2007/05/xmldsig- 586 more#sha256-rsa-MGF1 (see Section 2.3.10). The TrailerField defaults 587 to 1 (0xBC) when omitted. 589 Schema Definition (target namespace 590 http://www.w3.org/2007/05/xmldsig-more#): 592 593 594 595 Top level element that can be used in xs:any namespace="#other" 596 wildcard of ds:SignatureMethod content. 597 598 599 600 601 602 603 605 607 609 610 611 612 613 614 615 617 619 2.3.10 RSASSA-PSS without Parameters 621 [RFC3447] currently specifies only one mask generation function MGF1 622 based on a hash function. Although [RFC3447] allows for 623 parameterization, the default is to use the same hash function as the 624 digest method function. Only this default approach is supported by 625 this section; therefore, the definition of a mask generation function 626 type is not needed yet. The same applies to the trailer field. There 627 is only one value (0xBC) specified in [RFC3447]. Hence, this default 628 parameter must be used for signature generation. The default salt 629 length is the length of the hash function. 631 Identifiers: 632 http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 633 http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 634 http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 635 http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 637 http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 638 http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 639 http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 640 http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 641 http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 642 http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 643 http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 644 http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 645 http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 646 http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 648 An example of use is 650 655 2.3.11 RSA-SHA224 657 Identifier: 658 http://www.w3.org/2001/04/xmldsig-more#rsa-sha224 660 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 661 in Section 2.3.1 but with the ASN.1 BER SHA-224 algorithm designator 662 prefix. An example of use is 664 667 Because it takes about the same effort to calculate a SHA-224 message 668 digest as it does a SHA-256 message digest, it is suggested that RSA- 669 SHA256 be used in preference to RSA-SHA224 where possible. 671 See also Appendix B concerning an erroneous version of this URI that 672 appeared in [RFC6931]. 674 2.4 Minimal Canonicalization 676 Thus far, two independent interoperable implementations of Minimal 677 Canonicalization have not been announced. Therefore, when XML 678 Digital Signature was advanced along the Standards Track from 679 [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. 680 However, there is still interest. For its definition, see Section 681 6.5.1 of [RFC3075]. 683 For reference, its identifier remains: 684 http://www.w3.org/2000/09/xmldsig#minimal 686 2.5 Transform Algorithms 688 Note that all CanonicalizationMethod algorithms can also be used as 689 Transform algorithms. 691 2.5.1 XPointer 693 Identifier: 694 http://www.w3.org/2001/04/xmldsig-more#xptr 696 This transform algorithm takes an [XPointer] as an explicit 697 parameter. An example of use is: 699 701 703 xpointer(id("foo")) xmlns(bar=http://foobar.example) 704 xpointer(//bar:Zab[@Id="foo"]) 705 706 708 Schema Definition: 710 712 DTD: 714 716 Input to this transform is an octet stream (which is then parsed into 717 XML). 719 Output from this transform is a node set; the results of the XPointer 720 are processed as defined in the XMLDSIG specification [RFC3275] for a 721 same-document XPointer. 723 2.6 EncryptionMethod Algorithms 725 This subsection gives identifiers and information for several 726 EncryptionMethod Algorithms. 728 2.6.1 ARCFOUR Encryption Algorithm 730 Identifier: 731 http://www.w3.org/2001/04/xmldsig-more#arcfour 733 ARCFOUR is a fast, simple stream encryption algorithm that is 734 compatible with RSA Security's RC4 algorithm [RC4]. An example 735 EncryptionMethod element using ARCFOUR is 737 739 40 740 742 Note that Arcfour makes use of the generic KeySize parameter 743 specified and defined in [XMLENC11]. 745 2.6.2 Camellia Block Encryption 747 Identifiers: 748 http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc 749 http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc 750 http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc 752 Camellia is a block cipher with the same interface as the AES 753 [Camellia] [RFC3713]; it has a 128-bit block size and 128-, 192-, and 754 256-bit key sizes. In XML Encryption Camellia is used in the same way 755 as the AES: It is used in the Cipher Block Chaining (CBC) mode with a 756 128-bit initialization vector (IV). The resulting cipher text is 757 prefixed by the IV. If included in XML output, it is then base64 758 encoded. An example Camellia EncryptionMethod is as follows: 760 765 2.6.3 Camellia Key Wrap 767 Identifiers: 768 http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 769 http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 770 http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 772 Camellia [Camellia] [RFC3713] key wrap is identical to the AES key 773 wrap algorithm [RFC3394] specified in the XML Encryption standard 774 with "AES" replaced by "Camellia". As with AES key wrap, the check 775 value is 0xA6A6A6A6A6A6A6A6. 