idnits 2.17.1 draft-eastlake-rfc6931bis-xmlsec-uris-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 26, 2019) is 1851 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1600' on line 306 -- Possible downref: Non-RFC (?) normative reference: ref. '10118-3' -- Possible downref: Non-RFC (?) normative reference: ref. '18033-2' -- Possible downref: Non-RFC (?) normative reference: ref. 'Camellia' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-3' -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEEP1363a' -- Possible downref: Non-RFC (?) normative reference: ref. 'RC4' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 2315 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Obsolete normative reference: RFC 3447 (Obsoleted by RFC 8017) ** Downref: Normative reference to an Informational RFC: RFC 3713 ** Downref: Normative reference to an Informational RFC: RFC 4050 ** Downref: Normative reference to an Informational RFC: RFC 4269 ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) ** Downref: Normative reference to an Informational RFC: RFC 6234 -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC10' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC11' -- Possible downref: Non-RFC (?) normative reference: ref. 'XPointer' -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3597') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err3965', was also mentioned in 'Err3597'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3965') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err4004', was also mentioned in 'Err3965'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err4004') (Obsoleted by RFC 9231) -- Obsolete informational reference (is this intentional?): RFC 3075 (Obsoleted by RFC 3275) -- Obsolete informational reference (is this intentional?): RFC 4051 (Obsoleted by RFC 6931) -- Duplicate reference: RFC6931, mentioned in 'RFC6931', was also mentioned in 'Err4004'. -- Obsolete informational reference (is this intentional?): RFC 6931 (Obsoleted by RFC 9231) Summary: 10 errors (**), 0 flaws (~~), 1 warning (==), 21 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Donald Eastlake 2 Obsoletes: 6931 Huawei 3 Intended Status: Proposed Standard 4 Expires: October 25, 2019 March 26, 2019 6 Additional XML Security Uniform Resource Identifiers (URIs) 7 9 Abstract 11 This document updates and corrects the IANA registry for the list of 12 URIs intended for use with XML digital signatures, encryption, 13 canonicalization, and key management. These URIs identify algorithms 14 and types of information. This document corrrects three errata 15 against and obsoletes RFC 6931. 17 The intent is to keep this draft alive while it accumulates updates 18 until it seems reasonable to publish the next version. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Distribution of this document is unlimited. Comments should be sent 26 to the author. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft 40 Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 Table of Contents 45 1. Introduction............................................4 46 1.1 Terminology...........................................5 47 1.2 Acronyms..............................................5 49 2. Algorithms..............................................7 50 2.1 DigestMethod (Hash) Algorithms........................7 51 2.1.1 MD5.................................................7 52 2.1.2 SHA-224.............................................8 53 2.1.3 SHA-384.............................................8 54 2.1.4 Whirlpool...........................................8 55 2.1.5 New SHA Functions...................................9 56 2.2 SignatureMethod MAC Algorithms........................9 57 2.2.1 HMAC-MD5............................................9 58 2.2.2 HMAC SHA Variations................................10 59 2.2.3 HMAC-RIPEMD160.....................................10 60 2.3 SignatureMethod Public Key Signature Algorithms......11 61 2.3.1 RSA-MD5............................................11 62 2.3.2 RSA-SHA256.........................................12 63 2.3.3 RSA-SHA384.........................................12 64 2.3.4 RSA-SHA512.........................................12 65 2.3.5 RSA-RIPEMD160......................................12 66 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......13 67 2.3.7 ESIGN-SHA*.........................................14 68 2.3.8 RSA-Whirlpool......................................14 69 2.3.9 RSASSA-PSS with Parameters.........................14 70 2.3.10 RSASSA-PSS without Parameters.....................16 71 2.3.11 RSA-SHA224........................................16 72 2.4 Minimal Canonicalization.............................17 73 2.5 Transform Algorithms.................................17 74 2.5.1 XPointer...........................................17 75 2.6 EncryptionMethod Algorithms..........................18 76 2.6.1 ARCFOUR Encryption Algorithm.......................18 77 2.6.2 Camellia Block Encryption..........................19 78 2.6.3 Camellia Key Wrap..................................19 79 2.6.4 PSEC-KEM...........................................20 80 2.6.5 SEED Block Encryption..............................20 81 2.6.6 SEED Key Wrap......................................20 83 3. KeyInfo................................................22 84 3.1 PKCS #7 Bag of Certificates and CRLs.................22 85 3.2 Additional RetrievalMethod Type Values...............22 87 4. Indexes................................................23 88 4.1 Fragment Index.......................................23 89 4.2 URI Index............................................26 91 5. Allocation Considerations..............................31 92 5.1 W3C Allocation Considerations........................31 93 5.2 IANA Considerations..................................31 95 Table of Contents (continued) 97 6. Security Considerations................................32 99 Acknowledgements..........................................33 101 Appendix A: Changes from RFC 6931.........................34 102 Appendix B: Bad URIs......................................35 103 Appendix Z: Change History................................36 105 Normative References......................................37 106 Informational References..................................40 108 Author's Address..........................................43 110 1. Introduction 112 XML digital signatures, canonicalization, and encryption have been 113 standardized by the W3C and by the joint IETF/W3C XMLDSIG working 114 group [W3C]. All of these are now W3C Recommendations and some are 115 also RFCs. They are available as follows: 117 RFC 118 Status W3C REC Topic 119 ----------- ------- ----- 121 [RFC3275] [XMLDSIG10] XML Digital Signatures 122 Draft Standard 124 [RFC3076] [CANON10] Canonical XML 125 Informational 127 - - - - - - [XMLENC10] XML Encryption 1.0 129 [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 130 Informational 132 All of these documents and recommendations use URIs [RFC3986] to 133 identify algorithms and keying information types. The W3C has 134 subsequently produced updated XML Signature 1.1 [XMLDSIG11], 135 Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] 136 versions, as well as a new XML Signature Properties specification 137 [XMLDSIG-PROP]. 139 All camel-case element names herein, such as DigestValue, are from 140 these documents. 142 This document is an updated convenient reference list of URIs and 143 corresponding algorithms in which there is expressed interest. This 144 document fixes Errata [Err3597], [Err3965], [Err4004] against and 145 obsoletes [RFC6931]. 147 All of the URIs appear in the indexes in Section 4. Only the URIs 148 that were added by [RFC4051], [RFC6931], or this document have a 149 subsection in Section 2 or 3, with the exception of Minimal 150 Canonicalization (Section 2.4). For example, use of SHA-256 is 151 defined in [XMLENC11] and hence there is no subsection on that 152 algorithm here, but its URI is included in the indexes in Section 4. 