idnits 2.17.1 draft-eastlake-rfc6931bis-xmlsec-uris-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 2, 2019) is 1753 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1600' on line 307 -- Possible downref: Non-RFC (?) normative reference: ref. '10118-3' -- Possible downref: Non-RFC (?) normative reference: ref. '18033-2' -- Possible downref: Non-RFC (?) normative reference: ref. 'Camellia' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-3' -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEEP1363a' -- Possible downref: Non-RFC (?) normative reference: ref. 'RC4' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 2315 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Downref: Normative reference to an Informational RFC: RFC 3713 ** Downref: Normative reference to an Informational RFC: RFC 4050 ** Downref: Normative reference to an Informational RFC: RFC 4269 ** Downref: Normative reference to an Informational RFC: RFC 6234 ** Downref: Normative reference to an Informational RFC: RFC 8017 -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC10' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC11' -- Possible downref: Non-RFC (?) normative reference: ref. 'XPointer' -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3597') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err3965', was also mentioned in 'Err3597'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3965') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err4004', was also mentioned in 'Err3965'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err4004') (Obsoleted by RFC 9231) -- Obsolete informational reference (is this intentional?): RFC 3075 (Obsoleted by RFC 3275) -- Obsolete informational reference (is this intentional?): RFC 4051 (Obsoleted by RFC 6931) -- Duplicate reference: RFC6931, mentioned in 'RFC6931', was also mentioned in 'Err4004'. -- Obsolete informational reference (is this intentional?): RFC 6931 (Obsoleted by RFC 9231) Summary: 9 errors (**), 0 flaws (~~), 1 warning (==), 21 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Donald Eastlake 2 Obsoletes: 6931 Futurewei 3 Intended Status: Proposed Standard 4 Expires: January 1, 2020 July 2, 2019 6 Additional XML Security Uniform Resource Identifiers (URIs) 7 9 Abstract 11 This document updates and corrects the IANA registry for the list of 12 URIs intended for use with XML digital signatures, encryption, 13 canonicalization, and key management. These URIs identify algorithms 14 and types of information. This document corrrects three errata 15 against and obsoletes RFC 6931. 17 The intent is to keep this draft alive while it accumulates updates 18 until it seems reasonable to publish the next version. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Distribution of this document is unlimited. Comments should be sent 26 to the author. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft 40 Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 Table of Contents 45 1. Introduction............................................4 46 1.1 Terminology...........................................5 47 1.2 Acronyms..............................................5 49 2. Algorithms..............................................7 50 2.1 DigestMethod (Hash) Algorithms........................7 51 2.1.1 MD5.................................................7 52 2.1.2 SHA-224.............................................8 53 2.1.3 SHA-384.............................................8 54 2.1.4 Whirlpool...........................................8 55 2.1.5 New SHA Functions...................................9 56 2.2 SignatureMethod MAC Algorithms........................9 57 2.2.1 HMAC-MD5............................................9 58 2.2.2 HMAC SHA Variations................................10 59 2.2.3 HMAC-RIPEMD160.....................................10 60 2.3 SignatureMethod Public Key Signature Algorithms......11 61 2.3.1 RSA-MD5............................................11 62 2.3.2 RSA-SHA256.........................................12 63 2.3.3 RSA-SHA384.........................................12 64 2.3.4 RSA-SHA512.........................................12 65 2.3.5 RSA-RIPEMD160......................................12 66 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......13 67 2.3.7 ESIGN-SHA*.........................................14 68 2.3.8 RSA-Whirlpool......................................14 69 2.3.9 RSASSA-PSS with Parameters.........................14 70 2.3.10 RSASSA-PSS without Parameters.....................16 71 2.3.11 RSA-SHA224........................................16 72 2.4 Minimal Canonicalization.............................17 73 2.5 Transform Algorithms.................................17 74 2.5.1 XPointer...........................................17 75 2.6 EncryptionMethod Algorithms..........................18 76 2.6.1 ARCFOUR Encryption Algorithm.......................18 77 2.6.2 Camellia Block Encryption..........................19 78 2.6.3 Camellia Key Wrap..................................19 79 2.6.4 PSEC-KEM...........................................20 80 2.6.5 SEED Block Encryption..............................20 81 2.6.6 SEED Key Wrap......................................20 83 3. KeyInfo................................................22 84 3.1 PKCS #7 Bag of Certificates and CRLs.................22 85 3.2 Additional RetrievalMethod Type Values...............22 87 4. Indexes................................................23 88 4.1 Fragment Index.......................................23 89 4.2 URI Index............................................26 91 5. Allocation Considerations..............................31 92 5.1 W3C Allocation Considerations........................31 93 5.2 IANA Considerations..................................31 95 Table of Contents (continued) 97 6. Security Considerations................................32 99 Acknowledgements..........................................33 101 Appendix A: Changes from RFC 6931.........................34 102 Appendix B: Bad URIs......................................35 104 Appendix Z: Change History................................36 106 Normative References......................................37 