777 The algorithm is the same whatever the size of the Camellia key used 778 in wrapping, called the "key encrypting key" or "KEK". If Camellia is 779 supported, it is particularly suggested that wrapping 128-bit keys 780 with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be 781 supported. 783 An example of use is: 785 790 2.6.4 PSEC-KEM 792 Identifier: 793 http://www.w3.org/2001/04/xmldsig-more#psec-kem 795 The PSEC-KEM algorithm, specified in [18033-2], is a key 796 encapsulation mechanism using elliptic curve encryption. 798 An example of use is: 800 802 803 version 804 id 805 curve 806 base 807 order 808 cofactor 809 810 812 See [18033-2] for information on the parameters above. 814 2.6.5 SEED Block Encryption 816 Identifier: 817 http://www.w3.org/2007/05/xmldsig-more#seed128-cbc 819 SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML 820 Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode 821 with a 128-bit initialization vector (IV). The resulting cipher text 822 is prefixed by the IV. If included in XML output, it is then base64 823 encoded. 825 An example SEED EncryptionMethod is as follows: 827 830 2.6.6 SEED Key Wrap 832 Identifier: 833 http://www.w3.org/2007/05/xmldsig-more#kw-seed128 835 Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] 836 with "AES" replaced by "SEED". The algorithm is specified in 837 [RFC4010]. The implementation of SEED is optional. The default 838 initial value is 0xA6A6A6A6A6A6A6A6. 840 An example of use is: 842 847 3. KeyInfo 849 In Section 3.1 below a new KeyInfo element child is specified, while 850 in Section 3.2 additional KeyInfo Type values for use in 851 RetrievalMethod are specified. 853 3.1 PKCS #7 Bag of Certificates and CRLs 855 A PKCS #7 [RFC2315] "signedData" can also be used as a bag of 856 certificates and/or certificate revocation lists (CRLs). The 857 PKCS7signedData element is defined to accommodate such structures 858 within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] 859 encoded. Any signer information present is ignored. The following 860 is a example [RFC3092], eliding the base64 data: 862 864 ... 865 867 3.2 Additional RetrievalMethod Type Values 869 The Type attribute of RetrievalMethod is an optional identifier for 870 the type of data to be retrieved. The result of dereferencing a 871 RetrievalMethod reference for all KeyInfo types with an XML structure 872 is an XML element or document with that element as the root. The 873 various "raw" key information types return a binary value. Thus, they 874 require a Type attribute because they are not unambiguously parsable. 876 Identifiers: 877 http://www.w3.org/2001/04/xmldsig-more#KeyName 878 http://www.w3.org/2001/04/xmldsig-more#KeyValue 879 http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData 880 http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket 881 http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData 882 http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp 883 http://www.w3.org/2001/04/xmldsig-more#rawX509CRL 884 http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod 886 4. Indexes 888 The following subsections provide an index by URI and by fragment 889 identifier (the portion of the URI after "#") of the algorithm and 890 KeyInfo URIs defined in this document and in the standards (plus the 891 one KeyInfo child element name defined in this document). The 892 "Sec/Doc" column has the section of this document or, if not 893 specified in this document, the standards document where the item is 894 specified. See also [XMLSECXREF]. 896 4.1 Fragment Index 898 The initial "http://www.w3.org/" part of the URI is not included 899 below. The first six entries have a null fragment identifier or no 900 fragment identifier. "{Bad}" indicates a Bad value that was 901 accidentally included in [RFC6931]. Implementations SHOULD only 902 generate the correct URI but SHOULD understand both the correct and 903 erroneous URI. See also Appendix B. 905 Fragment URI Sec/Doc 906 --------- ---- -------- 908 2002/06/xmldsig-filter2 [XPATH] 909 2006/12/xmlc12n11# {Bad} [CANON11] 910 2006/12/xmlc14n11# [CANON11] 911 TR/1999/REC-xslt-19991116 [XSLT] 912 TR/1999/REC-xpath-19991116 [XPATH] 913 TR/2001/06/xml-exc-c14n# [XCANON] 914 TR/2001/REC-xml-c14n-20010315 [CANON10] 915 TR/2001/REC-xmlschema-1-20010502 [Schema] 917 aes128-cbc 2001/04/xmlenc#aes128-cbc [XMLENC11] 918 aes128-gcm 2009/xmlenc11#aes128-gcm [XMLENC11] 919 aes192-cbc 2001/04/xmlenc#aes192-cbc [XMLENC11] 920 aes192-gcm 2009/xmlenc11#aes192-gcm [XMLENC11] 921 aes256-cbc 2001/04/xmlenc#aes256-cbc [XMLENC11] 922 aes256-gcm 2009/xmlenc11#aes256-gcm [XMLENC11] 923 arcfour 2001/04/xmldsig-more#arcfour 2.6.1 925 base64 2000/09/xmldsig#base64 [RFC3275] 927 camellia128-cbc 2001/04/xmldsig-more#camellia128-cbc 2.6.2 928 camellia192-cbc 2001/04/xmldsig-more#camellia192-cbc 2.6.2 929 camellia256-cbc 2001/04/xmldsig-more#camellia256-cbc 2.6.2 930 ConcatKDF 2009/xmlenc11#ConcatKDF [XMLENC11] 931 decrypt#XML 2002/07/decrypt#XML [DECRYPT] 932 decrypt#Binary 2002/07/decrypt#Binary [DECRYPT] 933 DEREncodedKeyValue 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] 934 dh 2001/04/xmlenc#dh [XMLENC11] 935 dh-es 2009/xmlenc11#dh-es [XMLENC11] 936 dsa-sha1 2000/09/xmldsig#dsa-sha1 [RFC3275] 937 dsa-sha256 2009/xmldsig11#dsa-sha256 [XMLDSIG11] 938 DSAKeyValue 2000/09/xmldsig#DSAKeyValue [XMLDSIG11] 940 ECDH-ES 2009/xmlenc11#ECDH-ES [XMLENC11] 941 ecdsa-ripemd160 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 942 ecdsa-sha1 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 943 ecdsa-sha224 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 944 ecdsa-sha256 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 945 ecdsa-sha384 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 946 ecdsa-sha512 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 947 ecdsa-whirlpool 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 948 ecies-kem 2010/xmlsec-ghc#ecies-kem [GENERIC] 949 ECKeyValue 2009/xmldsig11#ECKeyValue [XMLDSIG11] 950 enveloped-signature 2000/09/xmldsig#enveloped-signature [RFC3275] 951 esign-sha1 2001/04/xmldsig-more#esign-sha1 2.3.7 952 esign-sha224 2001/04/xmldsig-more#esign-sha224 2.3.7 953 esign-sha256 2001/04/xmldsig-more#esign-sha256 2.3.7 954 esign-sha384 2001/04/xmldsig-more#esign-sha384 2.3.7 955 esign-sha512 2001/04/xmldsig-more#esign-sha512 2.3.7 957 generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC] 959 hmac-md5 2001/04/xmldsig-more#hmac-md5 2.2.1 960 hmac-ripemd160 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 961 hmac-sha1 2000/09/xmldsig#hmac-sha1 [RFC3275] 962 hmac-sha224 2001/04/xmldsig-more#hmac-sha224 2.2.2 963 hmac-sha256 2001/04/xmldsig-more#hmac-sha256 2.2.2 964 hmac-sha384 2001/04/xmldsig-more#hmac-sha384 2.2.2 965 hmac-sha512 2001/04/xmldsig-more#hmac-sha512 2.2.2 967 KeyName 2001/04/xmldsig-more#KeyName 3.2 968 KeyValue 2001/04/xmldsig-more#KeyValue 3.2 969 kw-aes128 2001/04/xmlenc#kw-aes128 [XMLENC11] 970 kw-aes128-pad 2009/xmlenc11#kw-aes-128-pad [XMLENC11] 971 kw-aes192 2001/04/xmlenc#kw-aes192 [XMLENC11] 972 kw-aes192-pad 2009/xmlenc11#kw-aes-192-pad [XMLENC11] 973 kw-aes256 2001/04/xmlenc#kw-aes256 [XMLENC11] 974 kw-aes256-pad 2009/xmlenc11#kw-aes-256-pad [XMLENC11] 975 kw-camellia128 2001/04/xmldsig-more#kw-camellia128 2.6.3 976 kw-camellia192 2001/04/xmldsig-more#kw-camellia192 2.6.3 977 kw-camellia256 2001/04/xmldsig-more#kw-camellia256 2.6.3 978 kw-seed128 2007/05/xmldsig-more#kw-seed128 2.6.6 979 md2-rsa-MGF1 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 980 md5 2001/04/xmldsig-more#md5 2.1.1 981 md5-rsa-MGF1 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 982 MGF1 2007/05/xmldsig-more#MGF1 2.3.9 983 mgf1sha1 2009/xmlenc11#mgf1sha1 [XMLENC11] 984 mgf1sha224 2009/xmlenc11#mgf1sha224 [XMLENC11] 985 mgf1sha256 2009/xmlenc11#mgf1sha256 [XMLENC11] 986 mgf1sha384 2009/xmlenc11#mgf1sha384 [XMLENC11] 987 mgf1sha512 2009/xmlenc11#mgf1sha512 [XMLENC11] 988 MgmtData 2000/09/xmldsig#MgmtData [XMLDSIG11] 989 minimal 2000/09/xmldsig#minimal 2.4 991 pbkdf2 2009/xmlenc11#pbkdf2 [XMLENC11] 992 PGPData 2000/09/xmldsig#PGPData [XMLDSIG11] 993 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.1 994 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.2 995 psec-kem 2001/04/xmldsig-more#psec-kem 2.6.4 997 rawPGPKeyPacket 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 998 rawPKCS7signedData 2001/04/xmldsig-more#rawPKCS7signedData 3.2 999 rawSPKISexp 2001/04/xmldsig-more#rawSPKISexp 3.2 1000 rawX509Certificate 2000/09/xmldsig#rawX509Certificate [RFC3275] 1001 rawX509CRL 2001/04/xmldsig-more#rawX509CRL 3.2 1002 RetrievalMethod 2001/04/xmldsig-more#RetrievalMethod 3.2 1003 ripemd128-rsa-MGF1 2007/05/xmldsig-more#ripemd128-rsa-MGF1 1004 2.3.10 1005 ripemd160 2001/04/xmlenc#ripemd160 [XMLENC11] 1006 ripemd160-rsa-MGF1 2007/05/xmldsig-more#ripemd160-rsa-MGF1 1007 2.3.10 1008 rsa-1_5 2001/04/xmlenc#rsa-1_5 [XMLENC11] 1009 rsa-md5 2001/04/xmldsig-more#rsa-md5 2.3.1 1010 rsa-oaep 2009/xmlenc11#rsa-oaep [XMLENC11] 1011 rsa-oaep-mgf1p 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] 1012 rsa-pss 2007/05/xmldsig-more#rsa-pss 2.3.9 1013 rsa-ripemd160 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 1014 rsa-sha1 2000/09/xmldsig#rsa-sha1 [RFC3275] 1015 rsa-sha224 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 1016 rsa-sha224 2001/04/xmldsig-more#rsa-sha224 2.3.11 1017 rsa-sha256 2001/04/xmldsig-more#rsa-sha256 2.3.2 1018 rsa-sha384 2001/04/xmldsig-more#rsa-sha384 2.3.3 1019 rsa-sha512 2001/04/xmldsig-more#rsa-sha512 2.3.4 1020 rsa-whirlpool 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 1021 rsaes-kem 2010/xmlsec-ghc#rsaes-kem [GENERIC] 1022 RSAKeyValue 2000/09/xmldsig#RSAKeyValue [XMLDSIG11] 1024 seed128-cbc 2007/05/xmldsig-more#seed128-cbc 2.6.5 1025 sha1 2000/09/xmldsig#sha1 [RFC3275] 1026 sha1-rsa-MGF1 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 1027 sha224 2001/04/xmldsig-more#sha224 2.1.2 1028 sha224-rsa-MGF1 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 1029 sha256 2001/04/xmlenc#sha256 [XMLENC11] 1030 sha256-rsa-MGF1 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 1031 sha3-224 