154 Specification in this document of the URI representing an algorithm 155 does not imply endorsement of the algorithm for any particular 156 purpose. A protocol specification, which this is not, generally 157 gives algorithm and implementation requirements for the protocol. 158 Security considerations for algorithms are constantly evolving, as 159 documented elsewhere. This specification simply provides some URIs 160 and relevant formatting for when those URIs are used. 162 Note that progressing XML Digital Signature [RFC3275] along the 163 Standards Track required removal of any algorithms from the original 164 version [RFC3075] for which there was not demonstrated 165 interoperability. This required removal of the Minimal 166 Canonicalization algorithm, in which there appears to be continued 167 interest. The URI for Minimal Canonicalization was included in 168 [RFC4051] and [RFC6931] and is included here. 170 1.1 Terminology 172 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 173 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 174 "OPTIONAL" in this document are to be interpreted as described in BCP 175 14 [RFC2119] [RFC8174] when, and only when, they appear in all 176 capitals, as shown here. 178 This document is not intended to change the algorithm implementation 179 requirements of any IETF or W3C document. Use of [RFC2119] 180 terminology is intended to be only such as is already stated or 181 implied by other authoritative documents. 183 1.2 Acronyms 185 The following acronyms are used in this document: 187 HMAC - Keyed-Hashing MAC [RFC2104] 189 IETF - Internet Engineering Task Force 191 MAC - Message Authentication Code 193 MD - Message Digest 195 NIST - United States National Institute of Standards and 196 Technology 198 RC - Rivest Cipher 200 RSA - Rivest, Shamir, and Adleman 202 SHA - Secure Hash Algorithm 204 URI - Uniform Resource Identifier [RFC3986] 205 W3C - World Wide Web Consortium 207 XML - eXtensible Markup Language 209 2. Algorithms 211 The URI [RFC3986] that was dropped from the XML Digital Signature 212 standard due to the transition from Proposed Standard to Draft 213 Standard [RFC3275] is included in Section 2.4 below with its original 215 http://www.w3.org/2000/09/xmldsig# 217 prefix so as to avoid changing the XMLDSIG standard's namespace. 219 Additional algorithms in [RFC4051] were given URIs that start with 221 http://www.w3.org/2001/04/xmldsig-more# 223 while further algorithms added in this document are given URIs that 224 start with 226 http://www.w3.org/2007/05/xmldsig-more# 228 In addition, for ease of reference, this document includes in the 229 indexes in Section 4 many cryptographic algorithm URIs from several 230 XML security documents using the namespaces with which they are 231 defined in those documents. For example, 2000/09/xmldsig# for some 232 URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs 233 specified in [XMLENC10]. 235 See also [XMLSECXREF]. 237 2.1 DigestMethod (Hash) Algorithms 239 These algorithms are usable wherever a DigestMethod element occurs. 241 2.1.1 MD5 243 Identifier: 244 http://www.w3.org/2001/04/xmldsig-more#md5 246 The MD5 algorithm [RFC1321] takes no explicit parameters. An example 247 of an MD5 DigestAlgorithm element is: 249 252 An MD5 digest is a 128-bit string. The content of the DigestValue 253 element SHALL be the base64 [RFC2045] encoding of this bit string 254 viewed as a 16-octet octet stream. See [RFC6151] for MD5 security 255 considerations. 257 2.1.2 SHA-224 259 Identifier: 260 http://www.w3.org/2001/04/xmldsig-more#sha224 262 The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit 263 parameters. An example of a SHA-224 DigestAlgorithm element is: 265 268 A SHA-224 digest is a 224-bit string. The content of the DigestValue 269 element SHALL be the base64 [RFC2045] encoding of this string viewed 270 as a 28-octet stream. 272 2.1.3 SHA-384 274 Identifier: 275 http://www.w3.org/2001/04/xmldsig-more#sha384 277 The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An 278 example of a SHA-384 DigestAlgorithm element is: 280 283 A SHA-384 digest is a 384-bit string. The content of the DigestValue 284 element SHALL be the base64 [RFC2045] encoding of this string viewed 285 as a 48-octet stream. 287 2.1.4 Whirlpool 289 Identifier: 290 http://www.w3.org/2007/05/xmldsig-more#whirlpool 292 The Whirlpool algorithm [10118-3] takes no explicit parameters. A 293 Whirlpool digest is a 512-bit string. The content of the DigestValue 294 element SHALL be the base64 [RFC2045] encoding of this string viewed 295 as a 64-octet stream. 297 2.1.5 New SHA Functions 299 Identifiers: 300 http://www.w3.org/2007/05/xmldsig-more#sha3-224 301 http://www.w3.org/2007/05/xmldsig-more#sha3-256 302 http://www.w3.org/2007/05/xmldsig-more#sha3-384 303 http://www.w3.org/2007/05/xmldsig-more#sha3-512 305 NIST has recently completed a hash function competition for an 306 alternative to the SHA family. The Keccak-f[1600] algorithm was 307 selected [Keccak] [SHA-3]. This hash function is commonly referred 308 to as "SHA-3", and this section is a space holder and reservation of 309 URIs for future information on Keccak use in XML security. 311 A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and 312 512-bit string, respectively. The content of the DigestValue element 313 SHALL be the base64 [RFC2045] encoding of this string viewed as a 314 28-, 32-, 48-, and 64-octet stream, respectively. 316 2.2 SignatureMethod MAC Algorithms 318 This section covers SignatureMethod MAC (Message Authentication Code) 319 Algorithms. 321 Note: Some text in this section is duplicated from [RFC3275] for the 322 convenience of the reader. RFC 3275 is normative in case of conflict. 324 2.2.1 HMAC-MD5 326 Identifier: 327 http://www.w3.org/2001/04/xmldsig-more#hmac-md5 329 The HMAC algorithm [RFC2104] takes the truncation length in bits as a 330 parameter; if the parameter is not specified, then all the bits of 331 the hash are output. An example of an HMAC-MD5 SignatureMethod 332 element is as follows: 334 336 112 337 339 The output of the HMAC algorithm is ultimately the output (possibly 340 truncated) of the chosen digest algorithm. This value SHALL be base64 341 [RFC2045] encoded in the same straightforward fashion as the output 342 of the digest algorithms. Example: the SignatureValue element for the 343 HMAC-MD5 digest 345 9294727A 3638BB1C 13F48EF8 158BFC9D 347 from the test vectors in [RFC2104] would be 349 kpRyejY4uxwT9I74FYv8nQ== 351 Schema Definition: 353 354 355 357 DTD: 359 361 The Schema Definition and DTD immediately above are copied from 362 [RFC3275]. 364 See [RFC6151] for HMAC-MD5 security considerations. 366 2.2.2 HMAC SHA Variations 368 Identifiers: 369 http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 370 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 371 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 372 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 374 SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also 375 be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. 377 2.2.3 HMAC-RIPEMD160 379 Identifier: 380 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 382 RIPEMD-160 [10118-3] can also be used in HMAC as described in Section 383 2.2.1 above for HMAC-MD5. 