107 Informational References..................................40 109 Author's Address..........................................43 111 1. Introduction 113 XML digital signatures, canonicalization, and encryption have been 114 standardized by the W3C and by the joint IETF/W3C XMLDSIG working 115 group [W3C]. All of these are now W3C Recommendations and some are 116 also RFCs. They are available as follows: 118 RFC 119 Status W3C REC Topic 120 ----------- ------- ----- 122 [RFC3275] [XMLDSIG10] XML Digital Signatures 123 Draft Standard 125 [RFC3076] [CANON10] Canonical XML 126 Informational 128 - - - - - - [XMLENC10] XML Encryption 1.0 130 [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 131 Informational 133 All of these documents and recommendations use URIs [RFC3986] to 134 identify algorithms and keying information types. The W3C has 135 subsequently produced updated XML Signature 1.1 [XMLDSIG11], 136 Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] 137 versions, as well as a new XML Signature Properties specification 138 [XMLDSIG-PROP]. 140 All camel-case element names herein, such as DigestValue, are from 141 these documents. 143 This document is an updated convenient reference list of URIs and 144 corresponding algorithms in which there is expressed interest. This 145 document fixes Errata [Err3597], [Err3965], [Err4004] against and 146 obsoletes [RFC6931]. 148 All of the URIs appear in the indexes in Section 4. Only the URIs 149 that were added by [RFC4051], [RFC6931], or this document have a 150 subsection in Section 2 or 3, with the exception of Minimal 151 Canonicalization (Section 2.4). For example, use of SHA-256 is 152 defined in [XMLENC11] and hence there is no subsection on that 153 algorithm here, but its URI is included in the indexes in Section 4. 155 Specification in this document of the URI representing an algorithm 156 does not imply endorsement of the algorithm for any particular 157 purpose. A protocol specification, which this is not, generally 158 gives algorithm and implementation requirements for the protocol. 159 Security considerations for algorithms are constantly evolving, as 160 documented elsewhere. This specification simply provides some URIs 161 and relevant formatting for when those URIs are used. 163 Note that progressing XML Digital Signature [RFC3275] along the 164 Standards Track required removal of any algorithms from the original 165 version [RFC3075] for which there was not demonstrated 166 interoperability. This required removal of the Minimal 167 Canonicalization algorithm, in which there appears to be continued 168 interest. The URI for Minimal Canonicalization was included in 169 [RFC4051] and [RFC6931] and is included here. 171 1.1 Terminology 173 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 174 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 175 "OPTIONAL" in this document are to be interpreted as described in BCP 176 14 [RFC2119] [RFC8174] when, and only when, they appear in all 177 capitals, as shown here. 179 This document is not intended to change the algorithm implementation 180 requirements of any IETF or W3C document. Use of [RFC2119] 181 terminology is intended to be only such as is already stated or 182 implied by other authoritative documents. 184 1.2 Acronyms 186 The following acronyms are used in this document: 188 HMAC - Keyed-Hashing MAC [RFC2104] 190 IETF - Internet Engineering Task Force 192 MAC - Message Authentication Code 194 MD - Message Digest 196 NIST - United States National Institute of Standards and 197 Technology 199 RC - Rivest Cipher 201 RSA - Rivest, Shamir, and Adleman 203 SHA - Secure Hash Algorithm 205 URI - Uniform Resource Identifier [RFC3986] 206 W3C - World Wide Web Consortium 208 XML - eXtensible Markup Language 210 2. Algorithms 212 The URI [RFC3986] that was dropped from the XML Digital Signature 213 standard due to the transition from Proposed Standard to Draft 214 Standard [RFC3275] is included in Section 2.4 below with its original 216 http://www.w3.org/2000/09/xmldsig# 218 prefix so as to avoid changing the XMLDSIG standard's namespace. 220 Additional algorithms in [RFC4051] were given URIs that start with 222 http://www.w3.org/2001/04/xmldsig-more# 224 while further algorithms added in this document are given URIs that 225 start with 227 http://www.w3.org/2007/05/xmldsig-more# 229 In addition, for ease of reference, this document includes in the 230 indexes in Section 4 many cryptographic algorithm URIs from several 231 XML security documents using the namespaces with which they are 232 defined in those documents. For example, 2000/09/xmldsig# for some 233 URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs 234 specified in [XMLENC10]. 236 See also [XMLSECXREF]. 238 2.1 DigestMethod (Hash) Algorithms 240 These algorithms are usable wherever a DigestMethod element occurs. 242 2.1.1 MD5 244 Identifier: 245 http://www.w3.org/2001/04/xmldsig-more#md5 247 The MD5 algorithm [RFC1321] takes no explicit parameters. An example 248 of an MD5 DigestAlgorithm element is: 250 253 An MD5 digest is a 128-bit string. The content of the DigestValue 254 element SHALL be the base64 [RFC2045] encoding of this bit string 255 viewed as a 16-octet octet stream. See [RFC6151] for MD5 security 256 considerations. 258 2.1.2 SHA-224 260 Identifier: 261 http://www.w3.org/2001/04/xmldsig-more#sha224 263 The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit 264 parameters. An example of a SHA-224 DigestAlgorithm element is: 266 269 A SHA-224 digest is a 224-bit string. The content of the DigestValue 270 element SHALL be the base64 [RFC2045] encoding of this string viewed 271 as a 28-octet stream. 273 2.1.3 SHA-384 275 Identifier: 276 http://www.w3.org/2001/04/xmldsig-more#sha384 278 The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An 279 example of a SHA-384 DigestAlgorithm element is: 281 284 A SHA-384 digest is a 384-bit string. The content of the DigestValue 285 element SHALL be the base64 [RFC2045] encoding of this string viewed 286 as a 48-octet stream. 288 2.1.4 Whirlpool 290 Identifier: 291 http://www.w3.org/2007/05/xmldsig-more#whirlpool 293 The Whirlpool algorithm [10118-3] takes no explicit parameters. A 294 Whirlpool digest is a 512-bit string. The content of the DigestValue 295 element SHALL be the base64 [RFC2045] encoding of this string viewed 296 as a 64-octet stream. 