2007/05/xmldsig-more#sha3-224 2.1.5 1032 sha3-224-rsa-MGF1 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 1033 sha3-256 2007/05/xmldsig-more#sha3-256 2.1.5 1034 sha3-256-rsa-MGF1 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 1035 sha3-384 2007/05/xmldsig-more#sha3-384 2.1.5 1036 sha3-384-rsa-MGF1 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 1037 sha3-512 2007/05/xmldsig-more#sha3-512 2.1.5 1038 sha3-512-rsa-MGF1 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 1039 sha384 2001/04/xmldsig-more#sha384 2.1.3 1040 sha384-rsa-MGF1 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 1041 sha512 2001/04/xmlenc#sha512 [XMLENC11] 1042 sha512-rsa-MGF1 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 1043 SPKIData 2000/09/xmldsig#SPKIData [XMLDSIG11] 1045 tripledes-cbc 2001/04/xmlenc#tripledes-cbc [XMLENC11] 1047 whirlpool 2007/05/xmldsig-more#whirlpool 2.1.4 1048 whirlpool-rsa-MGF1 2007/05/xmldsig-more#whirlpool-rsa-MGF1 1049 2.3.10 1050 WithComments 2006/12/xmlc14n11#WithComments [CANON11] 1051 WithComments TR/2001/06/xml-exc-c14n#WithComments 1052 [XCANON] 1053 WithComments TR/2001/REC-xml-c14n-20010315#WithComments 1054 [CANON10] 1056 X509Data 2000/09/xmldsig#X509Data [XMLDSIG11] 1057 xptr 2001/04/xmldsig-more#xptr 2.5.1 1059 The initial "http://www.w3.org/" part of the URI is not included 1060 above. 1062 4.2 URI Index 1064 The initial "http://www.w3.org/" part of the URI is not included 1065 below. "{Bad}" indicates a Bad value that was accidentally included 1066 in [RFC6931]. Implementations SHOULD only generate the correct URI 1067 but SHOULD understand both the correct and erroneous URI. See also 1068 Appendix B. 1070 URI Sec/Doc Type 1071 ---- -------- ----- 1073 2000/09/xmldsig#base64 [RFC3275] Transform 1074 2000/09/xmldsig#DSAKeyValue [RFC3275] Retrieval type 1075 2000/09/xmldsig#dsa-sha1 [RFC3275] SignatureMethod 1076 2000/09/xmldsig#enveloped-signature [RFC3275] Transform 1077 2000/09/xmldsig#hmac-sha1 [RFC3275] SignatureMethod 1078 2000/09/xmldsig#MgmtData [RFC3275] Retrieval type 1079 2000/09/xmldsig#minimal 2.4 Canonicalization 1080 2000/09/xmldsig#PGPData [RFC3275] Retrieval type 1081 2000/09/xmldsig#rawX509Certificate [RFC3275] Retrieval type 1082 2000/09/xmldsig#rsa-sha1 [RFC3275] SignatureMethod 1083 2000/09/xmldsig#RSAKeyValue [RFC3275] Retrieval type 1084 2000/09/xmldsig#sha1 [RFC3275] DigestAlgorithm 1085 2000/09/xmldsig#SPKIData [RFC3275] Retrieval type 1086 2000/09/xmldsig#X509Data [RFC3275] Retrieval type 1088 2001/04/xmldsig-more#arcfour 2.6.1 EncryptionMethod 1089 2001/04/xmldsig-more#camellia128-cbc 2.6.2 EncryptionMethod 1090 2001/04/xmldsig-more#camellia192-cbc 2.6.2 EncryptionMethod 1091 2001/04/xmldsig-more#camellia256-cbc 2.6.2 EncryptionMethod 1092 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 SignatureMethod 1093 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 SignatureMethod 1094 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 SignatureMethod 1095 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 SignatureMethod 1096 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 SignatureMethod 1097 2001/04/xmldsig-more#esign-sha1 2.3.7 SignatureMethod 1098 2001/04/xmldsig-more#esign-sha224 2.3.7 SignatureMethod 1099 2001/04/xmldsig-more#esign-sha256 2.3.7 SignatureMethod 1100 2001/04/xmldsig-more#esign-sha384 2.3.7 SignatureMethod 1101 2001/04/xmldsig-more#esign-sha512 2.3.7 SignatureMethod 1102 2001/04/xmldsig-more#hmac-md5 2.2.1 SignatureMethod 1103 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 SignatureMethod 1104 2001/04/xmldsig-more#hmac-sha224 2.2.2 SignatureMethod 1105 2001/04/xmldsig-more#hmac-sha256 2.2.2 SignatureMethod 1106 2001/04/xmldsig-more#hmac-sha384 2.2.2 SignatureMethod 1107 2001/04/xmldsig-more#hmac-sha512 2.2.2 SignatureMethod 1108 2001/04/xmldsig-more#KeyName 3.2 Retrieval type 1109 2001/04/xmldsig-more#KeyValue 3.2 Retrieval type 1110 2001/04/xmldsig-more#kw-camellia128 2.6.3 EncryptionMethod 1111 2001/04/xmldsig-more#kw-camellia192 2.6.3 EncryptionMethod 1112 2001/04/xmldsig-more#kw-camellia256 2.6.3 EncryptionMethod 1113 2001/04/xmldsig-more#md5 2.1.1 DigestAlgorithm 1114 2001/04/xmldsig-more#PKCS7signedData 3.2 Retrieval type 1115 2001/04/xmldsig-more#psec-kem 2.6.4 EncryptionMethod 1116 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 Retrieval type 1117 2001/04/xmldsig-more#rawPKCS7signedData 3.2 Retrieval type 1118 2001/04/xmldsig-more#rawSPKISexp 3.2 Retrieval type 1119 2001/04/xmldsig-more#rawX509CRL 3.2 Retrieval type 1120 2001/04/xmldsig-more#RetrievalMethod 3.2 Retrieval type 1121 2001/04/xmldsig-more#rsa-md5 2.3.1 SignatureMethod 1122 2001/04/xmldsig-more#rsa-sha224 2.3.11 SignatureMethod 1123 2001/04/xmldsig-more#rsa-sha256 2.3.2 SignatureMethod 1124 2001/04/xmldsig-more#rsa-sha384 2.3.3 SignatureMethod 1125 2001/04/xmldsig-more#rsa-sha512 2.3.4 SignatureMethod 1126 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 SignatureMethod 1127 2001/04/xmldsig-more#sha224 2.1.2 DigestAlgorithm 1128 2001/04/xmldsig-more#sha384 2.1.3 DigestAlgorithm 1129 2001/04/xmldsig-more#xptr 2.5.1 Transform 1130 2001/04/xmldsig-more#PKCS7signedData 3.1 KeyInfo child 1132 2001/04/xmlenc#aes128-cbc [XMLENC11] EncryptionMethod 1133 