385 2.3 SignatureMethod Public Key Signature Algorithms 387 These algorithms are distinguished from those in Section 2.2 above in 388 that they use public key methods. That is to say, the verification 389 key is different from and not feasibly derivable from the signing 390 key. 392 2.3.1 RSA-MD5 394 Identifier: 395 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 397 This implies the PKCS#1 v1.5 padding algorithm described in 398 [RFC3447]. An example of use is 400 403 The SignatureValue content for an RSA-MD5 signature is the base64 404 [RFC2045] encoding of the octet string computed as per [RFC3447], 405 Section 8.2.1, signature generation for the RSASSA-PKCS1-v1_5 406 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function 407 in [RFC3447], Section 9.2, the value input to the signature function 408 MUST contain a pre-pended algorithm object identifier for the hash 409 function, but the availability of an ASN.1 parser and recognition of 410 OIDs is not required of a signature verifier. The PKCS#1 v1.5 411 representation appears as: 413 CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) 415 Note that the padded ASN.1 will be of the following form: 417 01 | FF* | 00 | prefix | hash 419 Vertical bar ("|") represents concatenation. "01", "FF", and "00" are 420 fixed octets of the corresponding hexadecimal value, and the asterisk 421 ("*") after "FF" indicates repetition. "hash" is the MD5 digest of 422 the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix 423 required in PKCS #1 [RFC3447], that is, 425 hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 427 This prefix is included to make it easier to use standard 428 cryptographic libraries. The FF octet MUST be repeated enough times 429 that the value of the quantity being CRYPTed is exactly one octet 430 shorter than the RSA modulus. 432 See [RFC6151] for MD5 security considerations. 434 2.3.2 RSA-SHA256 436 Identifier: 437 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 439 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 440 in Section 2.3.1, but with the ASN.1 BER SHA-256 algorithm designator 441 prefix. An example of use is 443 446 2.3.3 RSA-SHA384 448 Identifier: 449 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 451 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 452 in Section 2.3.1, but with the ASN.1 BER SHA-384 algorithm designator 453 prefix. An example of use is 455 458 Because it takes about the same effort to calculate a SHA-384 message 459 digest as it does a SHA-512 message digest, it is suggested that RSA- 460 SHA512 be used in preference to RSA-SHA384 where possible. 462 2.3.4 RSA-SHA512 464 Identifier: 465 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 467 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 468 in Section 2.3.1, but with the ASN.1 BER SHA-512 algorithm designator 469 prefix. An example of use is 471 474 2.3.5 RSA-RIPEMD160 476 Identifier: 477 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 479 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 480 in Section 2.3.1, but with the ASN.1 BER RIPEMD160 algorithm 481 designator prefix. An example of use is 483 487 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool 489 Identifiers: 490 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 491 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 492 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 493 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 494 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 495 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 496 http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool 498 The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is 499 the elliptic curve analogue of the Digital Signature Algorithm (DSA) 500 signature method, i.e., the Digital Signature Standard (DSS). It 501 takes no explicit parameters. For detailed specifications of how to 502 use it with SHA hash functions and XML Digital Signature, please see 503 [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool 504 fragments in the new namespace identifies a signature method 505 processed in the same way as specified by the #ecdsa-sha1 fragment of 506 this namespace, with the exception that RIPEMD160 or Whirlpool is 507 used instead of SHA-1. 509 The output of the ECDSA algorithm consists of a pair of integers 510 usually referred by the pair (r, s). The signature value consists of 511 the base64 encoding of the concatenation of two octet streams that 512 respectively result from the octet encoding of the values r and s in 513 that order. Conversion from integer to octet-stream must be done 514 according to the I2OSP operation defined in the [RFC3447] 515 specification with the l parameter equal to the size of the base 516 point order of the curve in bytes (e.g., 32 for the P-256 curve and 517 66 for the P-521 curve [FIPS186-3]). 519 For an introduction to elliptic curve cryptographic algorithms, see 520 [RFC6090] and note the errata (Errata ID 2773-2777). 522 2.3.7 ESIGN-SHA* 524 Identifiers: 525 http://www.w3.org/2001/04/xmldsig-more#esign-sha1 526 http://www.w3.org/2001/04/xmldsig-more#esign-sha224 527 http://www.w3.org/2001/04/xmldsig-more#esign-sha256 528 http://www.w3.org/2001/04/xmldsig-more#esign-sha384 529 http://www.w3.org/2001/04/xmldsig-more#esign-sha512 531 The ESIGN algorithm specified in [IEEEP1363a] is a signature scheme 532 based on the integer factorization problem. It is much faster than 533 previous digital signature schemes, so ESIGN can be implemented on 534 smart cards without special co-processors. 536 An example of use is 538 542 2.3.8 RSA-Whirlpool 544 Identifier: 545 http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool 547 As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the 548 designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in 549 [RFC3447]. When identified through the #rsa-whirlpool fragment 550 identifier, Whirlpool is used as the hash algorithm instead. Use of 551 the ASN.1 BER Whirlpool algorithm designator is implied. That 552 designator is 553 hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 554 as an explicit octet sequence. This corresponds to OID 555 1.0.10118.3.0.55 defined in [10118-3]. 557 An example of use is 559 563 2.3.9 RSASSA-PSS with Parameters 565 Identifiers: 566 http://www.w3.org/2007/05/xmldsig-more#rsa-pss 567 http://www.w3.org/2007/05/xmldsig-more#MGF1 569 These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm 570 [RFC3447]. The RSASSA-PSS algorithm takes the digest method (hash 571 function), a mask generation function, the salt length in bytes 572 (SaltLength), and the trailer field as explicit parameters. 574 Algorithm identifiers for hash functions specified in XML encryption 575 [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid 576 algorithm identifiers for hash functions. According to [RFC3447], 577 the default value for the digest function is SHA-1, but due to the 578 discovered weakness of SHA-1 [RFC6194], it is recommended that 579 SHA-256 or a stronger hash function be used. Notwithstanding 580 [RFC3447], SHA-256 is the default to be used with these 581 SignatureMethod identifiers if no hash function has been specified. 583 The default salt length for these SignatureMethod identifiers if the 584 SaltLength is not specified SHALL be the number of octets in the hash 585 value of the digest method, as recommended in [RFC4055]. In a 586 parameterized RSASSA-PSS signature the ds:DigestMethod and the 587 SaltLength parameters usually appear. If they do not, the defaults 588 make this equivalent to http://www.w3.org/2007/05/xmldsig- 589 more#sha256-rsa-MGF1 (see Section 2.3.10). The TrailerField defaults 590 to 1 (0xBC) when omitted. 592 Schema Definition (target namespace 593 http://www.w3.org/2007/05/xmldsig-more#): 595 596 597 598 Top level element that can be used in xs:any namespace="#other" 599 wildcard of ds:SignatureMethod content. 600 601 602 603 604 605 606 608 610 612 613 614 615 616 617 618 620 622 2.3.10 RSASSA-PSS without Parameters 624 [RFC3447] currently specifies only one mask generation function MGF1 625 based on a hash function. Although [RFC3447] allows for 626 parameterization, the default is to use the same hash function as the 627 digest method function. Only this default approach is supported by 628 this section; therefore, the definition of a mask generation function 629 type is not needed yet. The same applies to the trailer field. There 630 is only one value (0xBC) specified in [RFC3447]. Hence, this default 631 parameter must be used for signature generation. The default salt 632 length is the length of the hash function. 