298 2.1.5 New SHA Functions 300 Identifiers: 301 http://www.w3.org/2007/05/xmldsig-more#sha3-224 302 http://www.w3.org/2007/05/xmldsig-more#sha3-256 303 http://www.w3.org/2007/05/xmldsig-more#sha3-384 304 http://www.w3.org/2007/05/xmldsig-more#sha3-512 306 NIST has recently completed a hash function competition for an 307 alternative to the SHA family. The Keccak-f[1600] algorithm was 308 selected [Keccak] [SHA-3]. This hash function is commonly referred 309 to as "SHA-3", and this section is a space holder and reservation of 310 URIs for future information on Keccak use in XML security. 312 A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and 313 512-bit string, respectively. The content of the DigestValue element 314 SHALL be the base64 [RFC2045] encoding of this string viewed as a 315 28-, 32-, 48-, and 64-octet stream, respectively. 317 2.2 SignatureMethod MAC Algorithms 319 This section covers SignatureMethod MAC (Message Authentication Code) 320 Algorithms. 322 Note: Some text in this section is duplicated from [RFC3275] for the 323 convenience of the reader. RFC 3275 is normative in case of conflict. 325 2.2.1 HMAC-MD5 327 Identifier: 328 http://www.w3.org/2001/04/xmldsig-more#hmac-md5 330 The HMAC algorithm [RFC2104] takes the truncation length in bits as a 331 parameter; if the parameter is not specified, then all the bits of 332 the hash are output. An example of an HMAC-MD5 SignatureMethod 333 element is as follows: 335 337 112 338 340 The output of the HMAC algorithm is ultimately the output (possibly 341 truncated) of the chosen digest algorithm. This value SHALL be base64 342 [RFC2045] encoded in the same straightforward fashion as the output 343 of the digest algorithms. Example: the SignatureValue element for the 344 HMAC-MD5 digest 346 9294727A 3638BB1C 13F48EF8 158BFC9D 348 from the test vectors in [RFC2104] would be 350 kpRyejY4uxwT9I74FYv8nQ== 352 Schema Definition: 354 355 356 358 DTD: 360 362 The Schema Definition and DTD immediately above are copied from 363 [RFC3275]. 365 See [RFC6151] for HMAC-MD5 security considerations. 367 2.2.2 HMAC SHA Variations 369 Identifiers: 370 http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 371 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 372 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 373 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 375 SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also 376 be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. 378 2.2.3 HMAC-RIPEMD160 380 Identifier: 381 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 383 RIPEMD-160 [10118-3] can also be used in HMAC as described in Section 384 2.2.1 above for HMAC-MD5. 386 2.3 SignatureMethod Public Key Signature Algorithms 388 These algorithms are distinguished from those in Section 2.2 above in 389 that they use public key methods. That is to say, the verification 390 key is different from and not feasibly derivable from the signing 391 key. 393 2.3.1 RSA-MD5 395 Identifier: 396 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 398 This implies the PKCS#1 v1.5 padding algorithm described in 399 [RFC8017]. An example of use is 401 404 The SignatureValue content for an RSA-MD5 signature is the base64 405 [RFC2045] encoding of the octet string computed as per [RFC8017], 406 Section 8.2.1, signature generation for the RSASSA-PKCS1-v1_5 407 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function 408 in [RFC8017], Section 9.2, the value input to the signature function 409 MUST contain a pre-pended algorithm object identifier for the hash 410 function, but the availability of an ASN.1 parser and recognition of 411 OIDs is not required of a signature verifier. The PKCS#1 v1.5 412 representation appears as: 414 CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) 416 Note that the padded ASN.1 will be of the following form: 418 01 | FF* | 00 | prefix | hash 420 Vertical bar ("|") represents concatenation. "01", "FF", and "00" are 421 fixed octets of the corresponding hexadecimal value, and the asterisk 422 ("*") after "FF" indicates repetition. "hash" is the MD5 digest of 423 the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix 424 required in PKCS #1 [RFC8017], that is, 426 hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 428 This prefix is included to make it easier to use standard 429 cryptographic libraries. The FF octet MUST be repeated enough times 430 that the value of the quantity being CRYPTed is exactly one octet 431 shorter than the RSA modulus. 433 See [RFC6151] for MD5 security considerations. 435 2.3.2 RSA-SHA256 437 Identifier: 438 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 440 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 441 in Section 2.3.1, but with the ASN.1 BER SHA-256 algorithm designator 442 prefix. An example of use is 444 447 2.3.3 RSA-SHA384 449 Identifier: 450 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 452 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 453 in Section 2.3.1, but with the ASN.1 BER SHA-384 algorithm designator 454 prefix. An example of use is 456 459 Because it takes about the same effort to calculate a SHA-384 message 460 digest as it does a SHA-512 message digest, it is suggested that RSA- 461 SHA512 be used in preference to RSA-SHA384 where possible. 