idnits 2.17.1 draft-eastlake-rfc6931bis-xmlsec-uris-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 26, 2015) is 3128 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1600' on line 305 -- Possible downref: Non-RFC (?) normative reference: ref. '10118-3' -- Possible downref: Non-RFC (?) normative reference: ref. '18033-2' -- Possible downref: Non-RFC (?) normative reference: ref. 'Camellia' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-3' -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEEP1363a' -- Possible downref: Non-RFC (?) normative reference: ref. 'RC4' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 2315 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Obsolete normative reference: RFC 3447 (Obsoleted by RFC 8017) ** Downref: Normative reference to an Informational RFC: RFC 3713 ** Downref: Normative reference to an Informational RFC: RFC 4050 ** Downref: Normative reference to an Informational RFC: RFC 4269 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 6234 -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC10' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC11' -- Possible downref: Non-RFC (?) normative reference: ref. 'XPointer' -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3597') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err3965', was also mentioned in 'Err3597'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3965') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err4004', was also mentioned in 'Err3965'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err4004') (Obsoleted by RFC 9231) -- Obsolete informational reference (is this intentional?): RFC 3075 (Obsoleted by RFC 3275) -- Obsolete informational reference (is this intentional?): RFC 4051 (Obsoleted by RFC 6931) -- Duplicate reference: RFC6931, mentioned in 'RFC6931', was also mentioned in 'Err4004'. -- Obsolete informational reference (is this intentional?): RFC 6931 (Obsoleted by RFC 9231) Summary: 10 errors (**), 0 flaws (~~), 1 warning (==), 21 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Donald Eastlake 2 Obsoletes: 6931 Huawei 3 Intended Status: Proposed Standard 4 Expires: March 25, 2015 September 26, 2015 6 Additional XML Security Uniform Resource Identifiers (URIs) 7 9 Abstract 11 This document updates and corrects the IANA registry for the list of 12 URIs intended for use with XML digital signatures, encryption, 13 canonicalization, and key management. These URIs identify algorithms 14 and types of information. This document corrrects three errata 15 against and obsoletes RFC 6931. 17 The intent is to keep this draft alive while it accumulates updates 18 until it seems reasonable to publish the next version. 20 Status of This Memo 22 This Internet-Draft is submitted to IETF in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Distribution of this document is unlimited. Comments should be sent 26 to the author. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft 40 Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 Table of Contents 45 1. Introduction............................................4 46 1.1 Terminology...........................................5 47 1.2 Acronyms..............................................5 49 2. Algorithms..............................................7 50 2.1 DigestMethod (Hash) Algorithms........................7 51 2.1.1 MD5.................................................7 52 2.1.2 SHA-224.............................................8 53 2.1.3 SHA-384.............................................8 54 2.1.4 Whirlpool...........................................8 55 2.1.5 New SHA Functions...................................9 56 2.2 SignatureMethod MAC Algorithms........................9 57 2.2.1 HMAC-MD5............................................9 58 2.2.2 HMAC SHA Variations................................10 59 2.2.3 HMAC-RIPEMD160.....................................10 60 2.3 SignatureMethod Public Key Signature Algorithms......11 61 2.3.1 RSA-MD5............................................11 62 2.3.2 RSA-SHA256.........................................12 63 2.3.3 RSA-SHA384.........................................12 64 2.3.4 RSA-SHA512.........................................12 65 2.3.5 RSA-RIPEMD160......................................12 66 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......13 67 2.3.7 ESIGN-SHA*.........................................14 68 2.3.8 RSA-Whirlpool......................................14 69 2.3.9 RSASSA-PSS with Parameters.........................14 70 2.3.10 RSASSA-PSS without Parameters.....................16 71 2.3.11 RSA-SHA224........................................16 72 2.4 Minimal Canonicalization.............................17 73 2.5 Transform Algorithms.................................17 74 2.5.1 XPointer...........................................17 75 2.6 EncryptionMethod Algorithms..........................18 76 2.6.1 ARCFOUR Encryption Algorithm.......................18 77 2.6.2 Camellia Block Encryption..........................19 78 2.6.3 Camellia Key Wrap..................................19 79 2.6.4 PSEC-KEM...........................................20 80 2.6.5 SEED Block Encryption..............................20 81 2.6.6 SEED Key Wrap......................................20 83 3. KeyInfo................................................22 84 3.1 PKCS #7 Bag of Certificates and CRLs.................22 85 3.2 Additional RetrievalMethod Type Values...............22 87 4. Indexes................................................23 88 4.1 Fragment Index.......................................23 89 4.2 URI Index............................................26 91 5. Allocation Considerations..............................31 92 5.1 W3C Allocation Considerations........................31 93 5.2 IANA Considerations..................................31 95 Table of Contents (continued) 97 6. Security Considerations................................32 99 Acknowledgements..........................................33 101 Appendix A: Changes from RFC 6931.........................34 102 Appendix B: Bad URIs......................................35 104 Appendix Z: Change History................................36 106 Normative References......................................37 107 Informational References..................................40 108 Author's Address..........................................43 110 1. Introduction 112 XML digital signatures, canonicalization, and encryption have been 113 standardized by the W3C and by the joint IETF/W3C XMLDSIG working 114 group [W3C]. All of these are now W3C Recommendations and some are 115 also RFCs. They are available as follows: 117 RFC 118 Status W3C REC Topic 119 ----------- ------- ----- 121 [RFC3275] [XMLDSIG10] XML Digital Signatures 122 Draft Standard 124 [RFC3076] [CANON10] Canonical XML 125 Informational 127 - - - - - - [XMLENC10] XML Encryption 1.0 129 [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 130 Informational 132 All of these documents and recommendations use URIs [RFC3986] to 133 identify algorithms and keying information types. The W3C has 134 subsequently produced updated XML Signature 1.1 [XMLDSIG11], 135 Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] 136 versions, as well as a new XML Signature Properties specification 137 [XMLDSIG-PROP]. 139 All camel-case element names herein, such as DigestValue, are from 140 these documents. 142 This document is an updated convenient reference list of URIs and 143 corresponding algorithms in which there is expressed interest. This 144 document fixes Errata [Err3597], [Err3965], [Err4004] against and 145 obsoletes [RFC6931]. 147 All of the URIs appear in the indexes in Section 4. Only the URIs 148 that were added by [RFC4051], [RFC6931], or this document have a 149 subsection in Section 2 or 3, with the exception of Minimal 150 Canonicalization (Section 2.4). For example, use of SHA-256 is 151 defined in [XMLENC11] and hence there is no subsection on that 152 algorithm here, but its URI is included in the indexes in Section 4. 