634 Identifiers: 635 http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 636 http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 637 http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 638 http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 640 http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 641 http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 642 http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 643 http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 644 http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 645 http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 646 http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 647 http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 648 http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 649 http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 651 An example of use is 653 658 2.3.11 RSA-SHA224 660 Identifier: 661 http://www.w3.org/2001/04/xmldsig-more#rsa-sha224 663 This implies the PKCS#1 v1.5 padding algorithm [RFC3447] as described 664 in Section 2.3.1 but with the ASN.1 BER SHA-224 algorithm designator 665 prefix. An example of use is 667 670 Because it takes about the same effort to calculate a SHA-224 message 671 digest as it does a SHA-256 message digest, it is suggested that RSA- 672 SHA256 be used in preference to RSA-SHA224 where possible. 674 See also Appendix B concerning an erroneous version of this URI that 675 appeared in [RFC6931]. 677 2.4 Minimal Canonicalization 679 Thus far, two independent interoperable implementations of Minimal 680 Canonicalization have not been announced. Therefore, when XML 681 Digital Signature was advanced along the Standards Track from 682 [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. 683 However, there is still interest. For its definition, see Section 684 6.5.1 of [RFC3075]. 686 For reference, its identifier remains: 687 http://www.w3.org/2000/09/xmldsig#minimal 689 2.5 Transform Algorithms 691 Note that all CanonicalizationMethod algorithms can also be used as 692 Transform algorithms. 694 2.5.1 XPointer 696 Identifier: 697 http://www.w3.org/2001/04/xmldsig-more#xptr 699 This transform algorithm takes an [XPointer] as an explicit 700 parameter. An example of use is: 702 704 706 xpointer(id("foo")) xmlns(bar=http://foobar.example) 707 xpointer(//bar:Zab[@Id="foo"]) 708 709 711 Schema Definition: 713 715 DTD: 717 719 Input to this transform is an octet stream (which is then parsed into 720 XML). 722 Output from this transform is a node set; the results of the XPointer 723 are processed as defined in the XMLDSIG specification [RFC3275] for a 724 same-document XPointer. 726 2.6 EncryptionMethod Algorithms 728 This subsection gives identifiers and information for several 729 EncryptionMethod Algorithms. 731 2.6.1 ARCFOUR Encryption Algorithm 733 Identifier: 734 http://www.w3.org/2001/04/xmldsig-more#arcfour 736 ARCFOUR is a fast, simple stream encryption algorithm that is 737 compatible with RSA Security's RC4 algorithm [RC4]. An example 738 EncryptionMethod element using ARCFOUR is 740 742 40 743 745 Note that Arcfour makes use of the generic KeySize parameter 746 specified and defined in [XMLENC11]. 748 2.6.2 Camellia Block Encryption 750 Identifiers: 751 http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc 752 http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc 753 http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc 755 Camellia is a block cipher with the same interface as the AES 756 [Camellia] [RFC3713]; it has a 128-bit block size and 128-, 192-, and 757 256-bit key sizes. In XML Encryption Camellia is used in the same way 758 as the AES: It is used in the Cipher Block Chaining (CBC) mode with a 759 128-bit initialization vector (IV). The resulting cipher text is 760 prefixed by the IV. If included in XML output, it is then base64 761 encoded. An example Camellia EncryptionMethod is as follows: 763 768 2.6.3 Camellia Key Wrap 770 Identifiers: 771 http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 772 http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 773 http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 775 Camellia [Camellia] [RFC3713] key wrap is identical to the AES key 776 wrap algorithm [RFC3394] specified in the XML Encryption standard 777 with "AES" replaced by "Camellia". As with AES key wrap, the check 778 value is 0xA6A6A6A6A6A6A6A6. 780 The algorithm is the same whatever the size of the Camellia key used 781 in wrapping, called the "key encrypting key" or "KEK". If Camellia is 782 supported, it is particularly suggested that wrapping 128-bit keys 783 with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be 784 supported. 786 An example of use is: 788 793 2.6.4 PSEC-KEM 795 Identifier: 796 http://www.w3.org/2001/04/xmldsig-more#psec-kem 798 The PSEC-KEM algorithm, specified in [18033-2], is a key 799 encapsulation mechanism using elliptic curve encryption. 801 An example of use is: 803 805 806 version 807 id 808 curve 809 base 810 order 811 cofactor 812 813 815 See [18033-2] for information on the parameters above. 817 2.6.5 SEED Block Encryption 819 Identifier: 820 http://www.w3.org/2007/05/xmldsig-more#seed128-cbc 822 SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML 823 Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode 824 with a 128-bit initialization vector (IV). The resulting cipher text 825 is prefixed by the IV. If included in XML output, it is then base64 826 encoded. 828 An example SEED EncryptionMethod is as follows: 830 833 2.6.6 SEED Key Wrap 835 Identifier: 836 http://www.w3.org/2007/05/xmldsig-more#kw-seed128 838 Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] 839 with "AES" replaced by "SEED". The algorithm is specified in 840 [RFC4010]. The implementation of SEED is optional. The default 841 initial value is 0xA6A6A6A6A6A6A6A6. 843 An example of use is: 845 850 3. KeyInfo 852 In Section 3.1 below a new KeyInfo element child is specified, while 853 in Section 3.2 additional KeyInfo Type values for use in 854 RetrievalMethod are specified. 856 3.1 PKCS #7 Bag of Certificates and CRLs 858 A PKCS #7 [RFC2315] "signedData" can also be used as a bag of 859 certificates and/or certificate revocation lists (CRLs). The 860 PKCS7signedData element is defined to accommodate such structures 861 within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] 862 encoded. Any signer information present is ignored. The following 863 is a example [RFC3092], eliding the base64 data: 865 867 ... 868 870 3.2 Additional RetrievalMethod Type Values 872 The Type attribute of RetrievalMethod is an optional identifier for 873 the type of data to be retrieved. The result of dereferencing a 874 RetrievalMethod reference for all KeyInfo types with an XML structure 875 is an XML element or document with that element as the root. The 876 various "raw" key information types return a binary value. Thus, they 877 require a Type attribute because they are not unambiguously parsable. 879 Identifiers: 880 http://www.w3.org/2001/04/xmldsig-more#KeyName 881 http://www.w3.org/2001/04/xmldsig-more#KeyValue 882 http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData 883 http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket 884 http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData 885 http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp 886 http://www.w3.org/2001/04/xmldsig-more#rawX509CRL 887 http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod 889 4. Indexes 891 The following subsections provide an index by URI and by fragment 892 identifier (the portion of the URI after "#") of the algorithm and 893 KeyInfo URIs defined in this document and in the standards (plus the 894 one KeyInfo child element name defined in this document). The 895 "Sec/Doc" column has the section of this document or, if not 896 specified in this document, the standards document where the item is 897 specified. See also [XMLSECXREF]. 