463 2.3.4 RSA-SHA512 465 Identifier: 466 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 468 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 469 in Section 2.3.1, but with the ASN.1 BER SHA-512 algorithm designator 470 prefix. An example of use is 472 475 2.3.5 RSA-RIPEMD160 477 Identifier: 478 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 480 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 481 in Section 2.3.1, but with the ASN.1 BER RIPEMD160 algorithm 482 designator prefix. An example of use is 484 488 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool 490 Identifiers: 491 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 492 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 493 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 494 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 495 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 496 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 497 http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool 499 The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is 500 the elliptic curve analogue of the Digital Signature Algorithm (DSA) 501 signature method, i.e., the Digital Signature Standard (DSS). It 502 takes no explicit parameters. For detailed specifications of how to 503 use it with SHA hash functions and XML Digital Signature, please see 504 [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool 505 fragments in the new namespace identifies a signature method 506 processed in the same way as specified by the #ecdsa-sha1 fragment of 507 this namespace, with the exception that RIPEMD160 or Whirlpool is 508 used instead of SHA-1. 510 The output of the ECDSA algorithm consists of a pair of integers 511 usually referred by the pair (r, s). The signature value consists of 512 the base64 encoding of the concatenation of two octet streams that 513 respectively result from the octet encoding of the values r and s in 514 that order. Conversion from integer to octet-stream must be done 515 according to the I2OSP operation defined in the [RFC8017] 516 specification with the l parameter equal to the size of the base 517 point order of the curve in bytes (e.g., 32 for the P-256 curve and 518 66 for the P-521 curve [FIPS186-3]). 520 For an introduction to elliptic curve cryptographic algorithms, see 521 [RFC6090] and note the errata (Errata ID 2773-2777). 523 2.3.7 ESIGN-SHA* 525 Identifiers: 526 http://www.w3.org/2001/04/xmldsig-more#esign-sha1 527 http://www.w3.org/2001/04/xmldsig-more#esign-sha224 528 http://www.w3.org/2001/04/xmldsig-more#esign-sha256 529 http://www.w3.org/2001/04/xmldsig-more#esign-sha384 530 http://www.w3.org/2001/04/xmldsig-more#esign-sha512 532 The ESIGN algorithm specified in [IEEEP1363a] is a signature scheme 533 based on the integer factorization problem. It is much faster than 534 previous digital signature schemes, so ESIGN can be implemented on 535 smart cards without special co-processors. 537 An example of use is 539 543 2.3.8 RSA-Whirlpool 545 Identifier: 546 http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool 548 As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the 549 designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in 550 [RFC8017]. When identified through the #rsa-whirlpool fragment 551 identifier, Whirlpool is used as the hash algorithm instead. Use of 552 the ASN.1 BER Whirlpool algorithm designator is implied. That 553 designator is 554 hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 555 as an explicit octet sequence. This corresponds to OID 556 1.0.10118.3.0.55 defined in [10118-3]. 558 An example of use is 560 564 2.3.9 RSASSA-PSS with Parameters 566 Identifiers: 567 http://www.w3.org/2007/05/xmldsig-more#rsa-pss 568 http://www.w3.org/2007/05/xmldsig-more#MGF1 570 These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm 571 [RFC8017]. The RSASSA-PSS algorithm takes the digest method (hash 572 function), a mask generation function, the salt length in bytes 573 (SaltLength), and the trailer field as explicit parameters. 575 Algorithm identifiers for hash functions specified in XML encryption 576 [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid 577 algorithm identifiers for hash functions. According to [RFC8017], 578 the default value for the digest function is SHA-1, but due to the 579 discovered weakness of SHA-1 [RFC6194], it is recommended that 580 SHA-256 or a stronger hash function be used. Notwithstanding 581 [RFC8017], SHA-256 is the default to be used with these 582 SignatureMethod identifiers if no hash function has been specified. 584 The default salt length for these SignatureMethod identifiers if the 585 SaltLength is not specified SHALL be the number of octets in the hash 586 value of the digest method, as recommended in [RFC4055]. In a 587 parameterized RSASSA-PSS signature the ds:DigestMethod and the 588 SaltLength parameters usually appear. If they do not, the defaults 589 make this equivalent to http://www.w3.org/2007/05/xmldsig- 590 more#sha256-rsa-MGF1 (see Section 2.3.10). The TrailerField defaults 591 to 1 (0xBC) when omitted. 593 Schema Definition (target namespace 594 http://www.w3.org/2007/05/xmldsig-more#): 596 597 598 599 Top level element that can be used in xs:any namespace="#other" 600 wildcard of ds:SignatureMethod content. 601 602 603 604 605 606 607 609 611 613 614 615 616 617 618 619 621 623 2.3.10 RSASSA-PSS without Parameters 625 [RFC8017] currently specifies only one mask generation function MGF1 626 based on a hash function. Although [RFC8017] allows for 627 parameterization, the default is to use the same hash function as the 628 digest method function. Only this default approach is supported by 629 this section; therefore, the definition of a mask generation function 630 type is not needed yet. The same applies to the trailer field. There 631 is only one value (0xBC) specified in [RFC8017]. Hence, this default 632 parameter must be used for signature generation. The default salt 633 length is the length of the hash function. 635 Identifiers: 636 http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 637 http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 638 http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 639 http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 641 http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 642 http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 643 http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 644 http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 645 http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 646 http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 647 http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 648 http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 649 http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 650 http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 652 An example of use is 654 659 2.3.11 RSA-SHA224 661 Identifier: 662 http://www.w3.org/2001/04/xmldsig-more#rsa-sha224 664 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 665 in Section 2.3.1 but with the ASN.1 BER SHA-224 algorithm designator 666 prefix. An example of use is 668 671 Because it takes about the same effort to calculate a SHA-224 message 672 digest as it does a SHA-256 message digest, it is suggested that RSA- 673 SHA256 be used in preference to RSA-SHA224 where possible. 