154 Specification in this document of the URI representing an algorithm 155 does not imply endorsement of the algorithm for any particular 156 purpose. A protocol specification, which this is not, generally 157 gives algorithm and implementation requirements for the protocol. 158 Security considerations for algorithms are constantly evolving, as 159 documented elsewhere. This specification simply provides some URIs 160 and relevant formatting for when those URIs are used. 162 Note that progressing XML Digital Signature [RFC3275] along the 163 Standards Track required removal of any algorithms from the original 164 version [RFC3075] for which there was not demonstrated 165 interoperability. This required removal of the Minimal 166 Canonicalization algorithm, in which there appears to be continued 167 interest. The URI for Minimal Canonicalization was included in 168 [RFC4051] and [RFC6931] and is included here. 170 1.1 Terminology 172 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 173 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 174 "OPTIONAL" in this document are to be interpreted as described in 175 [RFC2119]. 177 This document is not intended to change the algorithm implementation 178 requirements of any IETF or W3C document. Use of [RFC2119] 179 terminology is intended to be only such as is already stated or 180 implied by other authoritative documents. 182 1.2 Acronyms 184 The following acronyms are used in this document: 186 HMAC - Keyed-Hashing MAC [RFC2104] 188 IETF - Internet Engineering Task Force 190 MAC - Message Authentication Code 192 MD - Message Digest 194 NIST - United States National Institute of Standards and 195 Technology 197 RC - Rivest Cipher 199 RSA - Rivest, Shamir, and Adleman 201 SHA - Secure Hash Algorithm 203 URI - Uniform Resource Identifier [RFC3986] 205 W3C - World Wide Web Consortium 206 XML - eXtensible Markup Language 208 2. Algorithms 210 The URI [RFC3986] that was dropped from the XML Digital Signature 211 standard due to the transition from Proposed Standard to Draft 212 Standard [RFC3275] is included in Section 2.4 below with its original 214 http://www.w3.org/2000/09/xmldsig# 216 prefix so as to avoid changing the XMLDSIG standard's namespace. 218 Additional algorithms in [RFC4051] were given URIs that start with 220 http://www.w3.org/2001/04/xmldsig-more# 222 while further algorithms added in this document are given URIs that 223 start with 225 http://www.w3.org/2007/05/xmldsig-more# 227 In addition, for ease of reference, this document includes in the 228 indexes in Section 4 many cryptographic algorithm URIs from several 229 XML security documents using the namespaces with which they are 230 defined in those documents. For example, 2000/09/xmldsig# for some 231 URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs 232 specified in [XMLENC10]. 234 See also [XMLSECXREF]. 236 2.1 DigestMethod (Hash) Algorithms 238 These algorithms are usable wherever a DigestMethod element occurs. 240 2.1.1 MD5 242 Identifier: 243 http://www.w3.org/2001/04/xmldsig-more#md5 245 The MD5 algorithm [RFC1321] takes no explicit parameters. An example 246 of an MD5 DigestAlgorithm element is: 248 251 An MD5 digest is a 128-bit string. The content of the DigestValue 252 element SHALL be the base64 [RFC2045] encoding of this bit string 253 viewed as a 16-octet octet stream. See [RFC6151] for MD5 security 254 considerations. 256 2.1.2 SHA-224 258 Identifier: 259 http://www.w3.org/2001/04/xmldsig-more#sha224 261 The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit 262 parameters. An example of a SHA-224 DigestAlgorithm element is: 264 267 A SHA-224 digest is a 224-bit string. The content of the DigestValue 268 element SHALL be the base64 [RFC2045] encoding of this string viewed 269 as a 28-octet stream. 271 2.1.3 SHA-384 273 Identifier: 274 http://www.w3.org/2001/04/xmldsig-more#sha384 276 The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An 277 example of a SHA-384 DigestAlgorithm element is: 279 282 A SHA-384 digest is a 384-bit string. The content of the DigestValue 283 element SHALL be the base64 [RFC2045] encoding of this string viewed 284 as a 48-octet stream. 286 2.1.4 Whirlpool 288 Identifier: 289 http://www.w3.org/2007/05/xmldsig-more#whirlpool 291 The Whirlpool algorithm [10118-3] takes no explicit parameters. A 292 Whirlpool digest is a 512-bit string. The content of the DigestValue 293 element SHALL be the base64 [RFC2045] encoding of this string viewed 294 as a 64-octet stream. 296 2.1.5 New SHA Functions 298 Identifiers: 299 http://www.w3.org/2007/05/xmldsig-more#sha3-224 300 http://www.w3.org/2007/05/xmldsig-more#sha3-256 301 http://www.w3.org/2007/05/xmldsig-more#sha3-384 302 http://www.w3.org/2007/05/xmldsig-more#sha3-512 304 NIST has recently completed a hash function competition for an 305 alternative to the SHA family. The Keccak-f[1600] algorithm was 306 selected [Keccak] [SHA-3]. This hash function is commonly referred 307 to as "SHA-3", and this section is a space holder and reservation of 308 URIs for future information on Keccak use in XML security. 310 A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and 311 512-bit string, respectively. The content of the DigestValue element 312 SHALL be the base64 [RFC2045] encoding of this string viewed as a 313 28-, 32-, 48-, and 64-octet stream, respectively. 315 2.2 SignatureMethod MAC Algorithms 317 This section covers SignatureMethod MAC (Message Authentication Code) 318 Algorithms. 320 Note: Some text in this section is duplicated from [RFC3275] for the 321 convenience of the reader. RFC 3275 is normative in case of conflict. 323 2.2.1 HMAC-MD5 325 Identifier: 326 http://www.w3.org/2001/04/xmldsig-more#hmac-md5 328 The HMAC algorithm [RFC2104] takes the truncation length in bits as a 329 parameter; if the parameter is not specified, then all the bits of 330 the hash are output. An example of an HMAC-MD5 SignatureMethod 331 element is as follows: 333 335 112 336 338 The output of the HMAC algorithm is ultimately the output (possibly 339 truncated) of the chosen digest algorithm. This value SHALL be base64 340 [RFC2045] encoded in the same straightforward fashion as the output 341 of the digest algorithms. Example: the SignatureValue element for the 342 HMAC-MD5 digest 344 9294727A 3638BB1C 13F48EF8 158BFC9D 346 from the test vectors in [RFC2104] would be 348 kpRyejY4uxwT9I74FYv8nQ== 350 Schema Definition: 352 353 354 356 DTD: 358 360 The Schema Definition and DTD immediately above are copied from 361 [RFC3275]. 363 See [RFC6151] for HMAC-MD5 security considerations. 365 2.2.2 HMAC SHA Variations 367 Identifiers: 368 http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 369 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 370 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 371 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 373 SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also 374 be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. 376 2.2.3 HMAC-RIPEMD160 378 Identifier: 379 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 381 RIPEMD-160 [10118-3] can also be used in HMAC as described in Section 382 2.2.1 above for HMAC-MD5. 