899 4.1 Fragment Index 901 The initial "http://www.w3.org/" part of the URI is not included 902 below. The first six entries have a null fragment identifier or no 903 fragment identifier. "{Bad}" indicates a Bad value that was 904 accidentally included in [RFC6931]. Implementations SHOULD only 905 generate the correct URI but SHOULD understand both the correct and 906 erroneous URI. See also Appendix B. 908 Fragment URI Sec/Doc 909 --------- ---- -------- 911 2002/06/xmldsig-filter2 [XPATH] 912 2006/12/xmlc12n11# {Bad} [CANON11] 913 2006/12/xmlc14n11# [CANON11] 914 TR/1999/REC-xslt-19991116 [XSLT] 915 TR/1999/REC-xpath-19991116 [XPATH] 916 TR/2001/06/xml-exc-c14n# [XCANON] 917 TR/2001/REC-xml-c14n-20010315 [CANON10] 918 TR/2001/REC-xmlschema-1-20010502 [Schema] 920 aes128-cbc 2001/04/xmlenc#aes128-cbc [XMLENC11] 921 aes128-gcm 2009/xmlenc11#aes128-gcm [XMLENC11] 922 aes192-cbc 2001/04/xmlenc#aes192-cbc [XMLENC11] 923 aes192-gcm 2009/xmlenc11#aes192-gcm [XMLENC11] 924 aes256-cbc 2001/04/xmlenc#aes256-cbc [XMLENC11] 925 aes256-gcm 2009/xmlenc11#aes256-gcm [XMLENC11] 926 arcfour 2001/04/xmldsig-more#arcfour 2.6.1 928 base64 2000/09/xmldsig#base64 [RFC3275] 930 camellia128-cbc 2001/04/xmldsig-more#camellia128-cbc 2.6.2 931 camellia192-cbc 2001/04/xmldsig-more#camellia192-cbc 2.6.2 932 camellia256-cbc 2001/04/xmldsig-more#camellia256-cbc 2.6.2 933 ConcatKDF 2009/xmlenc11#ConcatKDF [XMLENC11] 934 decrypt#XML 2002/07/decrypt#XML [DECRYPT] 935 decrypt#Binary 2002/07/decrypt#Binary [DECRYPT] 936 DEREncodedKeyValue 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] 937 dh 2001/04/xmlenc#dh [XMLENC11] 938 dh-es 2009/xmlenc11#dh-es [XMLENC11] 939 dsa-sha1 2000/09/xmldsig#dsa-sha1 [RFC3275] 940 dsa-sha256 2009/xmldsig11#dsa-sha256 [XMLDSIG11] 941 DSAKeyValue 2000/09/xmldsig#DSAKeyValue [XMLDSIG11] 943 ECDH-ES 2009/xmlenc11#ECDH-ES [XMLENC11] 944 ecdsa-ripemd160 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 945 ecdsa-sha1 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 946 ecdsa-sha224 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 947 ecdsa-sha256 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 948 ecdsa-sha384 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 949 ecdsa-sha512 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 950 ecdsa-whirlpool 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 951 ecies-kem 2010/xmlsec-ghc#ecies-kem [GENERIC] 952 ECKeyValue 2009/xmldsig11#ECKeyValue [XMLDSIG11] 953 enveloped-signature 2000/09/xmldsig#enveloped-signature [RFC3275] 954 esign-sha1 2001/04/xmldsig-more#esign-sha1 2.3.7 955 esign-sha224 2001/04/xmldsig-more#esign-sha224 2.3.7 956 esign-sha256 2001/04/xmldsig-more#esign-sha256 2.3.7 957 esign-sha384 2001/04/xmldsig-more#esign-sha384 2.3.7 958 esign-sha512 2001/04/xmldsig-more#esign-sha512 2.3.7 960 generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC] 962 hmac-md5 2001/04/xmldsig-more#hmac-md5 2.2.1 963 hmac-ripemd160 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 964 hmac-sha1 2000/09/xmldsig#hmac-sha1 [RFC3275] 965 hmac-sha224 2001/04/xmldsig-more#hmac-sha224 2.2.2 966 hmac-sha256 2001/04/xmldsig-more#hmac-sha256 2.2.2 967 hmac-sha384 2001/04/xmldsig-more#hmac-sha384 2.2.2 968 hmac-sha512 2001/04/xmldsig-more#hmac-sha512 2.2.2 970 KeyName 2001/04/xmldsig-more#KeyName 3.2 971 KeyValue 2001/04/xmldsig-more#KeyValue 3.2 972 kw-aes128 2001/04/xmlenc#kw-aes128 [XMLENC11] 973 kw-aes128-pad 2009/xmlenc11#kw-aes-128-pad [XMLENC11] 974 kw-aes192 2001/04/xmlenc#kw-aes192 [XMLENC11] 975 kw-aes192-pad 2009/xmlenc11#kw-aes-192-pad [XMLENC11] 976 kw-aes256 2001/04/xmlenc#kw-aes256 [XMLENC11] 977 kw-aes256-pad 2009/xmlenc11#kw-aes-256-pad [XMLENC11] 978 kw-camellia128 2001/04/xmldsig-more#kw-camellia128 2.6.3 979 kw-camellia192 2001/04/xmldsig-more#kw-camellia192 2.6.3 980 kw-camellia256 2001/04/xmldsig-more#kw-camellia256 2.6.3 981 kw-seed128 2007/05/xmldsig-more#kw-seed128 2.6.6 982 md2-rsa-MGF1 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 983 md5 2001/04/xmldsig-more#md5 2.1.1 984 md5-rsa-MGF1 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 985 MGF1 2007/05/xmldsig-more#MGF1 2.3.9 986 mgf1sha1 2009/xmlenc11#mgf1sha1 [XMLENC11] 987 mgf1sha224 2009/xmlenc11#mgf1sha224 [XMLENC11] 988 mgf1sha256 2009/xmlenc11#mgf1sha256 [XMLENC11] 989 mgf1sha384 2009/xmlenc11#mgf1sha384 [XMLENC11] 990 mgf1sha512 2009/xmlenc11#mgf1sha512 [XMLENC11] 991 MgmtData 2000/09/xmldsig#MgmtData [XMLDSIG11] 992 minimal 2000/09/xmldsig#minimal 2.4 994 pbkdf2 2009/xmlenc11#pbkdf2 [XMLENC11] 995 PGPData 2000/09/xmldsig#PGPData [XMLDSIG11] 996 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.1 997 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.2 998 psec-kem 2001/04/xmldsig-more#psec-kem 2.6.4 1000 rawPGPKeyPacket 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 1001 rawPKCS7signedData 2001/04/xmldsig-more#rawPKCS7signedData 3.2 1002 rawSPKISexp 2001/04/xmldsig-more#rawSPKISexp 3.2 1003 rawX509Certificate 2000/09/xmldsig#rawX509Certificate [RFC3275] 1004 rawX509CRL 2001/04/xmldsig-more#rawX509CRL 3.2 1005 RetrievalMethod 2001/04/xmldsig-more#RetrievalMethod 3.2 1006 ripemd128-rsa-MGF1 2007/05/xmldsig-more#ripemd128-rsa-MGF1 1007 2.3.10 1008 ripemd160 2001/04/xmlenc#ripemd160 [XMLENC11] 1009 ripemd160-rsa-MGF1 2007/05/xmldsig-more#ripemd160-rsa-MGF1 1010 2.3.10 1011 rsa-1_5 2001/04/xmlenc#rsa-1_5 [XMLENC11] 1012 rsa-md5 2001/04/xmldsig-more#rsa-md5 2.3.1 1013 rsa-oaep 2009/xmlenc11#rsa-oaep [XMLENC11] 1014 rsa-oaep-mgf1p 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] 1015 rsa-pss 2007/05/xmldsig-more#rsa-pss 2.3.9 1016 rsa-ripemd160 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 1017 rsa-sha1 2000/09/xmldsig#rsa-sha1 [RFC3275] 1018 rsa-sha224 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 1019 rsa-sha224 2001/04/xmldsig-more#rsa-sha224 2.3.11 1020 rsa-sha256 2001/04/xmldsig-more#rsa-sha256 2.3.2 1021 rsa-sha384 2001/04/xmldsig-more#rsa-sha384 2.3.3 1022 rsa-sha512 2001/04/xmldsig-more#rsa-sha512 2.3.4 1023 rsa-whirlpool 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 1024 rsaes-kem 2010/xmlsec-ghc#rsaes-kem [GENERIC] 1025 RSAKeyValue 2000/09/xmldsig#RSAKeyValue [XMLDSIG11] 1027 seed128-cbc 2007/05/xmldsig-more#seed128-cbc 2.6.5 1028 sha1 2000/09/xmldsig#sha1 [RFC3275] 1029 sha1-rsa-MGF1 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 1030 sha224 2001/04/xmldsig-more#sha224 2.1.2 1031 sha224-rsa-MGF1 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 1032 sha256 2001/04/xmlenc#sha256 [XMLENC11] 1033 sha256-rsa-MGF1 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 1034 sha3-224 2007/05/xmldsig-more#sha3-224 2.1.5 1035 sha3-224-rsa-MGF1 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 1036 sha3-256 2007/05/xmldsig-more#sha3-256 2.1.5 1037 sha3-256-rsa-MGF1 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 1038 sha3-384 2007/05/xmldsig-more#sha3-384 2.1.5 1039 sha3-384-rsa-MGF1 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 1040 sha3-512 2007/05/xmldsig-more#sha3-512 2.1.5 1041 sha3-512-rsa-MGF1 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 1042 sha384 2001/04/xmldsig-more#sha384 2.1.3 1043 sha384-rsa-MGF1 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 1044 sha512 2001/04/xmlenc#sha512 [XMLENC11] 1045 sha512-rsa-MGF1 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 1046 SPKIData 2000/09/xmldsig#SPKIData [XMLDSIG11] 1048 tripledes-cbc 2001/04/xmlenc#tripledes-cbc [XMLENC11] 1050 whirlpool 2007/05/xmldsig-more#whirlpool 2.1.4 1051 whirlpool-rsa-MGF1 2007/05/xmldsig-more#whirlpool-rsa-MGF1 1052 2.3.10 1053 WithComments 2006/12/xmlc14n11#WithComments [CANON11] 1054 WithComments TR/2001/06/xml-exc-c14n#WithComments 1055 [XCANON] 1056 WithComments TR/2001/REC-xml-c14n-20010315#WithComments 1057 [CANON10] 1059 X509Data 2000/09/xmldsig#X509Data [XMLDSIG11] 1060 xptr 2001/04/xmldsig-more#xptr 2.5.1 1062 The initial "http://www.w3.org/" part of the URI is not included 1063 above. 