675 See also Appendix B concerning an erroneous version of this URI that 676 appeared in [RFC6931]. 678 2.4 Minimal Canonicalization 680 Thus far, two independent interoperable implementations of Minimal 681 Canonicalization have not been announced. Therefore, when XML 682 Digital Signature was advanced along the Standards Track from 683 [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. 684 However, there is still interest. For its definition, see Section 685 6.5.1 of [RFC3075]. 687 For reference, its identifier remains: 688 http://www.w3.org/2000/09/xmldsig#minimal 690 2.5 Transform Algorithms 692 Note that all CanonicalizationMethod algorithms can also be used as 693 Transform algorithms. 695 2.5.1 XPointer 697 Identifier: 698 http://www.w3.org/2001/04/xmldsig-more#xptr 700 This transform algorithm takes an [XPointer] as an explicit 701 parameter. An example of use is: 703 705 707 xpointer(id("foo")) xmlns(bar=http://foobar.example) 708 xpointer(//bar:Zab[@Id="foo"]) 709 710 712 Schema Definition: 714 716 DTD: 718 720 Input to this transform is an octet stream (which is then parsed into 721 XML). 723 Output from this transform is a node set; the results of the XPointer 724 are processed as defined in the XMLDSIG specification [RFC3275] for a 725 same-document XPointer. 727 2.6 EncryptionMethod Algorithms 729 This subsection gives identifiers and information for several 730 EncryptionMethod Algorithms. 732 2.6.1 ARCFOUR Encryption Algorithm 734 Identifier: 735 http://www.w3.org/2001/04/xmldsig-more#arcfour 737 ARCFOUR is a fast, simple stream encryption algorithm that is 738 compatible with RSA Security's RC4 algorithm [RC4]. An example 739 EncryptionMethod element using ARCFOUR is 741 743 40 744 746 Note that Arcfour makes use of the generic KeySize parameter 747 specified and defined in [XMLENC11]. 749 2.6.2 Camellia Block Encryption 751 Identifiers: 752 http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc 753 http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc 754 http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc 756 Camellia is a block cipher with the same interface as the AES 757 [Camellia] [RFC3713]; it has a 128-bit block size and 128-, 192-, and 758 256-bit key sizes. In XML Encryption Camellia is used in the same way 759 as the AES: It is used in the Cipher Block Chaining (CBC) mode with a 760 128-bit initialization vector (IV). The resulting cipher text is 761 prefixed by the IV. If included in XML output, it is then base64 762 encoded. An example Camellia EncryptionMethod is as follows: 764 769 2.6.3 Camellia Key Wrap 771 Identifiers: 772 http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 773 http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 774 http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 776 Camellia [Camellia] [RFC3713] key wrap is identical to the AES key 777 wrap algorithm [RFC3394] specified in the XML Encryption standard 778 with "AES" replaced by "Camellia". As with AES key wrap, the check 779 value is 0xA6A6A6A6A6A6A6A6. 781 The algorithm is the same whatever the size of the Camellia key used 782 in wrapping, called the "key encrypting key" or "KEK". If Camellia is 783 supported, it is particularly suggested that wrapping 128-bit keys 784 with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be 785 supported. 787 An example of use is: 789 794 2.6.4 PSEC-KEM 796 Identifier: 797 http://www.w3.org/2001/04/xmldsig-more#psec-kem 799 The PSEC-KEM algorithm, specified in [18033-2], is a key 800 encapsulation mechanism using elliptic curve encryption. 802 An example of use is: 804 806 807 version 808 id 809 curve 810 base 811 order 812 cofactor 813 814 816 See [18033-2] for information on the parameters above. 818 2.6.5 SEED Block Encryption 820 Identifier: 821 http://www.w3.org/2007/05/xmldsig-more#seed128-cbc 823 SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML 824 Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode 825 with a 128-bit initialization vector (IV). The resulting cipher text 826 is prefixed by the IV. If included in XML output, it is then base64 827 encoded. 829 An example SEED EncryptionMethod is as follows: 831 834 2.6.6 SEED Key Wrap 836 Identifier: 837 http://www.w3.org/2007/05/xmldsig-more#kw-seed128 839 Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] 840 with "AES" replaced by "SEED". The algorithm is specified in 841 [RFC4010]. The implementation of SEED is optional. The default 842 initial value is 0xA6A6A6A6A6A6A6A6. 844 An example of use is: 846 851 3. KeyInfo 853 In Section 3.1 below a new KeyInfo element child is specified, while 854 in Section 3.2 additional KeyInfo Type values for use in 855 RetrievalMethod are specified. 857 3.1 PKCS #7 Bag of Certificates and CRLs 859 A PKCS #7 [RFC2315] "signedData" can also be used as a bag of 860 certificates and/or certificate revocation lists (CRLs). The 861 PKCS7signedData element is defined to accommodate such structures 862 within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] 863 encoded. Any signer information present is ignored. The following 864 is a example [RFC3092], eliding the base64 data: 866 868 ... 869 871 3.2 Additional RetrievalMethod Type Values 873 The Type attribute of RetrievalMethod is an optional identifier for 874 the type of data to be retrieved. The result of dereferencing a 875 RetrievalMethod reference for all KeyInfo types with an XML structure 876 is an XML element or document with that element as the root. The 877 various "raw" key information types return a binary value. Thus, they 878 require a Type attribute because they are not unambiguously parsable. 