384 2.3 SignatureMethod Public Key Signature Algorithms 386 These algorithms are distinguished from those in Section 2.2 above in 387 that they use public key methods. That is to say, the verification 388 key is different from and not feasibly derivable from the signing 389 key. 391 2.3.1 RSA-MD5 393 Identifier: 394 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 396 This implies the PKCS#1 v1.5 padding algorithm described in 397 [RFC3447]. An example of use is 399 402 The SignatureValue content for an RSA-MD5 signature is the base64 403 [RFC2045] encoding of the octet string computed as per [RFC3447], 404 Section 8.2.1, signature generation for the RSASSA-PKCS1-v1_5 405 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function 406 in [RFC3447], Section 9.2, the value input to the signature function 407 MUST contain a pre-pended algorithm object identifier for the hash 408 function, but the availability of an ASN.1 parser and recognition of 409 OIDs is not required of a signature verifier. The PKCS#1 v1.5 410 representation appears as: 412 CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) 414 Note that the padded ASN.1 will be of the following form: 416 01 | FF* | 00 | prefix | hash 418 Vertical bar ("|") represents concatenation. "01", "FF", and "00" are 419 fixed octets of the corresponding hexadecimal value, and the asterisk 420 ("*") after "FF" indicates repetition. "hash" is the MD5 digest of 421 the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix 422 required in PKCS #1 [RFC3447], that is, 424 hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 426 This prefix is included to make it easier to use standard 427 cryptographic libraries. The FF octet MUST be repeated enough times 428 that the value of the quantity being CRYPTed is exactly one octet 429 shorter than the RSA modulus. 431 See [RFC6151] for MD5 security considerations. 433 2.3.2 RSA-SHA256 435 Identifier: 436 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 438 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 439 in Section 2.3.1, but with the ASN.1 BER SHA-256 algorithm designator 440 prefix. An example of use is 442 445 2.3.3 RSA-SHA384 447 Identifier: 448 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 450 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 451 in Section 2.3.1, but with the ASN.1 BER SHA-384 algorithm designator 452 prefix. An example of use is 454 457 Because it takes about the same effort to calculate a SHA-384 message 458 digest as it does a SHA-512 message digest, it is suggested that RSA- 459 SHA512 be used in preference to RSA-SHA384 where possible. 461 2.3.4 RSA-SHA512 463 Identifier: 464 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 466 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 467 in Section 2.3.1, but with the ASN.1 BER SHA-512 algorithm designator 468 prefix. An example of use is 470 473 2.3.5 RSA-RIPEMD160 475 Identifier: 476 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 478 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 479 in Section 2.3.1, but with the ASN.1 BER RIPEMD160 algorithm 480 designator prefix. An example of use is 482 486 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool 488 Identifiers: 489 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 490 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 491 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 492 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 493 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 494 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 495 http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool 497 The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is 498 the elliptic curve analogue of the Digital Signature Algorithm (DSA) 499 signature method, i.e., the Digital Signature Standard (DSS). It 500 takes no explicit parameters. For detailed specifications of how to 501 use it with SHA hash functions and XML Digital Signature, please see 502 [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool 503 fragments in the new namespace identifies a signature method 504 processed in the same way as specified by the #ecdsa-sha1 fragment of 505 this namespace, with the exception that RIPEMD160 or Whirlpool is 506 used instead of SHA-1. 508 The output of the ECDSA algorithm consists of a pair of integers 509 usually referred by the pair (r, s). The signature value consists of 510 the base64 encoding of the concatenation of two octet streams that 511 respectively result from the octet encoding of the values r and s in 512 that order. Conversion from integer to octet-stream must be done 513 according to the I2OSP operation defined in the [RFC3447] 514 specification with the l parameter equal to the size of the base 515 point order of the curve in bytes (e.g., 32 for the P-256 curve and 516 66 for the P-521 curve [FIPS186-3]). 518 For an introduction to elliptic curve cryptographic algorithms, see 519 [RFC6090] and note the errata (Errata ID 2773-2777). 521 2.3.7 ESIGN-SHA* 523 Identifiers: 524 http://www.w3.org/2001/04/xmldsig-more#esign-sha1 525 http://www.w3.org/2001/04/xmldsig-more#esign-sha224 526 http://www.w3.org/2001/04/xmldsig-more#esign-sha256 527 http://www.w3.org/2001/04/xmldsig-more#esign-sha384 528 http://www.w3.org/2001/04/xmldsig-more#esign-sha512 530 The ESIGN algorithm specified in [IEEEP1363a] is a signature scheme 531 based on the integer factorization problem. It is much faster than 532 previous digital signature schemes, so ESIGN can be implemented on 533 smart cards without special co-processors. 535 An example of use is 537 541 2.3.8 RSA-Whirlpool 543 Identifier: 544 http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool 546 As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the 547 designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in 548 [RFC3447]. When identified through the #rsa-whirlpool fragment 549 identifier, Whirlpool is used as the hash algorithm instead. Use of 550 the ASN.1 BER Whirlpool algorithm designator is implied. That 551 designator is 552 hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 553 as an explicit octet sequence. This corresponds to OID 554 1.0.10118.3.0.55 defined in [10118-3]. 556 An example of use is 558 562 2.3.9 RSASSA-PSS with Parameters 564 Identifiers: 565 http://www.w3.org/2007/05/xmldsig-more#rsa-pss 566 http://www.w3.org/2007/05/xmldsig-more#MGF1 568 These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm 569 [RFC3447]. The RSASSA-PSS algorithm takes the digest method (hash 570 function), a mask generation function, the salt length in bytes 571 (SaltLength), and the trailer field as explicit parameters. 573 Algorithm identifiers for hash functions specified in XML encryption 574 [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid 575 algorithm identifiers for hash functions. According to [RFC3447], 576 the default value for the digest function is SHA-1, but due to the 577 discovered weakness of SHA-1 [RFC6194], it is recommended that 578 SHA-256 or a stronger hash function be used. Notwithstanding 579 [RFC3447], SHA-256 is the default to be used with these 580 SignatureMethod identifiers if no hash function has been specified. 582 The default salt length for these SignatureMethod identifiers if the 583 SaltLength is not specified SHALL be the number of octets in the hash 584 value of the digest method, as recommended in [RFC4055]. In a 585 parameterized RSASSA-PSS signature the ds:DigestMethod and the 586 SaltLength parameters usually appear. If they do not, the defaults 587 make this equivalent to http://www.w3.org/2007/05/xmldsig- 588 more#sha256-rsa-MGF1 (see Section 2.3.10). The TrailerField defaults 589 to 1 (0xBC) when omitted. 591 Schema Definition (target namespace 592 http://www.w3.org/2007/05/xmldsig-more#): 594 595 596 597 Top level element that can be used in xs:any namespace="#other" 598 wildcard of ds:SignatureMethod content. 599 600 601 602 603 604 605 607 609 611 612 613 614 615 616 617 619 621 2.3.10 RSASSA-PSS without Parameters 623 [RFC3447] currently specifies only one mask generation function MGF1 624 based on a hash function. Although [RFC3447] allows for 625 parameterization, the default is to use the same hash function as the 626 digest method function. Only this default approach is supported by 627 this section; therefore, the definition of a mask generation function 628 type is not needed yet. The same applies to the trailer field. There 629 is only one value (0xBC) specified in [RFC3447]. Hence, this default 630 parameter must be used for signature generation. The default salt 631 length is the length of the hash function. 