1065 4.2 URI Index 1067 The initial "http://www.w3.org/" part of the URI is not included 1068 below. "{Bad}" indicates a Bad value that was accidentally included 1069 in [RFC6931]. Implementations SHOULD only generate the correct URI 1070 but SHOULD understand both the correct and erroneous URI. See also 1071 Appendix B. 1073 URI Sec/Doc Type 1074 ---- -------- ----- 1076 2000/09/xmldsig#base64 [RFC3275] Transform 1077 2000/09/xmldsig#DSAKeyValue [RFC3275] Retrieval type 1078 2000/09/xmldsig#dsa-sha1 [RFC3275] SignatureMethod 1079 2000/09/xmldsig#enveloped-signature [RFC3275] Transform 1080 2000/09/xmldsig#hmac-sha1 [RFC3275] SignatureMethod 1081 2000/09/xmldsig#MgmtData [RFC3275] Retrieval type 1082 2000/09/xmldsig#minimal 2.4 Canonicalization 1083 2000/09/xmldsig#PGPData [RFC3275] Retrieval type 1084 2000/09/xmldsig#rawX509Certificate [RFC3275] Retrieval type 1085 2000/09/xmldsig#rsa-sha1 [RFC3275] SignatureMethod 1086 2000/09/xmldsig#RSAKeyValue [RFC3275] Retrieval type 1087 2000/09/xmldsig#sha1 [RFC3275] DigestAlgorithm 1088 2000/09/xmldsig#SPKIData [RFC3275] Retrieval type 1089 2000/09/xmldsig#X509Data [RFC3275] Retrieval type 1091 2001/04/xmldsig-more#arcfour 2.6.1 EncryptionMethod 1092 2001/04/xmldsig-more#camellia128-cbc 2.6.2 EncryptionMethod 1093 2001/04/xmldsig-more#camellia192-cbc 2.6.2 EncryptionMethod 1094 2001/04/xmldsig-more#camellia256-cbc 2.6.2 EncryptionMethod 1095 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 SignatureMethod 1096 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 SignatureMethod 1097 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 SignatureMethod 1098 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 SignatureMethod 1099 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 SignatureMethod 1100 2001/04/xmldsig-more#esign-sha1 2.3.7 SignatureMethod 1101 2001/04/xmldsig-more#esign-sha224 2.3.7 SignatureMethod 1102 2001/04/xmldsig-more#esign-sha256 2.3.7 SignatureMethod 1103 2001/04/xmldsig-more#esign-sha384 2.3.7 SignatureMethod 1104 2001/04/xmldsig-more#esign-sha512 2.3.7 SignatureMethod 1105 2001/04/xmldsig-more#hmac-md5 2.2.1 SignatureMethod 1106 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 SignatureMethod 1107 2001/04/xmldsig-more#hmac-sha224 2.2.2 SignatureMethod 1108 2001/04/xmldsig-more#hmac-sha256 2.2.2 SignatureMethod 1109 2001/04/xmldsig-more#hmac-sha384 2.2.2 SignatureMethod 1110 2001/04/xmldsig-more#hmac-sha512 2.2.2 SignatureMethod 1111 2001/04/xmldsig-more#KeyName 3.2 Retrieval type 1112 2001/04/xmldsig-more#KeyValue 3.2 Retrieval type 1113 2001/04/xmldsig-more#kw-camellia128 2.6.3 EncryptionMethod 1114 2001/04/xmldsig-more#kw-camellia192 2.6.3 EncryptionMethod 1115 2001/04/xmldsig-more#kw-camellia256 2.6.3 EncryptionMethod 1116 2001/04/xmldsig-more#md5 2.1.1 DigestAlgorithm 1117 2001/04/xmldsig-more#PKCS7signedData 3.2 Retrieval type 1118 2001/04/xmldsig-more#psec-kem 2.6.4 EncryptionMethod 1119 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 Retrieval type 1120 2001/04/xmldsig-more#rawPKCS7signedData 3.2 Retrieval type 1121 2001/04/xmldsig-more#rawSPKISexp 3.2 Retrieval type 1122 2001/04/xmldsig-more#rawX509CRL 3.2 Retrieval type 1123 2001/04/xmldsig-more#RetrievalMethod 3.2 Retrieval type 1124 2001/04/xmldsig-more#rsa-md5 2.3.1 SignatureMethod 1125 2001/04/xmldsig-more#rsa-sha224 2.3.11 SignatureMethod 1126 2001/04/xmldsig-more#rsa-sha256 2.3.2 SignatureMethod 1127 2001/04/xmldsig-more#rsa-sha384 2.3.3 SignatureMethod 1128 2001/04/xmldsig-more#rsa-sha512 2.3.4 SignatureMethod 1129 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 SignatureMethod 1130 2001/04/xmldsig-more#sha224 2.1.2 DigestAlgorithm 1131 2001/04/xmldsig-more#sha384 2.1.3 DigestAlgorithm 1132 2001/04/xmldsig-more#xptr 2.5.1 Transform 1133 2001/04/xmldsig-more#PKCS7signedData 3.1 KeyInfo child 1135 2001/04/xmlenc#aes128-cbc [XMLENC11] EncryptionMethod 1136 2001/04/xmlenc#aes192-cbc [XMLENC11] EncryptionMethod 1137 2001/04/xmlenc#aes256-cbc [XMLENC11] EncryptionMethod 1138 2001/04/xmlenc#dh [XMLENC11] AgreementMethod 1139 2001/04/xmlenc#kw-aes128 [XMLENC11] EncryptionMethod 1140 2001/04/xmlenc#kw-aes192 [XMLENC11] EncryptionMethod 1141 2001/04/xmlenc#kw-aes256 [XMLENC11] EncryptionMethod 1142 2001/04/xmlenc#ripemd160 [XMLENC11] DigestAlgorithm 1143 2001/04/xmlenc#rsa-1_5 [XMLENC11] EncryptionMethod 1144 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] EncryptionMethod 1145 2001/04/xmlenc#sha256 [XMLENC11] DigestAlgorithm 1146 2001/04/xmlenc#sha512 [XMLENC11] DigestAlgorithm 1147 2001/04/xmlenc#tripledes-cbc [XMLENC11] EncryptionMethod 1149 2002/06/xmldsig-filter2 [XPATH] Transform 1151 2002/07/decrypt#XML [DECRYPT] Transform 1152 2002/07/decrypt#Binary [DECRYPT] Transform 1154 2006/12/xmlc12n11# {Bad} [CANON11] Canonicalization 1155 2006/12/xmlc14n11# [CANON11] Canonicalization 1156 2006/12/xmlc14n11#WithComments [CANON11] Canonicalization 1158 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 SignatureMethod 1159 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 SignatureMethod 1160 2007/05/xmldsig-more#kw-seed128 2.6.6 EncryptionMethod 1161 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 SignatureMethod 1162 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 SignatureMethod 1163 2007/05/xmldsig-more#MGF1 2.3.9 SignatureMethod 1164 2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod 1165 2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod 1166 2007/05/xmldsig-more#rsa-pss 2.3.9 SignatureMethod 1167 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 SignatureMethod 1168 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 SignatureMethod 1169 2007/05/xmldsig-more#seed128-cbc 2.6.5 EncryptionMethod 1170 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 SignatureMethod 1171 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 SignatureMethod 1172 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 SignatureMethod 1173 2007/05/xmldsig-more#sha3-224 2.1.5 DigestAlgorithm 1174 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 SignatureMethod 1175 2007/05/xmldsig-more#sha3-256 2.1.5 DigestAlgorithm 1176 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 SignatureMethod 1177 2007/05/xmldsig-more#sha3-384 2.1.5 DigestAlgorithm 1178 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 SignatureMethod 1179 2007/05/xmldsig-more#sha3-512 2.1.5 DigestAlgorithm 1180 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 SignatureMethod 1181 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 SignatureMethod 1182 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 SignatureMethod 1183 2007/05/xmldsig-more#whirlpool 2.1.4 DigestAlgorithm 1184 2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod 1185 2009/xmlenc11#kw-aes-128-pad [XMLENC11] EncryptionMethod 1186 2009/xmlenc11#kw-aes-192-pad [XMLENC11] EncryptionMethod 1187 2009/xmlenc11#kw-aes-256-pad [XMLENC11] EncryptionMethod 1189 2009/xmldsig11#dsa-sha256 [XMLDSIG11] SignatureMethod 1190 2009/xmldsig11#ECKeyValue [XMLDSIG11] Retrieval type 1191 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] Retrieval type 1193 2009/xmlenc11#aes128-gcm [XMLENC11] EncryptionMethod 1194 2009/xmlenc11#aes192-gcm [XMLENC11] EncryptionMethod 1195 2009/xmlenc11#aes256-gcm [XMLENC11] EncryptionMethod 1196 2009/xmlenc11#ConcatKDF [XMLENC11] EncryptionMethod 1197 2009/xmlenc11#mgf1sha1 [XMLENC11] SignatureMethod 1198 2009/xmlenc11#mgf1sha224 [XMLENC11] SignatureMethod 1199 2009/xmlenc11#mgf1sha256 [XMLENC11] SignatureMethod 1200 2009/xmlenc11#mgf1sha384 [XMLENC11] SignatureMethod 1201 2009/xmlenc11#mgf1sha512 [XMLENC11] SignatureMethod 1202 2009/xmlenc11#pbkdf2 [XMLENC11] EncryptionMethod 1203 2009/xmlenc11#rsa-oaep [XMLENC11] EncryptionMethod 1204 2009/xmlenc11#ECDH-ES [XMLENC11] EncryptionMethod 1205 2009/xmlenc11#dh-es [XMLENC11] EncryptionMethod 1207 2010/xmlsec-ghc#generic-hybrid [GENERIC] Generic Hybrid 1208 2010/xmlsec-ghc#rsaes-kem [GENERIC] Generic Hybrid 1209 2010/xmlsec-ghc#ecies-kem [GENERIC] Generic Hybrid 1211 TR/1999/REC-xpath-19991116 [XPATH] Transform 1212 TR/1999/REC-xslt-19991116 [XSLT] Transform 1213 TR/2001/06/xml-exc-c14n# [XCANON] Canonicalization 1214 TR/2001/06/xml-exc-c14n#WithComments 1215 [XCANON] Canonicalization 1216 TR/2001/REC-xml-c14n-20010315 [CANON10] Canonicalization 1217 TR/2001/REC-xml-c14n-20010315#WithComments 1218 [CANON10] Canonicalization 1219 TR/2001/REC-xmlschema-1-20010502 [Schema] Transform 1221 The initial "http://www.w3.org/" part of the URI is not included 1222 above. "{Bad}" indicates a Bad value that was accidentally included 1223 in [RFC6931]. Implementations SHOULD only generate the correct URI 1224 but SHOULD understand both the correct and erroneous URI. See also 1225 Appendix B. 1227 5. Allocation Considerations 1229 W3C and IANA allocation considerations are given below. 