2001/04/xmlenc#aes192-cbc [XMLENC11] EncryptionMethod 1134 2001/04/xmlenc#aes256-cbc [XMLENC11] EncryptionMethod 1135 2001/04/xmlenc#dh [XMLENC11] AgreementMethod 1136 2001/04/xmlenc#kw-aes128 [XMLENC11] EncryptionMethod 1137 2001/04/xmlenc#kw-aes192 [XMLENC11] EncryptionMethod 1138 2001/04/xmlenc#kw-aes256 [XMLENC11] EncryptionMethod 1139 2001/04/xmlenc#ripemd160 [XMLENC11] DigestAlgorithm 1140 2001/04/xmlenc#rsa-1_5 [XMLENC11] EncryptionMethod 1141 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] EncryptionMethod 1142 2001/04/xmlenc#sha256 [XMLENC11] DigestAlgorithm 1143 2001/04/xmlenc#sha512 [XMLENC11] DigestAlgorithm 1144 2001/04/xmlenc#tripledes-cbc [XMLENC11] EncryptionMethod 1146 2002/06/xmldsig-filter2 [XPATH] Transform 1148 2002/07/decrypt#XML [DECRYPT] Transform 1149 2002/07/decrypt#Binary [DECRYPT] Transform 1151 2006/12/xmlc12n11# {Bad} [CANON11] Canonicalization 1152 2006/12/xmlc14n11# [CANON11] Canonicalization 1153 2006/12/xmlc14n11#WithComments [CANON11] Canonicalization 1155 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 SignatureMethod 1156 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 SignatureMethod 1157 2007/05/xmldsig-more#kw-seed128 2.6.6 EncryptionMethod 1158 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 SignatureMethod 1159 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 SignatureMethod 1160 2007/05/xmldsig-more#MGF1 2.3.9 SignatureMethod 1161 2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod 1162 2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod 1163 2007/05/xmldsig-more#rsa-pss 2.3.9 SignatureMethod 1164 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 SignatureMethod 1165 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 SignatureMethod 1166 2007/05/xmldsig-more#seed128-cbc 2.6.5 EncryptionMethod 1167 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 SignatureMethod 1168 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 SignatureMethod 1169 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 SignatureMethod 1170 2007/05/xmldsig-more#sha3-224 2.1.5 DigestAlgorithm 1171 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 SignatureMethod 1172 2007/05/xmldsig-more#sha3-256 2.1.5 DigestAlgorithm 1173 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 SignatureMethod 1174 2007/05/xmldsig-more#sha3-384 2.1.5 DigestAlgorithm 1175 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 SignatureMethod 1176 2007/05/xmldsig-more#sha3-512 2.1.5 DigestAlgorithm 1177 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 SignatureMethod 1178 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 SignatureMethod 1179 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 SignatureMethod 1180 2007/05/xmldsig-more#whirlpool 2.1.4 DigestAlgorithm 1181 2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod 1182 2009/xmlenc11#kw-aes-128-pad [XMLENC11] EncryptionMethod 1183 2009/xmlenc11#kw-aes-192-pad [XMLENC11] EncryptionMethod 1184 2009/xmlenc11#kw-aes-256-pad [XMLENC11] EncryptionMethod 1186 2009/xmldsig11#dsa-sha256 [XMLDSIG11] SignatureMethod 1187 2009/xmldsig11#ECKeyValue [XMLDSIG11] Retrieval type 1188 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] Retrieval type 1190 2009/xmlenc11#aes128-gcm [XMLENC11] EncryptionMethod 1191 2009/xmlenc11#aes192-gcm [XMLENC11] EncryptionMethod 1192 2009/xmlenc11#aes256-gcm [XMLENC11] EncryptionMethod 1193 2009/xmlenc11#ConcatKDF [XMLENC11] EncryptionMethod 1194 2009/xmlenc11#mgf1sha1 [XMLENC11] SignatureMethod 1195 2009/xmlenc11#mgf1sha224 [XMLENC11] SignatureMethod 1196 2009/xmlenc11#mgf1sha256 [XMLENC11] SignatureMethod 1197 2009/xmlenc11#mgf1sha384 [XMLENC11] SignatureMethod 1198 2009/xmlenc11#mgf1sha512 [XMLENC11] SignatureMethod 1199 2009/xmlenc11#pbkdf2 [XMLENC11] EncryptionMethod 1200 2009/xmlenc11#rsa-oaep [XMLENC11] EncryptionMethod 1201 2009/xmlenc11#ECDH-ES [XMLENC11] EncryptionMethod 1202 2009/xmlenc11#dh-es [XMLENC11] EncryptionMethod 1204 2010/xmlsec-ghc#generic-hybrid [GENERIC] Generic Hybrid 1205 2010/xmlsec-ghc#rsaes-kem [GENERIC] Generic Hybrid 1206 2010/xmlsec-ghc#ecies-kem [GENERIC] Generic Hybrid 1208 TR/1999/REC-xpath-19991116 [XPATH] Transform 1209 TR/1999/REC-xslt-19991116 [XSLT] Transform 1210 TR/2001/06/xml-exc-c14n# [XCANON] Canonicalization 1211 TR/2001/06/xml-exc-c14n#WithComments 1212 [XCANON] Canonicalization 1213 TR/2001/REC-xml-c14n-20010315 [CANON10] Canonicalization 1214 TR/2001/REC-xml-c14n-20010315#WithComments 1215 [CANON10] Canonicalization 1216 TR/2001/REC-xmlschema-1-20010502 [Schema] Transform 1218 The initial "http://www.w3.org/" part of the URI is not included 1219 above. "{Bad}" indicates a Bad value that was accidentally included 1220 in [RFC6931]. Implementations SHOULD only generate the correct URI 1221 but SHOULD understand both the correct and erroneous URI. See also 1222 Appendix B. 1224 5. Allocation Considerations 1226 W3C and IANA allocation considerations are given below. 1228 5.1 W3C Allocation Considerations 1230 As it is easy for people to construct their own unique URIs [RFC3986] 1231 and, if appropriate, to obtain a URI from the W3C, it is not intended 1232 that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be 1233 created beyond those enumerated in this RFC. (W3C Namespace 1234 stability rules prohibit the creation of new URIs under 1235 "http://www.w3.org/2000/09/xmldsig#" and URIs under 1236 "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the 1237 publication of [RFC4051].) 