633 Identifiers: 634 http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 635 http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 636 http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 637 http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 639 http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 640 http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 641 http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 642 http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 643 http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 644 http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 645 http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 646 http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 647 http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 648 http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 650 An example of use is 652 657 2.3.11 RSA-SHA224 659 Identifier: 660 http://www.w3.org/2001/04/xmldsig-more#rsa-sha224 662 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 663 in Section 2.3.1 but with the ASN.1 BER SHA-224 algorithm designator 664 prefix. An example of use is 666 669 Because it takes about the same effort to calculate a SHA-224 message 670 digest as it does a SHA-256 message digest, it is suggested that RSA- 671 SHA256 be used in preference to RSA-SHA224 where possible. 673 See also Appendix B concerning an erroneous version of this URI that 674 appeared in [RFC6931]. 676 2.4 Minimal Canonicalization 678 Thus far, two independent interoperable implementations of Minimal 679 Canonicalization have not been announced. Therefore, when XML 680 Digital Signature was advanced along the Standards Track from 681 [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. 682 However, there is still interest. For its definition, see Section 683 6.5.1 of [RFC3075]. 685 For reference, its identifier remains: 686 http://www.w3.org/2000/09/xmldsig#minimal 688 2.5 Transform Algorithms 690 Note that all CanonicalizationMethod algorithms can also be used as 691 Transform algorithms. 693 2.5.1 XPointer 695 Identifier: 696 http://www.w3.org/2001/04/xmldsig-more#xptr 698 This transform algorithm takes an [XPointer] as an explicit 699 parameter. An example of use is: 701 703 705 xpointer(id("foo")) xmlns(bar=http://foobar.example) 706 xpointer(//bar:Zab[@Id="foo"]) 707 708 710 Schema Definition: 712 714 DTD: 716 718 Input to this transform is an octet stream (which is then parsed into 719 XML). 721 Output from this transform is a node set; the results of the XPointer 722 are processed as defined in the XMLDSIG specification [RFC3275] for a 723 same-document XPointer. 725 2.6 EncryptionMethod Algorithms 727 This subsection gives identifiers and information for several 728 EncryptionMethod Algorithms. 730 2.6.1 ARCFOUR Encryption Algorithm 732 Identifier: 733 http://www.w3.org/2001/04/xmldsig-more#arcfour 735 ARCFOUR is a fast, simple stream encryption algorithm that is 736 compatible with RSA Security's RC4 algorithm [RC4]. An example 737 EncryptionMethod element using ARCFOUR is 739 741 40 742 744 Note that Arcfour makes use of the generic KeySize parameter 745 specified and defined in [XMLENC11]. 747 2.6.2 Camellia Block Encryption 749 Identifiers: 750 http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc 751 http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc 752 http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc 754 Camellia is a block cipher with the same interface as the AES 755 [Camellia] [RFC3713]; it has a 128-bit block size and 128-, 192-, and 756 256-bit key sizes. In XML Encryption Camellia is used in the same way 757 as the AES: It is used in the Cipher Block Chaining (CBC) mode with a 758 128-bit initialization vector (IV). The resulting cipher text is 759 prefixed by the IV. If included in XML output, it is then base64 760 encoded. An example Camellia EncryptionMethod is as follows: 762 767 2.6.3 Camellia Key Wrap 769 Identifiers: 770 http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 771 http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 772 http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 774 Camellia [Camellia] [RFC3713] key wrap is identical to the AES key 775 wrap algorithm [RFC3394] specified in the XML Encryption standard 776 with "AES" replaced by "Camellia". As with AES key wrap, the check 777 value is 0xA6A6A6A6A6A6A6A6. 779 The algorithm is the same whatever the size of the Camellia key used 780 in wrapping, called the "key encrypting key" or "KEK". If Camellia is 781 supported, it is particularly suggested that wrapping 128-bit keys 782 with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be 783 supported. 785 An example of use is: 787 792 2.6.4 PSEC-KEM 794 Identifier: 795 http://www.w3.org/2001/04/xmldsig-more#psec-kem 797 The PSEC-KEM algorithm, specified in [18033-2], is a key 798 encapsulation mechanism using elliptic curve encryption. 800 An example of use is: 802 804 805 version 806 id 807 curve 808 base 809 order 810 cofactor 811 812 814 See [18033-2] for information on the parameters above. 816 2.6.5 SEED Block Encryption 818 Identifier: 819 http://www.w3.org/2007/05/xmldsig-more#seed128-cbc 821 SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML 822 Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode 823 with a 128-bit initialization vector (IV). The resulting cipher text 824 is prefixed by the IV. If included in XML output, it is then base64 825 encoded. 827 An example SEED EncryptionMethod is as follows: 829 832 2.6.6 SEED Key Wrap 834 Identifier: 835 http://www.w3.org/2007/05/xmldsig-more#kw-seed128 837 Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] 838 with "AES" replaced by "SEED". The algorithm is specified in 839 [RFC4010]. The implementation of SEED is optional. The default 840 initial value is 0xA6A6A6A6A6A6A6A6. 842 An example of use is: 844 849 3. KeyInfo 851 In Section 3.1 below a new KeyInfo element child is specified, while 852 in Section 3.2 additional KeyInfo Type values for use in 853 RetrievalMethod are specified. 855 3.1 PKCS #7 Bag of Certificates and CRLs 857 A PKCS #7 [RFC2315] "signedData" can also be used as a bag of 858 certificates and/or certificate revocation lists (CRLs). The 859 PKCS7signedData element is defined to accommodate such structures 860 within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] 861 encoded. Any signer information present is ignored. The following 862 is a example [RFC3092], eliding the base64 data: 864 866 ... 867 869 3.2 Additional RetrievalMethod Type Values 871 The Type attribute of RetrievalMethod is an optional identifier for 872 the type of data to be retrieved. The result of dereferencing a 873 RetrievalMethod reference for all KeyInfo types with an XML structure 874 is an XML element or document with that element as the root. The 875 various "raw" key information types return a binary value. Thus, they 876 require a Type attribute because they are not unambiguously parsable. 878 Identifiers: 879 http://www.w3.org/2001/04/xmldsig-more#KeyName 880 http://www.w3.org/2001/04/xmldsig-more#KeyValue 881 http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData 882 http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket 883 http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData 884 http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp 885 http://www.w3.org/2001/04/xmldsig-more#rawX509CRL 886 http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod 888 4. Indexes 890 The following subsections provide an index by URI and by fragment 891 identifier (the portion of the URI after "#") of the algorithm and 892 KeyInfo URIs defined in this document and in the standards (plus the 893 one KeyInfo child element name defined in this document). The 894 "Sec/Doc" column has the section of this document or, if not 895 specified in this document, the standards document where the item is 896 specified. See also [XMLSECXREF]. 