1231 5.1 W3C Allocation Considerations 1233 As it is easy for people to construct their own unique URIs [RFC3986] 1234 and, if appropriate, to obtain a URI from the W3C, it is not intended 1235 that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be 1236 created beyond those enumerated in this RFC. (W3C Namespace 1237 stability rules prohibit the creation of new URIs under 1238 "http://www.w3.org/2000/09/xmldsig#" and URIs under 1239 "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the 1240 publication of [RFC4051].) 1242 An "xmldsig-more" URI does not imply any official W3C or IETF status 1243 for these algorithms or identifiers nor does it imply that they are 1244 only useful in digital signatures. Currently, dereferencing such 1245 URIs may or may not produce a temporary placeholder document. 1246 Permission to use these URI prefixes has been given by the W3C. 1248 5.2 IANA Considerations 1250 IANA has established a registry entitled "XML Security URIs". The 1251 initial contents correspond to Section 4.2 of this document with each 1252 section number in the "Sec/Doc" column augmented with a reference to 1253 this RFC (for example, "2.6.4" means "[RFC6931], Section 2.6.4"). 1255 New entries, including new Types, will be added based on Expert 1256 Review [RFC5226]. Criterion for inclusion are (1) documentation 1257 sufficient for interoperability of the algorithm or data type and the 1258 XML syntax for its representation and use and (2) sufficient 1259 importance as normally indicated by inclusion in (2a) an approved W3C 1260 Note, Proposed Recommendation, or Recommendation or (2b) an approved 1261 IETF Standards Track document. Typically, the registry will 1262 reference a W3C or IETF document specifying such XML syntax; that 1263 document will either contain a more abstract description of the 1264 algorithm or data type or reference another document with a more 1265 abstract description. 1267 6. Security Considerations 1269 This RFC is concerned with documenting the URIs that designate 1270 algorithms and some data types used in connection with XML security. 1271 The security considerations vary widely with the particular 1272 algorithms, and the general security considerations for XML security 1273 are outside of the scope of this document but appear in [XMLDSIG11], 1274 [XMLENC11], [CANON10], [CANON11], and [GENERIC]. 1276 [RFC6151] should be consulted before considering the use of MD5 as a 1277 DigestMethod or RSA-MD5 as a SignatureMethod. 1279 See [RFC6194] for SHA-1 security considerations and [RFC6151] for MD5 1280 security considerations. 1282 Additional security considerations are given in connection with the 1283 description of some algorithms in the body of this document. 1285 Implementers should be aware that cryptographic algorithms become 1286 weaker with time. As new cryptoanalysis techniques are developed and 1287 computing performance improves, the work factor to break a particular 1288 cryptographic algorithm will reduce. Therefore, cryptographic 1289 implementations should be modular, allowing new algorithms to be 1290 readily inserted. That is, implementers should be prepared for the 1291 set of mandatory-to-implement algorithms to change over time. 1293 Acknowledgements 1295 The contributions of the following, listed in alphabetic order, by 1296 reporting errata against RFC 6931 or contributing to this document, 1297 are gratefully acknowleged: 1299 Frederick Hirsch, Axel Puhlmann, Annie Yousar 1301 The contributions of the following, listed in alphabetic order, to 1302 [RFC6931], on which this document is based, are gratefully 1303 acknowledged: 1305 Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, 1306 Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, 1307 Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter 1308 Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter 1309 Saint-Andre, and Sean Turner. 1311 The following contributors to [RFC4051] are gratefully acknowledged: 1313 Glenn Adams, Merlin Hughs, Gregor Karlinger, Brian LaMachia, Shiho 1314 Moriai, Joseph Reagle, Russ Housley, and Joel Halpern. 1316 The document was prepared in raw nroff. All macros used were defined 1317 within the source file. 1319 Appendix A: Changes from RFC 6931 1321 The following changes have been made in RFC 6931 to produce this 1322 document. 1324 1. Delete Appendix on Changes from RFC 4051, since they were already 1325 included in RFC 6931, and remove refeence to RFC 4051 and to the 1326 on Errata against RFC 4051. 1328 2. Fix three errata as follows: [Err3597], [Err3965], and [Err4004]. 1329 In cases where [RFC6931] had an erroneous URI, it is still 1330 included in the indicies and it is stated that implementations 1331 SHOULD only generate the correct URI but SHOULD understand both 1332 the correct and erroneous URI. 1334 3. Minor editorial changes. 1336 Appendix B: Bad URIs 1338 [RFC6931] included two bad URIs as shown below. "{Bad}" in the 1339 indexes (Section 4.1 and 4.1) indicates such a Bad value. 1340 Implementations SHOULD only generate the correct URI but SHOULD 1341 understand both the correct and erroneous URI. 1343 2006/12/xmlc12n11# 1344 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1345 it should be "2006/12/xmlc14n11#" (i.e., "12" should have been 1346 "14"). This is [Err3965] and is corrected in this document. 1348 2007/05/xmldsig-more#rsa-sha224 1349 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1350 it should be "2001/04/xmldsig-more#rsa-sha22". This is [Err4004] 1351 and is corrected in this document. 1353 Appendix Z: Change History 1355 RFC Editor Note: Plese delete this Appendix before publication. 1357 -00 to -01 to -02 to -03 to -04 to -05 to -06 to -07 to -08 1359 Bump up version and date to keep draft alive as a place where new 1360 URIs can be accumulated. At some point in here, author address was 1361 updated. 1363 Normative References 1365 [10118-3] - ISO, "Information technology -- Security techniques -- 1366 Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC 1367 10118-3:2004, 2004. 1369 [18033-2] - ISO, "Information technology -- Security techniques -- 1370 Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 1371 18033-2:2010, 2010. 1373 [Camellia] - Aoki, K., Ichikawa, T., Matsui, M., Moriai, S., 1374 Nakajima, J., and T. Tokita, "Camellia: A 128-bit Block Cipher 1375 Suitable for Multiple Platforms - Design and Analysis", in 1376 Selected Areas in Cryptography, 7th Annual International 1377 Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in 1378 Computer Science 2012, pp. 39-56, Springer-Verlag, 2001. 1380 [FIPS180-4] - US National Institute of Science and Technology, 1381 "Secure Hash Standard (SHS)", FIPS 180-4, March 2012, 1382 . 1385 [FIPS186-3] - US National Institute of Science and Technology, 1386 "Digital Signature Standard (DSS)", FIPS 186-3, June 2009, 1387 . 1390 [IEEEP1363a] - IEEE, "Standard Specifications for Public Key 1391 Cryptography- Amendment 1: Additional Techniques", IEEE 1392 1363a-2004, 2004. 1394 [RC4] - Schneier, B., "Applied Cryptography: Protocols, Algorithms, 1395 and Source Code in C", Second Edition, John Wiley and Sons, New 1396 York, NY, 1996. 1398 [RFC1321] - Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1399 April 1992. 1401 [RFC2045] - Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1402 Extensions (MIME) Part One: Format of Internet Message Bodies", 1403 RFC 2045, November 1996. 1405 [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1406 Hashing for Message Authentication", RFC 2104, February 1997. 1408 [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate 1409 Requirement Levels", BCP 14, RFC 2119, March 1997. 1411 [RFC2315] - Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1412 Version 1.5", RFC 2315, March 1998. 1414 [RFC3275] - Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1415 Markup Language) XML-Signature Syntax and Processing", RFC 1416 3275, March 2002. 1418 [RFC3394] - Schaad, J. and R. Housley, "Advanced Encryption Standard 1419 (AES) Key Wrap Algorithm", RFC 3394, September 2002. 1421 [RFC3447] - Jonsson, J. and B. Kaliski, "Public-Key Cryptography 1422 Standards (PKCS) #1: RSA Cryptography Specifications Version 1423 2.1", RFC 3447, February 2003. 