1239 An "xmldsig-more" URI does not imply any official W3C or IETF status 1240 for these algorithms or identifiers nor does it imply that they are 1241 only useful in digital signatures. Currently, dereferencing such 1242 URIs may or may not produce a temporary placeholder document. 1243 Permission to use these URI prefixes has been given by the W3C. 1245 5.2 IANA Considerations 1247 IANA has established a registry entitled "XML Security URIs". The 1248 initial contents correspond to Section 4.2 of this document with each 1249 section number in the "Sec/Doc" column augmented with a reference to 1250 this RFC (for example, "2.6.4" means "[RFC6931], Section 2.6.4"). 1252 New entries, including new Types, will be added based on Expert 1253 Review [RFC5226]. Criterion for inclusion are (1) documentation 1254 sufficient for interoperability of the algorithm or data type and the 1255 XML syntax for its representation and use and (2) sufficient 1256 importance as normally indicated by inclusion in (2a) an approved W3C 1257 Note, Proposed Recommendation, or Recommendation or (2b) an approved 1258 IETF Standards Track document. Typically, the registry will 1259 reference a W3C or IETF document specifying such XML syntax; that 1260 document will either contain a more abstract description of the 1261 algorithm or data type or reference another document with a more 1262 abstract description. 1264 6. Security Considerations 1266 This RFC is concerned with documenting the URIs that designate 1267 algorithms and some data types used in connection with XML security. 1268 The security considerations vary widely with the particular 1269 algorithms, and the general security considerations for XML security 1270 are outside of the scope of this document but appear in [XMLDSIG11], 1271 [XMLENC11], [CANON10], [CANON11], and [GENERIC]. 1273 [RFC6151] should be consulted before considering the use of MD5 as a 1274 DigestMethod or RSA-MD5 as a SignatureMethod. 1276 See [RFC6194] for SHA-1 security considerations and [RFC6151] for MD5 1277 security considerations. 1279 Additional security considerations are given in connection with the 1280 description of some algorithms in the body of this document. 1282 Implementers should be aware that cryptographic algorithms become 1283 weaker with time. As new cryptoanalysis techniques are developed and 1284 computing performance improves, the work factor to break a particular 1285 cryptographic algorithm will reduce. Therefore, cryptographic 1286 implementations should be modular, allowing new algorithms to be 1287 readily inserted. That is, implementers should be prepared for the 1288 set of mandatory-to-implement algorithms to change over time. 1290 Acknowledgements 1292 The contributions of the following, listed in alphabetic order, by 1293 reporting errata against RFC 6931 or contributing to this document, 1294 are gratefully acknowleged: 1296 Frederick Hirsch, Axel Puhlmann, Annie Yousar 1298 The contributions of the following, listed in alphabetic order, to 1299 [RFC6931], on which this document is based, are gratefully 1300 acknowledged: 1302 Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, 1303 Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, 1304 Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter 1305 Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter 1306 Saint-Andre, and Sean Turner. 1308 The following contributors to [RFC4051] are gratefully acknowledged: 1310 Glenn Adams, Merlin Hughs, Gregor Karlinger, Brian LaMachia, Shiho 1311 Moriai, Joseph Reagle, Russ Housley, and Joel Halpern. 1313 The document was prepared in raw nroff. All macros used were defined 1314 within the source file. 1316 Appendix A: Changes from RFC 6931 1318 The following changes have been made in RFC 6931 to produce this 1319 document. 1321 1. Delete Appendix on Changes from RFC 4051, since they were already 1322 included in RFC 6931, and remove refeence to RFC 4051 and to the 1323 on Errata against RFC 4051. 1325 2. Fix three errata as follows: [Err3597], [Err3965], and [Err4004]. 1326 In cases where [RFC6931] had an erroneous URI, it is still 1327 included in the indicies and it is stated that implementations 1328 SHOULD only generate the correct URI but SHOULD understand both 1329 the correct and erroneous URI. 1331 3. Minor editorial changes. 1333 Appendix B: Bad URIs 1335 [RFC6931] included two bad URIs as shown below. "{Bad}" in the 1336 indexes (Section 4.1 and 4.1) indicates such a Bad value. 1337 Implementations SHOULD only generate the correct URI but SHOULD 1338 understand both the correct and erroneous URI. 1340 2006/12/xmlc12n11# 1341 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1342 it should be "2006/12/xmlc14n11#" (i.e., "12" should have been 1343 "14"). This is [Err3965] and is corrected in this document. 1345 2007/05/xmldsig-more#rsa-sha224 1346 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1347 it should be "2001/04/xmldsig-more#rsa-sha22". This is [Err4004] 1348 and is corrected in this document. 