898 4.1 Fragment Index 900 The initial "http://www.w3.org/" part of the URI is not included 901 below. The first six entries have a null fragment identifier or no 902 fragment identifier. "{Bad}" indicates a Bad value that was 903 accidentally included in [RFC6931]. Implementations SHOULD only 904 generate the correct URI but SHOULD understand both the correct and 905 erroneous URI. See also Appendix B. 907 Fragment URI Sec/Doc 908 --------- ---- -------- 910 2002/06/xmldsig-filter2 [XPATH] 911 2006/12/xmlc12n11# {Bad} [CANON11] 912 2006/12/xmlc14n11# [CANON11] 913 TR/1999/REC-xslt-19991116 [XSLT] 914 TR/1999/REC-xpath-19991116 [XPATH] 915 TR/2001/06/xml-exc-c14n# [XCANON] 916 TR/2001/REC-xml-c14n-20010315 [CANON10] 917 TR/2001/REC-xmlschema-1-20010502 [Schema] 919 aes128-cbc 2001/04/xmlenc#aes128-cbc [XMLENC11] 920 aes128-gcm 2009/xmlenc11#aes128-gcm [XMLENC11] 921 aes192-cbc 2001/04/xmlenc#aes192-cbc [XMLENC11] 922 aes192-gcm 2009/xmlenc11#aes192-gcm [XMLENC11] 923 aes256-cbc 2001/04/xmlenc#aes256-cbc [XMLENC11] 924 aes256-gcm 2009/xmlenc11#aes256-gcm [XMLENC11] 925 arcfour 2001/04/xmldsig-more#arcfour 2.6.1 927 base64 2000/09/xmldsig#base64 [RFC3275] 929 camellia128-cbc 2001/04/xmldsig-more#camellia128-cbc 2.6.2 930 camellia192-cbc 2001/04/xmldsig-more#camellia192-cbc 2.6.2 931 camellia256-cbc 2001/04/xmldsig-more#camellia256-cbc 2.6.2 932 ConcatKDF 2009/xmlenc11#ConcatKDF [XMLENC11] 933 decrypt#XML 2002/07/decrypt#XML [DECRYPT] 934 decrypt#Binary 2002/07/decrypt#Binary [DECRYPT] 935 DEREncodedKeyValue 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] 936 dh 2001/04/xmlenc#dh [XMLENC11] 937 dh-es 2009/xmlenc11#dh-es [XMLENC11] 938 dsa-sha1 2000/09/xmldsig#dsa-sha1 [RFC3275] 939 dsa-sha256 2009/xmldsig11#dsa-sha256 [XMLDSIG11] 940 DSAKeyValue 2000/09/xmldsig#DSAKeyValue [XMLDSIG11] 942 ECDH-ES 2009/xmlenc11#ECDH-ES [XMLENC11] 943 ecdsa-ripemd160 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 944 ecdsa-sha1 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 945 ecdsa-sha224 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 946 ecdsa-sha256 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 947 ecdsa-sha384 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 948 ecdsa-sha512 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 949 ecdsa-whirlpool 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 950 ecies-kem 2010/xmlsec-ghc#ecies-kem [GENERIC] 951 ECKeyValue 2009/xmldsig11#ECKeyValue [XMLDSIG11] 952 enveloped-signature 2000/09/xmldsig#enveloped-signature [RFC3275] 953 esign-sha1 2001/04/xmldsig-more#esign-sha1 2.3.7 954 esign-sha224 2001/04/xmldsig-more#esign-sha224 2.3.7 955 esign-sha256 2001/04/xmldsig-more#esign-sha256 2.3.7 956 esign-sha384 2001/04/xmldsig-more#esign-sha384 2.3.7 957 esign-sha512 2001/04/xmldsig-more#esign-sha512 2.3.7 959 generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC] 961 hmac-md5 2001/04/xmldsig-more#hmac-md5 2.2.1 962 hmac-ripemd160 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 963 hmac-sha1 2000/09/xmldsig#hmac-sha1 [RFC3275] 964 hmac-sha224 2001/04/xmldsig-more#hmac-sha224 2.2.2 965 hmac-sha256 2001/04/xmldsig-more#hmac-sha256 2.2.2 966 hmac-sha384 2001/04/xmldsig-more#hmac-sha384 2.2.2 967 hmac-sha512 2001/04/xmldsig-more#hmac-sha512 2.2.2 969 KeyName 2001/04/xmldsig-more#KeyName 3.2 970 KeyValue 2001/04/xmldsig-more#KeyValue 3.2 971 kw-aes128 2001/04/xmlenc#kw-aes128 [XMLENC11] 972 kw-aes128-pad 2009/xmlenc11#kw-aes-128-pad [XMLENC11] 973 kw-aes192 2001/04/xmlenc#kw-aes192 [XMLENC11] 974 kw-aes192-pad 2009/xmlenc11#kw-aes-192-pad [XMLENC11] 975 kw-aes256 2001/04/xmlenc#kw-aes256 [XMLENC11] 976 kw-aes256-pad 2009/xmlenc11#kw-aes-256-pad [XMLENC11] 977 kw-camellia128 2001/04/xmldsig-more#kw-camellia128 2.6.3 978 kw-camellia192 2001/04/xmldsig-more#kw-camellia192 2.6.3 979 kw-camellia256 2001/04/xmldsig-more#kw-camellia256 2.6.3 980 kw-seed128 2007/05/xmldsig-more#kw-seed128 2.6.6 981 md2-rsa-MGF1 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 982 md5 2001/04/xmldsig-more#md5 2.1.1 983 md5-rsa-MGF1 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 984 MGF1 2007/05/xmldsig-more#MGF1 2.3.9 985 mgf1sha1 2009/xmlenc11#mgf1sha1 [XMLENC11] 986 mgf1sha224 2009/xmlenc11#mgf1sha224 [XMLENC11] 987 mgf1sha256 2009/xmlenc11#mgf1sha256 [XMLENC11] 988 mgf1sha384 2009/xmlenc11#mgf1sha384 [XMLENC11] 989 mgf1sha512 2009/xmlenc11#mgf1sha512 [XMLENC11] 990 MgmtData 2000/09/xmldsig#MgmtData [XMLDSIG11] 991 minimal 2000/09/xmldsig#minimal 2.4 993 pbkdf2 2009/xmlenc11#pbkdf2 [XMLENC11] 994 PGPData 2000/09/xmldsig#PGPData [XMLDSIG11] 995 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.1 996 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.2 997 psec-kem 2001/04/xmldsig-more#psec-kem 2.6.4 999 rawPGPKeyPacket 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 1000 rawPKCS7signedData 2001/04/xmldsig-more#rawPKCS7signedData 3.2 1001 rawSPKISexp 2001/04/xmldsig-more#rawSPKISexp 3.2 1002 rawX509Certificate 2000/09/xmldsig#rawX509Certificate [RFC3275] 1003 rawX509CRL 2001/04/xmldsig-more#rawX509CRL 3.2 1004 RetrievalMethod 2001/04/xmldsig-more#RetrievalMethod 3.2 1005 ripemd128-rsa-MGF1 2007/05/xmldsig-more#ripemd128-rsa-MGF1 1006 2.3.10 1007 ripemd160 2001/04/xmlenc#ripemd160 [XMLENC11] 1008 ripemd160-rsa-MGF1 2007/05/xmldsig-more#ripemd160-rsa-MGF1 1009 2.3.10 1010 rsa-1_5 2001/04/xmlenc#rsa-1_5 [XMLENC11] 1011 rsa-md5 2001/04/xmldsig-more#rsa-md5 2.3.1 1012 rsa-oaep 2009/xmlenc11#rsa-oaep [XMLENC11] 1013 rsa-oaep-mgf1p 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] 1014 rsa-pss 2007/05/xmldsig-more#rsa-pss 2.3.9 1015 rsa-ripemd160 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 1016 rsa-sha1 2000/09/xmldsig#rsa-sha1 [RFC3275] 1017 rsa-sha224 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 1018 rsa-sha224 2001/04/xmldsig-more#rsa-sha224 2.3.11 1019 rsa-sha256 2001/04/xmldsig-more#rsa-sha256 2.3.2 1020 rsa-sha384 2001/04/xmldsig-more#rsa-sha384 2.3.3 1021 rsa-sha512 2001/04/xmldsig-more#rsa-sha512 2.3.4 1022 rsa-whirlpool 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 1023 rsaes-kem 2010/xmlsec-ghc#rsaes-kem [GENERIC] 1024 RSAKeyValue 2000/09/xmldsig#RSAKeyValue [XMLDSIG11] 1026 seed128-cbc 2007/05/xmldsig-more#seed128-cbc 2.6.5 1027 sha1 2000/09/xmldsig#sha1 [RFC3275] 1028 sha1-rsa-MGF1 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 1029 sha224 2001/04/xmldsig-more#sha224 2.1.2 1030 sha224-rsa-MGF1 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 1031 sha256 2001/04/xmlenc#sha256 [XMLENC11] 1032 sha256-rsa-MGF1 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 1033 sha3-224 2007/05/xmldsig-more#sha3-224 2.1.5 1034 sha3-224-rsa-MGF1 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 1035 sha3-256 2007/05/xmldsig-more#sha3-256 2.1.5 1036 sha3-256-rsa-MGF1 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 1037 sha3-384 2007/05/xmldsig-more#sha3-384 2.1.5 1038 sha3-384-rsa-MGF1 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 1039 sha3-512 2007/05/xmldsig-more#sha3-512 2.1.5 1040 sha3-512-rsa-MGF1 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 1041 sha384 2001/04/xmldsig-more#sha384 2.1.3 1042 sha384-rsa-MGF1 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 1043 sha512 2001/04/xmlenc#sha512 [XMLENC11] 1044 sha512-rsa-MGF1 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 1045 SPKIData 2000/09/xmldsig#SPKIData [XMLDSIG11] 1047 tripledes-cbc 2001/04/xmlenc#tripledes-cbc [XMLENC11] 1049 whirlpool 2007/05/xmldsig-more#whirlpool 2.1.4 1050 whirlpool-rsa-MGF1 2007/05/xmldsig-more#whirlpool-rsa-MGF1 1051 2.3.10 1052 WithComments 2006/12/xmlc14n11#WithComments [CANON11] 1053 WithComments TR/2001/06/xml-exc-c14n#WithComments 1054 [XCANON] 1055 WithComments TR/2001/REC-xml-c14n-20010315#WithComments 1056 [CANON10] 1058 X509Data 2000/09/xmldsig#X509Data [XMLDSIG11] 1059 xptr 2001/04/xmldsig-more#xptr 2.5.1 1061 The initial "http://www.w3.org/" part of the URI is not included 1062 above. 