880 Identifiers: 881 http://www.w3.org/2001/04/xmldsig-more#KeyName 882 http://www.w3.org/2001/04/xmldsig-more#KeyValue 883 http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData 884 http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket 885 http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData 886 http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp 887 http://www.w3.org/2001/04/xmldsig-more#rawX509CRL 888 http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod 890 4. Indexes 892 The following subsections provide an index by URI and by fragment 893 identifier (the portion of the URI after "#") of the algorithm and 894 KeyInfo URIs defined in this document and in the standards (plus the 895 one KeyInfo child element name defined in this document). The 896 "Sec/Doc" column has the section of this document or, if not 897 specified in this document, the standards document where the item is 898 specified. See also [XMLSECXREF]. 900 4.1 Fragment Index 902 The initial "http://www.w3.org/" part of the URI is not included 903 below. The first six entries have a null fragment identifier or no 904 fragment identifier. "{Bad}" indicates a Bad value that was 905 accidentally included in [RFC6931]. Implementations SHOULD only 906 generate the correct URI but SHOULD understand both the correct and 907 erroneous URI. See also Appendix B. 909 Fragment URI Sec/Doc 910 --------- ---- -------- 912 2002/06/xmldsig-filter2 [XPATH] 913 2006/12/xmlc12n11# {Bad} [CANON11] 914 2006/12/xmlc14n11# [CANON11] 915 TR/1999/REC-xslt-19991116 [XSLT] 916 TR/1999/REC-xpath-19991116 [XPATH] 917 TR/2001/06/xml-exc-c14n# [XCANON] 918 TR/2001/REC-xml-c14n-20010315 [CANON10] 919 TR/2001/REC-xmlschema-1-20010502 [Schema] 921 aes128-cbc 2001/04/xmlenc#aes128-cbc [XMLENC11] 922 aes128-gcm 2009/xmlenc11#aes128-gcm [XMLENC11] 923 aes192-cbc 2001/04/xmlenc#aes192-cbc [XMLENC11] 924 aes192-gcm 2009/xmlenc11#aes192-gcm [XMLENC11] 925 aes256-cbc 2001/04/xmlenc#aes256-cbc [XMLENC11] 926 aes256-gcm 2009/xmlenc11#aes256-gcm [XMLENC11] 927 arcfour 2001/04/xmldsig-more#arcfour 2.6.1 929 base64 2000/09/xmldsig#base64 [RFC3275] 931 camellia128-cbc 2001/04/xmldsig-more#camellia128-cbc 2.6.2 932 camellia192-cbc 2001/04/xmldsig-more#camellia192-cbc 2.6.2 933 camellia256-cbc 2001/04/xmldsig-more#camellia256-cbc 2.6.2 934 ConcatKDF 2009/xmlenc11#ConcatKDF [XMLENC11] 935 decrypt#XML 2002/07/decrypt#XML [DECRYPT] 936 decrypt#Binary 2002/07/decrypt#Binary [DECRYPT] 937 DEREncodedKeyValue 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] 938 dh 2001/04/xmlenc#dh [XMLENC11] 939 dh-es 2009/xmlenc11#dh-es [XMLENC11] 940 dsa-sha1 2000/09/xmldsig#dsa-sha1 [RFC3275] 941 dsa-sha256 2009/xmldsig11#dsa-sha256 [XMLDSIG11] 942 DSAKeyValue 2000/09/xmldsig#DSAKeyValue [XMLDSIG11] 944 ECDH-ES 2009/xmlenc11#ECDH-ES [XMLENC11] 945 ecdsa-ripemd160 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 946 ecdsa-sha1 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 947 ecdsa-sha224 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 948 ecdsa-sha256 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 949 ecdsa-sha384 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 950 ecdsa-sha512 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 951 ecdsa-whirlpool 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 952 ecies-kem 2010/xmlsec-ghc#ecies-kem [GENERIC] 953 ECKeyValue 2009/xmldsig11#ECKeyValue [XMLDSIG11] 954 enveloped-signature 2000/09/xmldsig#enveloped-signature [RFC3275] 955 esign-sha1 2001/04/xmldsig-more#esign-sha1 2.3.7 956 esign-sha224 2001/04/xmldsig-more#esign-sha224 2.3.7 957 esign-sha256 2001/04/xmldsig-more#esign-sha256 2.3.7 958 esign-sha384 2001/04/xmldsig-more#esign-sha384 2.3.7 959 esign-sha512 2001/04/xmldsig-more#esign-sha512 2.3.7 961 generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC] 963 hmac-md5 2001/04/xmldsig-more#hmac-md5 2.2.1 964 hmac-ripemd160 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 965 hmac-sha1 2000/09/xmldsig#hmac-sha1 [RFC3275] 966 hmac-sha224 2001/04/xmldsig-more#hmac-sha224 2.2.2 967 hmac-sha256 2001/04/xmldsig-more#hmac-sha256 2.2.2 968 hmac-sha384 2001/04/xmldsig-more#hmac-sha384 2.2.2 969 hmac-sha512 2001/04/xmldsig-more#hmac-sha512 2.2.2 971 KeyName 2001/04/xmldsig-more#KeyName 3.2 972 KeyValue 2001/04/xmldsig-more#KeyValue 3.2 973 kw-aes128 2001/04/xmlenc#kw-aes128 [XMLENC11] 974 kw-aes128-pad 2009/xmlenc11#kw-aes-128-pad [XMLENC11] 975 kw-aes192 2001/04/xmlenc#kw-aes192 [XMLENC11] 976 kw-aes192-pad 2009/xmlenc11#kw-aes-192-pad [XMLENC11] 977 kw-aes256 2001/04/xmlenc#kw-aes256 [XMLENC11] 978 kw-aes256-pad 2009/xmlenc11#kw-aes-256-pad [XMLENC11] 979 kw-camellia128 2001/04/xmldsig-more#kw-camellia128 2.6.3 980 kw-camellia192 2001/04/xmldsig-more#kw-camellia192 2.6.3 981 kw-camellia256 2001/04/xmldsig-more#kw-camellia256 2.6.3 982 kw-seed128 2007/05/xmldsig-more#kw-seed128 2.6.6 983 md2-rsa-MGF1 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 984 md5 2001/04/xmldsig-more#md5 2.1.1 985 md5-rsa-MGF1 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 986 MGF1 2007/05/xmldsig-more#MGF1 2.3.9 987 mgf1sha1 2009/xmlenc11#mgf1sha1 [XMLENC11] 988 mgf1sha224 2009/xmlenc11#mgf1sha224 [XMLENC11] 989 mgf1sha256 2009/xmlenc11#mgf1sha256 [XMLENC11] 990 mgf1sha384 2009/xmlenc11#mgf1sha384 [XMLENC11] 991 mgf1sha512 2009/xmlenc11#mgf1sha512 [XMLENC11] 992 MgmtData 2000/09/xmldsig#MgmtData [XMLDSIG11] 993 minimal 2000/09/xmldsig#minimal 2.4 995 pbkdf2 2009/xmlenc11#pbkdf2 [XMLENC11] 996 PGPData 2000/09/xmldsig#PGPData [XMLDSIG11] 997 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.1 998 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.2 999 psec-kem 2001/04/xmldsig-more#psec-kem 2.6.4 1001 rawPGPKeyPacket 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 1002 rawPKCS7signedData 2001/04/xmldsig-more#rawPKCS7signedData 3.2 1003 rawSPKISexp 2001/04/xmldsig-more#rawSPKISexp 3.2 1004 rawX509Certificate 2000/09/xmldsig#rawX509Certificate [RFC3275] 1005 rawX509CRL 2001/04/xmldsig-more#rawX509CRL 3.2 1006 RetrievalMethod 2001/04/xmldsig-more#RetrievalMethod 3.2 1007 ripemd128-rsa-MGF1 2007/05/xmldsig-more#ripemd128-rsa-MGF1 1008 2.3.10 1009 ripemd160 2001/04/xmlenc#ripemd160 [XMLENC11] 1010 ripemd160-rsa-MGF1 2007/05/xmldsig-more#ripemd160-rsa-MGF1 1011 2.3.10 1012 rsa-1_5 2001/04/xmlenc#rsa-1_5 [XMLENC11] 1013 rsa-md5 2001/04/xmldsig-more#rsa-md5 