1425 [RFC3713] - Matsui, M., Nakajima, J., and S. Moriai, "A Description 1426 of the Camellia Encryption Algorithm", RFC 3713, April 2004. 1428 [RFC3986] - Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1429 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, 1430 January 2005. 1432 [RFC4050] - Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. 1433 Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for 1434 XML Digital Signatures", RFC 4050, April 2005. 1436 [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional 1437 Algorithms and Identifiers for RSA Cryptography for use in the 1438 Internet X.509 Public Key Infrastructure Certificate and 1439 Certificate Revocation List (CRL) Profile", RFC 4055, June 1440 2005. 1442 [RFC4269] - Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The 1443 SEED Encryption Algorithm", RFC 4269, December 2005. 1445 [RFC5226] - Narten, T. and H. Alvestrand, "Guidelines for Writing an 1446 IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 1447 2008. 1449 [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash 1450 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 1451 2011. 1453 [RFC8174] - Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1454 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 1455 2017, . 1457 [X9.62] - American National Standards Institute, Accredited Standards 1458 Committee X9, "Public Key Cryptography for the Financial 1459 Services Industry: The Elliptic Curve Digital Signature 1460 Algorithm (ECDSA)", ANSI X9.62:2005, 2005. 1462 [XMLENC10] - Reagle, J. and D. Eastlake, "XML Encryption Syntax and 1463 Processing", W3C Recommendation, 10 December 2002, 1464 . 1466 [XMLENC11] - Eastlake, D., Reagle, J., Hirsch, F., and T. Roessler, 1467 "XML Encryption Syntax and Processing Version 1.1", W3C 1468 Proposed Recommendation, 24 January 2013, 1469 . 1471 [XPointer] - Grosso, P., Maler, E., Marsh, J., and N. Walsh, 1472 "XPointer Framework", W3C Recommendation, 25 March 2003, 1473 . 1475 Informational References 1477 [CANON10] - Boyer, J., "Canonical XML Version 1.0", W3C 1478 Recommendation, 15 March 2001, . 1481 [CANON11] - Boyer, J., and G. Marcy, "Canonical XML Version 1.1", W3C 1482 Recommendation, 2 May 2008, . 1485 [DECRYPT] - Hughes, M., Imamura, T., and H. Maruyama, "Decryption 1486 Transform for XML Signature", W3C Recommendation, 10 December 1487 2002, . 1489 [Err3597] - RFC Errata, Errata ID 3597, RFC 6931, . 1492 [Err3965] - RFC Errata, Errata ID 3965, RFC 6931, . 1495 [Err4004] - RFC Errata, Errata ID 4004, RFC 6931, . 1498 [GENERIC] - Nystrom, M. and F. Hirsch, "XML Security Generic Hybrid 1499 Ciphers", W3C Working Group Note, 24 January 2013, 1500 . 1503 [Keccak] - Bertoni, G., Daeman, J., Peeters, M., and G. Van Assche, 1504 "The KECCAK sponge function family", January 2013, 1505 . 1507 [RFC3075] - Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature 1508 Syntax and Processing", RFC 3075, March 2001. 1510 [RFC3076] - Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 1511 2001. 1513 [RFC3092] - Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology 1514 of "Foo"", RFC 3092, April 1 2001. 1516 [RFC3741] - Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive 1517 XML Canonicalization, Version 1.0", RFC 3741, March 2004. 1519 [RFC4010] - Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 1520 Encryption Algorithm in Cryptographic Message Syntax (CMS)", 1521 RFC 4010, February 2005. 1523 [RFC4051] - Eastlake 3rd, D., "Additional XML Security Uniform 1524 Resource Identifiers (URIs)", RFC 4051, April 2005. 1526 [RFC6090] 1527 - D. McGrew, K. Igoe, M. Salter, "Fundamental Elliptic Curve 1528 Cryptography Algorithms", RFC 6090, February 2011. 1529 - Note RFC Errata numbers 2773, 2774, 2775, 2776, and 2777. 1531 [RFC6151] - Turner, S. and L. Chen, "Updated Security Considerations 1532 for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 1533 6151, March 2011. 1535 [RFC6194] - Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security 1536 Considerations for the SHA-0 and SHA-1 Message-Digest 1537 Algorithms", RFC 6194, March 2011. 1539 [RFC6931] - Eastlake 3rd, D., "Additional XML Security Uniform 1540 Resource Identifiers (URIs)", RFC 6931, April 2013, 1541 . 1543 [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, 1544 "XML Schema Part 1: Structures Second Edition", W3C 1545 Recommendation, 28 October 2004, 1546 . 1547 - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes 1548 Second Edition", W3C Recommendation, 28 October 2004, 1549 . 1551 [SHA-3] - US National Institute of Science and Technology, "SHA-3 1552 WINNER", February 2013, . 1555 [W3C] - World Wide Web Consortium, . 1557 [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML 1558 Canonicalization Version 1.0", W3C Recommendation, 18 July 1559 2002, . 1561 [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. 1562 Roessler, "XML Signature Syntax and Processing (Second 1563 Edition)", W3C Recommendation, 10 June 2008, 1564 ./ 1566 [XMLDSIG11] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., 1567 Nystrom, M., Roessler, T., and K. Yiu, "XML Signature Syntax 1568 and Processing Version 1.1", W3C Proposed Recommendation, 11 1569 April 2013, . 1571 [XMLDSIG-PROP] - Hirsch, F., "XML Signature Properties", W3C Proposed 1572 Recommendation, 24 January 2013, . 1575 [XMLSECXREF] - Hirsch, F., Roessler, T., and K. Yiu, "XML Security 1576 Algorithm Cross-Reference", W3C Working Group Note, 24 January 1577 2013, . 1580 [XPATH] - Boyer, J., Hughes, M., and J. Reagle, "XML-Signature XPath 1581 Filter 2.0", W3C Recommendation, 8 November 2002, 1582 . 1583 - Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, 1584 M., Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0 1585 (Second Edition)", W3C Recommendation, 14 December 2010, 1586 . 1588 [XSLT] - Saxonica, M., "XSL Transformations (XSLT) Version 2.0", W3C 1589 Recommendation, 23 January 2007, 1590 . 1592 Author's Address 1594 Donald E. Eastlake, 3rd 1595 Huawei Technologies 1596 1424 Pro Shop Court 1597 Davenport, FL 33896 USA 1599 Phone: +1-508-333-2270 1600 EMail: d3e3e3@gmail.com 1602 Copyright, Disclaimer, and Additional IPR Provisions 1604 Copyright (c) 2019 IETF Trust and the persons identified as the 1605 document authors. All rights reserved. 1607 This document is subject to BCP 78 and the IETF Trust's Legal 1608 Provisions Relating to IETF Documents 1609 (http://trustee.ietf.org/license-info) in effect on the date of 1610 publication of this document. Please review these documents 1611 carefully, as they describe your rights and restrictions with respect 1612 to this document. Code Components extracted from this document must 1613 include Simplified BSD License text as described in Section 4.e of 1614 the Trust Legal Provisions and are provided without warranty as 1615 described in the Simplified BSD License. The definitive version of 1616 an IETF Document is that published by, or under the auspices of, the 1617 IETF. Versions of IETF Documents that are published by third parties, 1618 including those that are translated into other languages, should not 1619 be considered to be definitive versions of IETF Documents. The 1620 definitive version of these Legal Provisions is that published by, or 1621 under the auspices of, the IETF. Versions of these Legal Provisions 1622 that are published by third parties, including those that are 1623 translated into other languages, should not be considered to be 1624 definitive versions of these Legal Provisions. For the avoidance of 1625 doubt, each Contributor to the IETF Standards Process licenses each 1626 Contribution that he or she makes as part of the IETF Standards 1627 Process to the IETF Trust pursuant to the provisions of RFC 5378. No 1628 language to the contrary, or terms, conditions or rights that differ 1629 from or are inconsistent with the rights and licenses granted under 1630 RFC 5378, shall have any effect and shall be null and void, whether 1631 published or posted by such Contributor, or included with or in such 1632 Contribution.