1064 4.2 URI Index 1066 The initial "http://www.w3.org/" part of the URI is not included 1067 below. "{Bad}" indicates a Bad value that was accidentally included 1068 in [RFC6931]. Implementations SHOULD only generate the correct URI 1069 but SHOULD understand both the correct and erroneous URI. See also 1070 Appendix B. 1072 URI Sec/Doc Type 1073 ---- -------- ----- 1075 2000/09/xmldsig#base64 [RFC3275] Transform 1076 2000/09/xmldsig#DSAKeyValue [RFC3275] Retrieval type 1077 2000/09/xmldsig#dsa-sha1 [RFC3275] SignatureMethod 1078 2000/09/xmldsig#enveloped-signature [RFC3275] Transform 1079 2000/09/xmldsig#hmac-sha1 [RFC3275] SignatureMethod 1080 2000/09/xmldsig#MgmtData [RFC3275] Retrieval type 1081 2000/09/xmldsig#minimal 2.4 Canonicalization 1082 2000/09/xmldsig#PGPData [RFC3275] Retrieval type 1083 2000/09/xmldsig#rawX509Certificate [RFC3275] Retrieval type 1084 2000/09/xmldsig#rsa-sha1 [RFC3275] SignatureMethod 1085 2000/09/xmldsig#RSAKeyValue [RFC3275] Retrieval type 1086 2000/09/xmldsig#sha1 [RFC3275] DigestAlgorithm 1087 2000/09/xmldsig#SPKIData [RFC3275] Retrieval type 1088 2000/09/xmldsig#X509Data [RFC3275] Retrieval type 1090 2001/04/xmldsig-more#arcfour 2.6.1 EncryptionMethod 1091 2001/04/xmldsig-more#camellia128-cbc 2.6.2 EncryptionMethod 1092 2001/04/xmldsig-more#camellia192-cbc 2.6.2 EncryptionMethod 1093 2001/04/xmldsig-more#camellia256-cbc 2.6.2 EncryptionMethod 1094 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 SignatureMethod 1095 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 SignatureMethod 1096 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 SignatureMethod 1097 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 SignatureMethod 1098 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 SignatureMethod 1099 2001/04/xmldsig-more#esign-sha1 2.3.7 SignatureMethod 1100 2001/04/xmldsig-more#esign-sha224 2.3.7 SignatureMethod 1101 2001/04/xmldsig-more#esign-sha256 2.3.7 SignatureMethod 1102 2001/04/xmldsig-more#esign-sha384 2.3.7 SignatureMethod 1103 2001/04/xmldsig-more#esign-sha512 2.3.7 SignatureMethod 1104 2001/04/xmldsig-more#hmac-md5 2.2.1 SignatureMethod 1105 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 SignatureMethod 1106 2001/04/xmldsig-more#hmac-sha224 2.2.2 SignatureMethod 1107 2001/04/xmldsig-more#hmac-sha256 2.2.2 SignatureMethod 1108 2001/04/xmldsig-more#hmac-sha384 2.2.2 SignatureMethod 1109 2001/04/xmldsig-more#hmac-sha512 2.2.2 SignatureMethod 1110 2001/04/xmldsig-more#KeyName 3.2 Retrieval type 1111 2001/04/xmldsig-more#KeyValue 3.2 Retrieval type 1112 2001/04/xmldsig-more#kw-camellia128 2.6.3 EncryptionMethod 1113 2001/04/xmldsig-more#kw-camellia192 2.6.3 EncryptionMethod 1114 2001/04/xmldsig-more#kw-camellia256 2.6.3 EncryptionMethod 1115 2001/04/xmldsig-more#md5 2.1.1 DigestAlgorithm 1116 2001/04/xmldsig-more#PKCS7signedData 3.2 Retrieval type 1117 2001/04/xmldsig-more#psec-kem 2.6.4 EncryptionMethod 1118 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 Retrieval type 1119 2001/04/xmldsig-more#rawPKCS7signedData 3.2 Retrieval type 1120 2001/04/xmldsig-more#rawSPKISexp 3.2 Retrieval type 1121 2001/04/xmldsig-more#rawX509CRL 3.2 Retrieval type 1122 2001/04/xmldsig-more#RetrievalMethod 3.2 Retrieval type 1123 2001/04/xmldsig-more#rsa-md5 2.3.1 SignatureMethod 1124 2001/04/xmldsig-more#rsa-sha224 2.3.11 SignatureMethod 1125 2001/04/xmldsig-more#rsa-sha256 2.3.2 SignatureMethod 1126 2001/04/xmldsig-more#rsa-sha384 2.3.3 SignatureMethod 1127 2001/04/xmldsig-more#rsa-sha512 2.3.4 SignatureMethod 1128 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 SignatureMethod 1129 2001/04/xmldsig-more#sha224 2.1.2 DigestAlgorithm 1130 2001/04/xmldsig-more#sha384 2.1.3 DigestAlgorithm 1131 2001/04/xmldsig-more#xptr 2.5.1 Transform 1132 2001/04/xmldsig-more#PKCS7signedData 3.1 KeyInfo child 1134 2001/04/xmlenc#aes128-cbc [XMLENC11] EncryptionMethod 1135 2001/04/xmlenc#aes192-cbc [XMLENC11] EncryptionMethod 1136 2001/04/xmlenc#aes256-cbc [XMLENC11] EncryptionMethod 1137 2001/04/xmlenc#dh [XMLENC11] AgreementMethod 1138 2001/04/xmlenc#kw-aes128 [XMLENC11] EncryptionMethod 1139 2001/04/xmlenc#kw-aes192 [XMLENC11] EncryptionMethod 1140 2001/04/xmlenc#kw-aes256 [XMLENC11] EncryptionMethod 1141 2001/04/xmlenc#ripemd160 [XMLENC11] DigestAlgorithm 1142 2001/04/xmlenc#rsa-1_5 [XMLENC11] EncryptionMethod 1143 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] EncryptionMethod 1144 2001/04/xmlenc#sha256 [XMLENC11] DigestAlgorithm 1145 2001/04/xmlenc#sha512 [XMLENC11] DigestAlgorithm 1146 2001/04/xmlenc#tripledes-cbc [XMLENC11] EncryptionMethod 1148 2002/06/xmldsig-filter2 [XPATH] Transform 1150 2002/07/decrypt#XML [DECRYPT] Transform 1151 2002/07/decrypt#Binary [DECRYPT] Transform 1153 2006/12/xmlc12n11# {Bad} [CANON11] Canonicalization 1154 2006/12/xmlc14n11# [CANON11] Canonicalization 1155 2006/12/xmlc14n11#WithComments [CANON11] Canonicalization 1157 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 SignatureMethod 1158 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 SignatureMethod 1159 2007/05/xmldsig-more#kw-seed128 2.6.6 EncryptionMethod 1160 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 SignatureMethod 1161 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 SignatureMethod 1162 2007/05/xmldsig-more#MGF1 2.3.9 SignatureMethod 1163 2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod 1164 2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod 1165 2007/05/xmldsig-more#rsa-pss 2.3.9 SignatureMethod 1166 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 SignatureMethod 1167 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 SignatureMethod 1168 2007/05/xmldsig-more#seed128-cbc 2.6.5 EncryptionMethod 1169 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 SignatureMethod 1170 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 SignatureMethod 1171 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 SignatureMethod 1172 2007/05/xmldsig-more#sha3-224 2.1.5 DigestAlgorithm 1173 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 SignatureMethod 1174 2007/05/xmldsig-more#sha3-256 2.1.5 DigestAlgorithm 1175 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 SignatureMethod 1176 2007/05/xmldsig-more#sha3-384 2.1.5 DigestAlgorithm 1177 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 SignatureMethod 1178 2007/05/xmldsig-more#sha3-512 2.1.5 DigestAlgorithm 1179 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 SignatureMethod 1180 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 SignatureMethod 1181 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 SignatureMethod 1182 2007/05/xmldsig-more#whirlpool 2.1.4 DigestAlgorithm 1183 2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod 1184 2009/xmlenc11#kw-aes-128-pad [XMLENC11] EncryptionMethod 1185 2009/xmlenc11#kw-aes-192-pad [XMLENC11] EncryptionMethod 1186 2009/xmlenc11#kw-aes-256-pad [XMLENC11] EncryptionMethod 1188 2009/xmldsig11#dsa-sha256 [XMLDSIG11] SignatureMethod 1189 2009/xmldsig11#ECKeyValue [XMLDSIG11] Retrieval type 1190 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] Retrieval type 1192 2009/xmlenc11#aes128-gcm [XMLENC11] EncryptionMethod 1193 2009/xmlenc11#aes192-gcm [XMLENC11] EncryptionMethod 1194 2009/xmlenc11#aes256-gcm [XMLENC11] EncryptionMethod 1195 2009/xmlenc11#ConcatKDF [XMLENC11] EncryptionMethod 1196 2009/xmlenc11#mgf1sha1 [XMLENC11] SignatureMethod 1197 2009/xmlenc11#mgf1sha224 [XMLENC11] SignatureMethod 1198 2009/xmlenc11#mgf1sha256 [XMLENC11] SignatureMethod 1199 2009/xmlenc11#mgf1sha384 [XMLENC11] SignatureMethod 1200 2009/xmlenc11#mgf1sha512 [XMLENC11] SignatureMethod 1201 2009/xmlenc11#pbkdf2 [XMLENC11] EncryptionMethod 1202 2009/xmlenc11#rsa-oaep [XMLENC11] EncryptionMethod 1203 2009/xmlenc11#ECDH-ES [XMLENC11] EncryptionMethod 1204 2009/xmlenc11#dh-es [XMLENC11] EncryptionMethod 1206 2010/xmlsec-ghc#generic-hybrid [GENERIC] Generic Hybrid 1207 2010/xmlsec-ghc#rsaes-kem [GENERIC] Generic Hybrid 1208 2010/xmlsec-ghc#ecies-kem [GENERIC] Generic Hybrid 1210 TR/1999/REC-xpath-19991116 [XPATH] Transform 1211 TR/1999/REC-xslt-19991116 [XSLT] Transform 1212 TR/2001/06/xml-exc-c14n# [XCANON] Canonicalization 1213 TR/2001/06/xml-exc-c14n#WithComments 1214 [XCANON] Canonicalization 1215 TR/2001/REC-xml-c14n-20010315 [CANON10] Canonicalization 1216 TR/2001/REC-xml-c14n-20010315#WithComments 1217 [CANON10] Canonicalization 1218 TR/2001/REC-xmlschema-1-20010502 [Schema] Transform 1220 The initial "http://www.w3.org/" part of the URI is not included 1221 above. "{Bad}" indicates a Bad value that was accidentally included 1222 in [RFC6931]. Implementations SHOULD only generate the correct URI 1223 but SHOULD understand both the correct and erroneous URI. See also 1224 Appendix B. 1226 5. Allocation Considerations 1228 W3C and IANA allocation considerations are given below. 