2.3.1 1014 rsa-oaep 2009/xmlenc11#rsa-oaep [XMLENC11] 1015 rsa-oaep-mgf1p 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] 1016 rsa-pss 2007/05/xmldsig-more#rsa-pss 2.3.9 1017 rsa-ripemd160 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 1018 rsa-sha1 2000/09/xmldsig#rsa-sha1 [RFC3275] 1019 rsa-sha224 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 1020 rsa-sha224 2001/04/xmldsig-more#rsa-sha224 2.3.11 1021 rsa-sha256 2001/04/xmldsig-more#rsa-sha256 2.3.2 1022 rsa-sha384 2001/04/xmldsig-more#rsa-sha384 2.3.3 1023 rsa-sha512 2001/04/xmldsig-more#rsa-sha512 2.3.4 1024 rsa-whirlpool 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 1025 rsaes-kem 2010/xmlsec-ghc#rsaes-kem [GENERIC] 1026 RSAKeyValue 2000/09/xmldsig#RSAKeyValue [XMLDSIG11] 1028 seed128-cbc 2007/05/xmldsig-more#seed128-cbc 2.6.5 1029 sha1 2000/09/xmldsig#sha1 [RFC3275] 1030 sha1-rsa-MGF1 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 1031 sha224 2001/04/xmldsig-more#sha224 2.1.2 1032 sha224-rsa-MGF1 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 1033 sha256 2001/04/xmlenc#sha256 [XMLENC11] 1034 sha256-rsa-MGF1 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 1035 sha3-224 2007/05/xmldsig-more#sha3-224 2.1.5 1036 sha3-224-rsa-MGF1 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 1037 sha3-256 2007/05/xmldsig-more#sha3-256 2.1.5 1038 sha3-256-rsa-MGF1 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 1039 sha3-384 2007/05/xmldsig-more#sha3-384 2.1.5 1040 sha3-384-rsa-MGF1 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 1041 sha3-512 2007/05/xmldsig-more#sha3-512 2.1.5 1042 sha3-512-rsa-MGF1 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 1043 sha384 2001/04/xmldsig-more#sha384 2.1.3 1044 sha384-rsa-MGF1 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 1045 sha512 2001/04/xmlenc#sha512 [XMLENC11] 1046 sha512-rsa-MGF1 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 1047 SPKIData 2000/09/xmldsig#SPKIData [XMLDSIG11] 1049 tripledes-cbc 2001/04/xmlenc#tripledes-cbc [XMLENC11] 1051 whirlpool 2007/05/xmldsig-more#whirlpool 2.1.4 1052 whirlpool-rsa-MGF1 2007/05/xmldsig-more#whirlpool-rsa-MGF1 1053 2.3.10 1054 WithComments 2006/12/xmlc14n11#WithComments [CANON11] 1055 WithComments TR/2001/06/xml-exc-c14n#WithComments 1056 [XCANON] 1057 WithComments TR/2001/REC-xml-c14n-20010315#WithComments 1058 [CANON10] 1060 X509Data 2000/09/xmldsig#X509Data [XMLDSIG11] 1061 xptr 2001/04/xmldsig-more#xptr 2.5.1 1063 The initial "http://www.w3.org/" part of the URI is not included 1064 above. 1066 4.2 URI Index 1068 The initial "http://www.w3.org/" part of the URI is not included 1069 below. "{Bad}" indicates a Bad value that was accidentally included 1070 in [RFC6931]. Implementations SHOULD only generate the correct URI 1071 but SHOULD understand both the correct and erroneous URI. See also 1072 Appendix B. 1074 URI Sec/Doc Type 1075 ---- -------- ----- 1077 2000/09/xmldsig#base64 [RFC3275] Transform 1078 2000/09/xmldsig#DSAKeyValue [RFC3275] Retrieval type 1079 2000/09/xmldsig#dsa-sha1 [RFC3275] SignatureMethod 1080 2000/09/xmldsig#enveloped-signature [RFC3275] Transform 1081 2000/09/xmldsig#hmac-sha1 [RFC3275] SignatureMethod 1082 2000/09/xmldsig#MgmtData [RFC3275] Retrieval type 1083 2000/09/xmldsig#minimal 2.4 Canonicalization 1084 2000/09/xmldsig#PGPData [RFC3275] Retrieval type 1085 2000/09/xmldsig#rawX509Certificate [RFC3275] Retrieval type 1086 2000/09/xmldsig#rsa-sha1 [RFC3275] SignatureMethod 1087 2000/09/xmldsig#RSAKeyValue [RFC3275] Retrieval type 1088 2000/09/xmldsig#sha1 [RFC3275] DigestAlgorithm 1089 2000/09/xmldsig#SPKIData [RFC3275] Retrieval type 1090 2000/09/xmldsig#X509Data [RFC3275] Retrieval type 1092 2001/04/xmldsig-more#arcfour 2.6.1 EncryptionMethod 1093 2001/04/xmldsig-more#camellia128-cbc 2.6.2 EncryptionMethod 1094 2001/04/xmldsig-more#camellia192-cbc 2.6.2 EncryptionMethod 1095 2001/04/xmldsig-more#camellia256-cbc 2.6.2 EncryptionMethod 1096 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 SignatureMethod 1097 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 SignatureMethod 1098 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 SignatureMethod 1099 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 SignatureMethod 1100 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 SignatureMethod 1101 2001/04/xmldsig-more#esign-sha1 2.3.7 SignatureMethod 1102 2001/04/xmldsig-more#esign-sha224 2.3.7 SignatureMethod 1103 2001/04/xmldsig-more#esign-sha256 2.3.7 SignatureMethod 1104 2001/04/xmldsig-more#esign-sha384 2.3.7 SignatureMethod 1105 2001/04/xmldsig-more#esign-sha512 2.3.7 SignatureMethod 1106 2001/04/xmldsig-more#hmac-md5 2.2.1 SignatureMethod 1107 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 SignatureMethod 1108 2001/04/xmldsig-more#hmac-sha224 2.2.2 SignatureMethod 1109 2001/04/xmldsig-more#hmac-sha256 2.2.2 SignatureMethod 1110 2001/04/xmldsig-more#hmac-sha384 2.2.2 SignatureMethod 1111 2001/04/xmldsig-more#hmac-sha512 2.2.2 SignatureMethod 1112 2001/04/xmldsig-more#KeyName 3.2 Retrieval type 1113 2001/04/xmldsig-more#KeyValue 3.2 Retrieval type 1114 2001/04/xmldsig-more#kw-camellia128 2.6.3 EncryptionMethod 1115 2001/04/xmldsig-more#kw-camellia192 2.6.3 EncryptionMethod 1116 2001/04/xmldsig-more#kw-camellia256 2.6.3 EncryptionMethod 1117 2001/04/xmldsig-more#md5 2.1.1 DigestAlgorithm 1118 2001/04/xmldsig-more#PKCS7signedData 3.2 Retrieval type 1119 2001/04/xmldsig-more#psec-kem 2.6.4 EncryptionMethod 1120 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 Retrieval type 1121 2001/04/xmldsig-more#rawPKCS7signedData 3.2 Retrieval type 1122 2001/04/xmldsig-more#rawSPKISexp 3.2 Retrieval type 1123 2001/04/xmldsig-more#rawX509CRL 3.2 Retrieval type 1124 2001/04/xmldsig-more#RetrievalMethod 3.2 Retrieval type 1125 2001/04/xmldsig-more#rsa-md5 2.3.1 SignatureMethod 1126 2001/04/xmldsig-more#rsa-sha224 2.3.11 SignatureMethod 1127 2001/04/xmldsig-more#rsa-sha256 2.3.2 SignatureMethod 1128 2001/04/xmldsig-more#rsa-sha384 2.3.3 SignatureMethod 1129 2001/04/xmldsig-more#rsa-sha512 2.3.4 SignatureMethod 1130 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 SignatureMethod 1131 2001/04/xmldsig-more#sha224 2.1.2 DigestAlgorithm 1132 2001/04/xmldsig-more#sha384 2.1.3 