1350 Appendix Z: Change History 1352 RFC Editor Note: Plese delete this Appendix before publication. 1354 Normative References 1356 [10118-3] - ISO, "Information technology -- Security techniques -- 1357 Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC 1358 10118-3:2004, 2004. 1360 [18033-2] - ISO, "Information technology -- Security techniques -- 1361 Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 1362 18033-2:2010, 2010. 1364 [Camellia] - Aoki, K., Ichikawa, T., Matsui, M., Moriai, S., 1365 Nakajima, J., and T. Tokita, "Camellia: A 128-bit Block Cipher 1366 Suitable for Multiple Platforms - Design and Analysis", in 1367 Selected Areas in Cryptography, 7th Annual International 1368 Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in 1369 Computer Science 2012, pp. 39-56, Springer-Verlag, 2001. 1371 [FIPS180-4] - US National Institute of Science and Technology, 1372 "Secure Hash Standard (SHS)", FIPS 180-4, March 2012, 1373 . 1376 [FIPS186-3] - US National Institute of Science and Technology, 1377 "Digital Signature Standard (DSS)", FIPS 186-3, June 2009, 1378 . 1381 [IEEEP1363a] - IEEE, "Standard Specifications for Public Key 1382 Cryptography- Amendment 1: Additional Techniques", IEEE 1383 1363a-2004, 2004. 1385 [RC4] - Schneier, B., "Applied Cryptography: Protocols, Algorithms, 1386 and Source Code in C", Second Edition, John Wiley and Sons, New 1387 York, NY, 1996. 1389 [RFC1321] - Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1390 April 1992. 1392 [RFC2045] - Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1393 Extensions (MIME) Part One: Format of Internet Message Bodies", 1394 RFC 2045, November 1996. 1396 [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1397 Hashing for Message Authentication", RFC 2104, February 1997. 1399 [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate 1400 Requirement Levels", BCP 14, RFC 2119, March 1997. 1402 [RFC2315] - Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1403 Version 1.5", RFC 2315, March 1998. 1405 [RFC3275] - Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1406 Markup Language) XML-Signature Syntax and Processing", RFC 1407 3275, March 2002. 1409 [RFC3394] - Schaad, J. and R. Housley, "Advanced Encryption Standard 1410 (AES) Key Wrap Algorithm", RFC 3394, September 2002. 1412 [RFC3447] - Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1413 Standards (PKCS) #1: RSA Cryptography Specifications Version 1414 2.1", RFC 3447, February 2003. 1416 [RFC3713] - Matsui, M., Nakajima, J., and S. Moriai, "A Description 1417 of the Camellia Encryption Algorithm", RFC 3713, April 2004. 1419 [RFC3986] - Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1420 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, 1421 January 2005. 1423 [RFC4050] - Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. 1424 Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for 1425 XML Digital Signatures", RFC 4050, April 2005. 1427 [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional 1428 Algorithms and Identifiers for RSA Cryptography for use in the 1429 Internet X.509 Public Key Infrastructure Certificate and 1430 Certificate Revocation List (CRL) Profile", RFC 4055, June 1431 2005. 1433 [RFC4269] - Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The 1434 SEED Encryption Algorithm", RFC 4269, December 2005. 1436 [RFC5226] - Narten, T. and H. Alvestrand, "Guidelines for Writing an 1437 IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 1438 2008. 1440 [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash 1441 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 1442 2011. 1444 [X9.62] - American National Standards Institute, Accredited Standards 1445 Committee X9, "Public Key Cryptography for the Financial 1446 Services Industry: The Elliptic Curve Digital Signature 1447 Algorithm (ECDSA)", ANSI X9.62:2005, 2005. 1449 [XMLENC10] - Reagle, J. and D. Eastlake, "XML Encryption Syntax and 1450 Processing", W3C Recommendation, 10 December 2002, 1451 . 1453 [XMLENC11] - Eastlake, D., Reagle, J., Hirsch, F., and T. Roessler, 1454 "XML Encryption Syntax and Processing Version 1.1", W3C 1455 Proposed Recommendation, 24 January 2013, 1456 . 1458 [XPointer] - Grosso, P., Maler, E., Marsh, J., and N. Walsh, 1459 "XPointer Framework", W3C Recommendation, 25 March 2003, 1460 . 1462 Informational References 1464 [CANON10] - Boyer, J., "Canonical XML Version 1.0", W3C 1465 Recommendation, 15 March 2001, . 1468 [CANON11] - Boyer, J., and G. Marcy, "Canonical XML Version 1.1", W3C 1469 Recommendation, 2 May 2008, . 1472 [DECRYPT] - Hughes, M., Imamura, T., and H. Maruyama, "Decryption 1473 Transform for XML Signature", W3C Recommendation, 10 December 1474 2002, . 1476 [Err3597] - RFC Errata, Errata ID 3597, RFC 6931, . 1479 [Err3965] - RFC Errata, Errata ID 3965, RFC 6931, . 1482 [Err4004] - RFC Errata, Errata ID 4004, RFC 6931, . 1485 [GENERIC] - Nystrom, M. and F. Hirsch, "XML Security Generic Hybrid 1486 Ciphers", W3C Working Group Note, 24 January 2013, 1487 . 1490 [Keccak] - Bertoni, G., Daeman, J., Peeters, M., and G. Van Assche, 1491 "The KECCAK sponge function family", January 2013, 1492 . 