1230 5.1 W3C Allocation Considerations 1232 As it is easy for people to construct their own unique URIs [RFC3986] 1233 and, if appropriate, to obtain a URI from the W3C, it is not intended 1234 that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be 1235 created beyond those enumerated in this RFC. (W3C Namespace 1236 stability rules prohibit the creation of new URIs under 1237 "http://www.w3.org/2000/09/xmldsig#" and URIs under 1238 "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the 1239 publication of [RFC4051].) 1241 An "xmldsig-more" URI does not imply any official W3C or IETF status 1242 for these algorithms or identifiers nor does it imply that they are 1243 only useful in digital signatures. Currently, dereferencing such 1244 URIs may or may not produce a temporary placeholder document. 1245 Permission to use these URI prefixes has been given by the W3C. 1247 5.2 IANA Considerations 1249 IANA has established a registry entitled "XML Security URIs". The 1250 initial contents correspond to Section 4.2 of this document with each 1251 section number in the "Sec/Doc" column augmented with a reference to 1252 this RFC (for example, "2.6.4" means "[RFC6931], Section 2.6.4"). 1254 New entries, including new Types, will be added based on Expert 1255 Review [RFC5226]. Criterion for inclusion are (1) documentation 1256 sufficient for interoperability of the algorithm or data type and the 1257 XML syntax for its representation and use and (2) sufficient 1258 importance as normally indicated by inclusion in (2a) an approved W3C 1259 Note, Proposed Recommendation, or Recommendation or (2b) an approved 1260 IETF Standards Track document. Typically, the registry will 1261 reference a W3C or IETF document specifying such XML syntax; that 1262 document will either contain a more abstract description of the 1263 algorithm or data type or reference another document with a more 1264 abstract description. 1266 6. Security Considerations 1268 This RFC is concerned with documenting the URIs that designate 1269 algorithms and some data types used in connection with XML security. 1270 The security considerations vary widely with the particular 1271 algorithms, and the general security considerations for XML security 1272 are outside of the scope of this document but appear in [XMLDSIG11], 1273 [XMLENC11], [CANON10], [CANON11], and [GENERIC]. 1275 [RFC6151] should be consulted before considering the use of MD5 as a 1276 DigestMethod or RSA-MD5 as a SignatureMethod. 1278 See [RFC6194] for SHA-1 security considerations and [RFC6151] for MD5 1279 security considerations. 1281 Additional security considerations are given in connection with the 1282 description of some algorithms in the body of this document. 1284 Implementers should be aware that cryptographic algorithms become 1285 weaker with time. As new cryptoanalysis techniques are developed and 1286 computing performance improves, the work factor to break a particular 1287 cryptographic algorithm will reduce. Therefore, cryptographic 1288 implementations should be modular, allowing new algorithms to be 1289 readily inserted. That is, implementers should be prepared for the 1290 set of mandatory-to-implement algorithms to change over time. 1292 Acknowledgements 1294 The contributions of the following, listed in alphabetic order, by 1295 reporting errata against RFC 6931 or contributing to this document, 1296 are gratefully acknowleged: 1298 Frederick Hirsch, Axel Puhlmann, Annie Yousar 1300 The contributions of the following, listed in alphabetic order, to 1301 [RFC6931], on which this document is based, are gratefully 1302 acknowledged: 1304 Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, 1305 Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, 1306 Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter 1307 Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter 1308 Saint-Andre, and Sean Turner. 1310 The following contributors to [RFC4051] are gratefully acknowledged: 1312 Glenn Adams, Merlin Hughs, Gregor Karlinger, Brian LaMachia, Shiho 1313 Moriai, Joseph Reagle, Russ Housley, and Joel Halpern. 1315 The document was prepared in raw nroff. All macros used were defined 1316 within the source file. 1318 Appendix A: Changes from RFC 6931 1320 The following changes have been made in RFC 6931 to produce this 1321 document. 1323 1. Delete Appendix on Changes from RFC 4051, since they were already 1324 included in RFC 6931, and remove refeence to RFC 4051 and to the 1325 on Errata against RFC 4051. 1327 2. Fix three errata as follows: [Err3597], [Err3965], and [Err4004]. 1328 In cases where [RFC6931] had an erroneous URI, it is still 1329 included in the indicies and it is stated that implementations 1330 SHOULD only generate the correct URI but SHOULD understand both 1331 the correct and erroneous URI. 1333 3. Minor editorial changes. 1335 Appendix B: Bad URIs 1337 [RFC6931] included two bad URIs as shown below. "{Bad}" in the 1338 indexes (Section 4.1 and 4.1) indicates such a Bad value. 1339 Implementations SHOULD only generate the correct URI but SHOULD 1340 understand both the correct and erroneous URI. 1342 2006/12/xmlc12n11# 1343 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1344 it should be "2006/12/xmlc14n11#" (i.e., "12" should have been 1345 "14"). This is [Err3965] and is corrected in this document. 1347 2007/05/xmldsig-more#rsa-sha224 1348 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1349 it should be "2001/04/xmldsig-more#rsa-sha22". This is [Err4004] 1350 and is corrected in this document. 1352 Appendix Z: Change History 1354 RFC Editor Note: Plese delete this Appendix before publication. 1356 -00 to -01 to -02 1358 Bump up version and date to keep draft alive as a place where new 1359 URIs can be accumulated. 1361 Normative References 1363 [10118-3] - ISO, "Information technology -- Security techniques -- 1364 Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC 1365 10118-3:2004, 2004. 1367 [18033-2] - ISO, "Information technology -- Security techniques -- 1368 Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 1369 18033-2:2010, 2010. 1371 [Camellia] - Aoki, K., Ichikawa, T., Matsui, M., Moriai, S., 1372 Nakajima, J., and T. Tokita, "Camellia: A 128-bit Block Cipher 1373 Suitable for Multiple Platforms - Design and Analysis", in 1374 Selected Areas in Cryptography, 7th Annual International 1375 Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in 1376 Computer Science 2012, pp. 39-56, Springer-Verlag, 2001. 1378 [FIPS180-4] - US National Institute of Science and Technology, 1379 "Secure Hash Standard (SHS)", FIPS 180-4, March 2012, 1380 . 1383 [FIPS186-3] - US National Institute of Science and Technology, 1384 "Digital Signature Standard (DSS)", FIPS 186-3, June 2009, 1385 . 1388 [IEEEP1363a] - IEEE, "Standard Specifications for Public Key 1389 Cryptography- Amendment 1: Additional Techniques", IEEE 1390 1363a-2004, 2004. 1392 [RC4] - Schneier, B., "Applied Cryptography: Protocols, Algorithms, 1393 and Source Code in C", Second Edition, John Wiley and Sons, New 1394 York, NY, 1996. 1396 [RFC1321] - Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1397 April 1992. 1399 [RFC2045] - Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1400 Extensions (MIME) Part One: Format of Internet Message Bodies", 1401 RFC 2045, November 1996. 1403 [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1404 Hashing for Message Authentication", RFC 2104, February 1997. 1406 [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate 1407 Requirement Levels", BCP 14, RFC 2119, March 1997. 1409 [RFC2315] - Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1410 Version 1.5", RFC 2315, March 1998. 1412 [RFC3275] - Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1413 Markup Language) XML-Signature Syntax and Processing", RFC 1414 3275, March 2002. 1416 [RFC3394] - Schaad, J. and R. Housley, "Advanced Encryption Standard 1417 (AES) Key Wrap Algorithm", RFC 3394, September 2002. 1419 [RFC3447] - Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1420 Standards (PKCS) #1: RSA Cryptography Specifications Version 1421 2.1", RFC 3447, February 2003. 1423 [RFC3713] - Matsui, M., Nakajima, J., and S. Moriai, "A Description 1424 of the Camellia Encryption Algorithm", RFC 3713, April 2004. 1426 [RFC3986] - Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1427 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, 1428 January 2005. 1430 [RFC4050] - Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. 1431 Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for 1432 XML Digital Signatures", RFC 4050, April 2005. 1434 [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional 1435 Algorithms and Identifiers for RSA Cryptography for use in the 1436 Internet X.509 Public Key Infrastructure Certificate and 1437 Certificate Revocation List (CRL) Profile", RFC 4055, June 1438 2005. 1440 [RFC4269] - Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The 1441 SEED Encryption Algorithm", RFC 4269, December 2005. 1443 [RFC5226] - Narten, T. and H. Alvestrand, "Guidelines for Writing an 1444 IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 1445 2008. 1447 [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash 1448 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 1449 2011. 1451 [X9.62] - American National Standards Institute, Accredited Standards 1452 Committee X9, "Public Key Cryptography for the Financial 1453 Services Industry: The Elliptic Curve Digital Signature 1454 Algorithm (ECDSA)", ANSI X9.62:2005, 2005. 1456 [XMLENC10] - Reagle, J. and D. Eastlake, "XML Encryption Syntax and 1457 Processing", W3C Recommendation, 10 December 2002, 1458 . 1460 [XMLENC11] - Eastlake, D., Reagle, J., Hirsch, F., and T. Roessler, 1461 "XML Encryption Syntax and Processing Version 1.1", W3C 1462 Proposed Recommendation, 24 January 2013, 1463 . 1465 [XPointer] - Grosso, P., Maler, E., Marsh, J., and N. Walsh, 1466 "XPointer Framework", W3C Recommendation, 25 March 2003, 1467 . 1469 Informational References 1471 [CANON10] - Boyer, J., "Canonical XML Version 1.0", W3C 1472 Recommendation, 15 March 2001, . 1475 [CANON11] - Boyer, J., and G. Marcy, "Canonical XML Version 1.1", W3C 1476 Recommendation, 2 May 2008, . 1479 [DECRYPT] - Hughes, M., Imamura, T., and H. Maruyama, "Decryption 1480 Transform for XML Signature", W3C Recommendation, 10 December 1481 2002, . 1483 [Err3597] - RFC Errata, Errata ID 3597, RFC 6931, . 1486 [Err3965] - RFC Errata, Errata ID 3965, RFC 6931, . 1489 [Err4004] - RFC Errata, Errata ID 4004, RFC 6931, . 1492 [GENERIC] - Nystrom, M. and F. Hirsch, "XML Security Generic Hybrid 1493 Ciphers", W3C Working Group Note, 24 January 2013, 1494 . 1497 [Keccak] - Bertoni, G., Daeman, J., Peeters, M., and G. Van Assche, 1498 "The KECCAK sponge function family", January 2013, 1499 . 1501 [RFC3075] - Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature 1502 Syntax and Processing", RFC 3075, March 2001. 1504 [RFC3076] - Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 1505 2001. 1507 [RFC3092] - Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology 1508 of "Foo"", RFC 3092, April 1 2001. 1510 [RFC3741] - Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive 1511 XML Canonicalization, Version 1.0", RFC 3741, March 2004. 1513 [RFC4010] - Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 1514 Encryption Algorithm in Cryptographic Message Syntax (CMS)", 1515 RFC 4010, February 2005. 1517 [RFC4051] - Eastlake 3rd, D., "Additional XML Security Uniform 1518 Resource Identifiers (URIs)", RFC 4051, April 2005. 1520 [RFC6090] 1521 - D. McGrew, K. Igoe, M. Salter, "Fundamental Elliptic Curve 1522 Cryptography Algorithms", RFC 6090, February 2011. 1523 - Note RFC Errata numbers 2773, 2774, 2775, 2776, and 2777. 1525 [RFC6151] - Turner, S. and L. Chen, "Updated Security Considerations 1526 for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 1527 6151, March 2011. 1529 [RFC6194] - Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security 1530 Considerations for the SHA-0 and SHA-1 Message-Digest 1531 Algorithms", RFC 6194, March 2011. 1533 [RFC6931] - Eastlake 3rd, D., "Additional XML Security Uniform 1534 Resource Identifiers (URIs)", RFC 6931, April 2013, 1535 . 1537 [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, 1538 "XML Schema Part 1: Structures Second Edition", W3C 1539 Recommendation, 28 October 2004, 1540 . 1541 - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes 1542 Second Edition", W3C Recommendation, 28 October 2004, 1543 . 1545 [SHA-3] - US National Institute of Science and Technology, "SHA-3 1546 WINNER", February 2013, . 1549 [W3C] - World Wide Web Consortium, . 1551 [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML 1552 Canonicalization Version 1.0", W3C Recommendation, 18 July 1553 2002, . 1555 [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. 1556 Roessler, "XML Signature Syntax and Processing (Second 1557 Edition)", W3C Recommendation, 10 June 2008, 1558 ./ 1560 [XMLDSIG11] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., 1561 Nystrom, M., Roessler, T., and K. Yiu, "XML Signature Syntax 1562 and Processing Version 1.1", W3C Proposed Recommendation, 11 1563 April 2013, . 1565 [XMLDSIG-PROP] - Hirsch, F., "XML Signature Properties", W3C Proposed 1566 Recommendation, 24 January 2013, . 1569 [XMLSECXREF] - Hirsch, F., Roessler, T., and K. Yiu, "XML Security 1570 Algorithm Cross-Reference", W3C Working Group Note, 24 January 1571 2013, . 1574 [XPATH] - Boyer, J., Hughes, M., and J. Reagle, "XML-Signature XPath 1575 Filter 2.0", W3C Recommendation, 8 November 2002, 1576 . 1577 - Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, 1578 M., Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0 1579 (Second Edition)", W3C Recommendation, 14 December 2010, 1580 . 1582 [XSLT] - Saxonica, M., "XSL Transformations (XSLT) Version 2.0", W3C 1583 Recommendation, 23 January 2007, 1584 . 1586 Author's Address 1588 Donald E. Eastlake, 3rd 1589 Huawei Technologies 1590 155 Beaver Street 1591 Milford, MA 01757 USA 1593 Phone: +1-508-333-2270 1594 EMail: d3e3e3@gmail.com 1596 Copyright, Disclaimer, and Additional IPR Provisions 1598 Copyright (c) 2015 IETF Trust and the persons identified as the 1599 document authors. All rights reserved. 1601 This document is subject to BCP 78 and the IETF Trust's Legal 1602 Provisions Relating to IETF Documents 1603 (http://trustee.ietf.org/license-info) in effect on the date of 1604 publication of this document. Please review these documents 1605 carefully, as they describe your rights and restrictions with respect 1606 to this document. Code Components extracted from this document must 1607 include Simplified BSD License text as described in Section 4.e of 1608 the Trust Legal Provisions and are provided without warranty as 1609 described in the Simplified BSD License. The definitive version of 1610 an IETF Document is that published by, or under the auspices of, the 1611 IETF. Versions of IETF Documents that are published by third parties, 1612 including those that are translated into other languages, should not 1613 be considered to be definitive versions of IETF Documents. The 1614 definitive version of these Legal Provisions is that published by, or 1615 under the auspices of, the IETF. Versions of these Legal Provisions 1616 that are published by third parties, including those that are 1617 translated into other languages, should not be considered to be 1618 definitive versions of these Legal Provisions. For the avoidance of 1619 doubt, each Contributor to the IETF Standards Process licenses each 1620 Contribution that he or she makes as part of the IETF Standards 1621 Process to the IETF Trust pursuant to the provisions of RFC 5378. No 1622 language to the contrary, or terms, conditions or rights that differ 1623 from or are inconsistent with the rights and licenses granted under 1624 RFC 5378, shall have any effect and shall be null and void, whether 1625 published or posted by such Contributor, or included with or in such 1626 Contribution.