1494 [RFC3075] - Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature 1495 Syntax and Processing", RFC 3075, March 2001. 1497 [RFC3076] - Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 1498 2001. 1500 [RFC3092] - Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology 1501 of "Foo"", RFC 3092, April 1 2001. 1503 [RFC3741] - Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive 1504 XML Canonicalization, Version 1.0", RFC 3741, March 2004. 1506 [RFC4010] - Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 1507 Encryption Algorithm in Cryptographic Message Syntax (CMS)", 1508 RFC 4010, February 2005. 1510 [RFC4051] - Eastlake 3rd, D., "Additional XML Security Uniform 1511 Resource Identifiers (URIs)", RFC 4051, April 2005. 1513 [RFC6090] 1514 - D. McGrew, K. Igoe, M. Salter, "Fundamental Elliptic Curve 1515 Cryptography Algorithms", RFC 6090, February 2011. 1516 - Note RFC Errata numbers 2773, 2774, 2775, 2776, and 2777. 1518 [RFC6151] - Turner, S. and L. Chen, "Updated Security Considerations 1519 for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 1520 6151, March 2011. 1522 [RFC6194] - Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security 1523 Considerations for the SHA-0 and SHA-1 Message-Digest 1524 Algorithms", RFC 6194, March 2011. 1526 [RFC6931] - Eastlake 3rd, D., "Additional XML Security Uniform 1527 Resource Identifiers (URIs)", RFC 6931, April 2013, 1528 . 1530 [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, 1531 "XML Schema Part 1: Structures Second Edition", W3C 1532 Recommendation, 28 October 2004, 1533 . 1534 - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes 1535 Second Edition", W3C Recommendation, 28 October 2004, 1536 . 1538 [SHA-3] - US National Institute of Science and Technology, "SHA-3 1539 WINNER", February 2013, . 1542 [W3C] - World Wide Web Consortium, . 1544 [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML 1545 Canonicalization Version 1.0", W3C Recommendation, 18 July 1546 2002, . 1548 [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. 1549 Roessler, "XML Signature Syntax and Processing (Second 1550 Edition)", W3C Recommendation, 10 June 2008, 1551 ./ 1553 [XMLDSIG11] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., 1554 Nystrom, M., Roessler, T., and K. Yiu, "XML Signature Syntax 1555 and Processing Version 1.1", W3C Proposed Recommendation, 11 1556 April 2013, . 1558 [XMLDSIG-PROP] - Hirsch, F., "XML Signature Properties", W3C Proposed 1559 Recommendation, 24 January 2013, . 1562 [XMLSECXREF] - Hirsch, F., Roessler, T., and K. Yiu, "XML Security 1563 Algorithm Cross-Reference", W3C Working Group Note, 24 January 1564 2013, . 1567 [XPATH] - Boyer, J., Hughes, M., and J. Reagle, "XML-Signature XPath 1568 Filter 2.0", W3C Recommendation, 8 November 2002, 1569 . 1570 - Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, 1571 M., Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0 1572 (Second Edition)", W3C Recommendation, 14 December 2010, 1573 . 1575 [XSLT] - Saxonica, M., "XSL Transformations (XSLT) Version 2.0", W3C 1576 Recommendation, 23 January 2007, 1577 . 1579 Author's Address 1581 Donald E. Eastlake, 3rd 1582 Huawei Technologies 1583 155 Beaver Street 1584 Milford, MA 01757 USA 1586 Phone: +1-508-333-2270 1587 EMail: d3e3e3@gmail.com 1589 Copyright, Disclaimer, and Additional IPR Provisions 1591 Copyright (c) 2014 IETF Trust and the persons identified as the 1592 document authors. All rights reserved. 1594 This document is subject to BCP 78 and the IETF Trust's Legal 1595 Provisions Relating to IETF Documents 1596 (http://trustee.ietf.org/license-info) in effect on the date of 1597 publication of this document. Please review these documents 1598 carefully, as they describe your rights and restrictions with respect 1599 to this document. Code Components extracted from this document must 1600 include Simplified BSD License text as described in Section 4.e of 1601 the Trust Legal Provisions and are provided without warranty as 1602 described in the Simplified BSD License. The definitive version of 1603 an IETF Document is that published by, or under the auspices of, the 1604 IETF. Versions of IETF Documents that are published by third parties, 1605 including those that are translated into other languages, should not 1606 be considered to be definitive versions of IETF Documents. The 1607 definitive version of these Legal Provisions is that published by, or 1608 under the auspices of, the IETF. Versions of these Legal Provisions 1609 that are published by third parties, including those that are 1610 translated into other languages, should not be considered to be 1611 definitive versions of these Legal Provisions. For the avoidance of 1612 doubt, each Contributor to the IETF Standards Process licenses each 1613 Contribution that he or she makes as part of the IETF Standards 1614 Process to the IETF Trust pursuant to the provisions of RFC 5378. No 1615 language to the contrary, or terms, conditions or rights that differ 1616 from or are inconsistent with the rights and licenses granted under 1617 RFC 5378, shall have any effect and shall be null and void, whether 1618 published or posted by such Contributor, or included with or in such 1619 Contribution.