DigestAlgorithm 1133 2001/04/xmldsig-more#xptr 2.5.1 Transform 1134 2001/04/xmldsig-more#PKCS7signedData 3.1 KeyInfo child 1136 2001/04/xmlenc#aes128-cbc [XMLENC11] EncryptionMethod 1137 2001/04/xmlenc#aes192-cbc [XMLENC11] EncryptionMethod 1138 2001/04/xmlenc#aes256-cbc [XMLENC11] EncryptionMethod 1139 2001/04/xmlenc#dh [XMLENC11] AgreementMethod 1140 2001/04/xmlenc#kw-aes128 [XMLENC11] EncryptionMethod 1141 2001/04/xmlenc#kw-aes192 [XMLENC11] EncryptionMethod 1142 2001/04/xmlenc#kw-aes256 [XMLENC11] EncryptionMethod 1143 2001/04/xmlenc#ripemd160 [XMLENC11] DigestAlgorithm 1144 2001/04/xmlenc#rsa-1_5 [XMLENC11] EncryptionMethod 1145 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] EncryptionMethod 1146 2001/04/xmlenc#sha256 [XMLENC11] DigestAlgorithm 1147 2001/04/xmlenc#sha512 [XMLENC11] DigestAlgorithm 1148 2001/04/xmlenc#tripledes-cbc [XMLENC11] EncryptionMethod 1150 2002/06/xmldsig-filter2 [XPATH] Transform 1152 2002/07/decrypt#XML [DECRYPT] Transform 1153 2002/07/decrypt#Binary [DECRYPT] Transform 1155 2006/12/xmlc12n11# {Bad} [CANON11] Canonicalization 1156 2006/12/xmlc14n11# [CANON11] Canonicalization 1157 2006/12/xmlc14n11#WithComments [CANON11] Canonicalization 1159 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 SignatureMethod 1160 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 SignatureMethod 1161 2007/05/xmldsig-more#kw-seed128 2.6.6 EncryptionMethod 1162 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 SignatureMethod 1163 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 SignatureMethod 1164 2007/05/xmldsig-more#MGF1 2.3.9 SignatureMethod 1165 2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod 1166 2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod 1167 2007/05/xmldsig-more#rsa-pss 2.3.9 SignatureMethod 1168 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 SignatureMethod 1169 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 SignatureMethod 1170 2007/05/xmldsig-more#seed128-cbc 2.6.5 EncryptionMethod 1171 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 SignatureMethod 1172 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 SignatureMethod 1173 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 SignatureMethod 1174 2007/05/xmldsig-more#sha3-224 2.1.5 DigestAlgorithm 1175 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 SignatureMethod 1176 2007/05/xmldsig-more#sha3-256 2.1.5 DigestAlgorithm 1177 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 SignatureMethod 1178 2007/05/xmldsig-more#sha3-384 2.1.5 DigestAlgorithm 1179 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 SignatureMethod 1180 2007/05/xmldsig-more#sha3-512 2.1.5 DigestAlgorithm 1181 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 SignatureMethod 1182 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 SignatureMethod 1183 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 SignatureMethod 1184 2007/05/xmldsig-more#whirlpool 2.1.4 DigestAlgorithm 1185 2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod 1186 2009/xmlenc11#kw-aes-128-pad [XMLENC11] EncryptionMethod 1187 2009/xmlenc11#kw-aes-192-pad [XMLENC11] EncryptionMethod 1188 2009/xmlenc11#kw-aes-256-pad [XMLENC11] EncryptionMethod 1190 2009/xmldsig11#dsa-sha256 [XMLDSIG11] SignatureMethod 1191 2009/xmldsig11#ECKeyValue [XMLDSIG11] Retrieval type 1192 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] Retrieval type 1194 2009/xmlenc11#aes128-gcm [XMLENC11] EncryptionMethod 1195 2009/xmlenc11#aes192-gcm [XMLENC11] EncryptionMethod 1196 2009/xmlenc11#aes256-gcm [XMLENC11] EncryptionMethod 1197 2009/xmlenc11#ConcatKDF [XMLENC11] EncryptionMethod 1198 2009/xmlenc11#mgf1sha1 [XMLENC11] SignatureMethod 1199 2009/xmlenc11#mgf1sha224 [XMLENC11] SignatureMethod 1200 2009/xmlenc11#mgf1sha256 [XMLENC11] SignatureMethod 1201 2009/xmlenc11#mgf1sha384 [XMLENC11] SignatureMethod 1202 2009/xmlenc11#mgf1sha512 [XMLENC11] SignatureMethod 1203 2009/xmlenc11#pbkdf2 [XMLENC11] EncryptionMethod 1204 2009/xmlenc11#rsa-oaep [XMLENC11] EncryptionMethod 1205 2009/xmlenc11#ECDH-ES [XMLENC11] EncryptionMethod 1206 2009/xmlenc11#dh-es [XMLENC11] EncryptionMethod 1208 2010/xmlsec-ghc#generic-hybrid [GENERIC] Generic Hybrid 1209 2010/xmlsec-ghc#rsaes-kem [GENERIC] Generic Hybrid 1210 2010/xmlsec-ghc#ecies-kem [GENERIC] Generic Hybrid 1212 TR/1999/REC-xpath-19991116 [XPATH] Transform 1213 TR/1999/REC-xslt-19991116 [XSLT] Transform 1214 TR/2001/06/xml-exc-c14n# [XCANON] Canonicalization 1215 TR/2001/06/xml-exc-c14n#WithComments 1216 [XCANON] Canonicalization 1217 TR/2001/REC-xml-c14n-20010315 [CANON10] Canonicalization 1218 TR/2001/REC-xml-c14n-20010315#WithComments 1219 [CANON10] Canonicalization 1220 TR/2001/REC-xmlschema-1-20010502 [Schema] Transform 1222 The initial "http://www.w3.org/" part of the URI is not included 1223 above. "{Bad}" indicates a Bad value that was accidentally included 1224 in [RFC6931]. Implementations SHOULD only generate the correct URI 1225 but SHOULD understand both the correct and erroneous URI. See also 1226 Appendix B. 1228 5. Allocation Considerations 1230 W3C and IANA allocation considerations are given below. 1232 5.1 W3C Allocation Considerations 1234 As it is easy for people to construct their own unique URIs [RFC3986] 1235 and, if appropriate, to obtain a URI from the W3C, it is not intended 1236 that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be 1237 created beyond those enumerated in this RFC. (W3C Namespace 1238 stability rules prohibit the creation of new URIs under 1239 "http://www.w3.org/2000/09/xmldsig#" and URIs under 1240 "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the 1241 publication of [RFC4051].) 1243 An "xmldsig-more" URI does not imply any official W3C or IETF status 1244 for these algorithms or identifiers nor does it imply that they are 1245 only useful in digital signatures. Currently, dereferencing such 1246 URIs may or may not produce a temporary placeholder document. 1247 Permission to use these URI prefixes has been given by the W3C. 1249 5.2 IANA Considerations 1251 IANA has established a registry entitled "XML Security URIs". The 1252 initial contents correspond to Section 4.2 of this document with each 1253 section number in the "Sec/Doc" column augmented with a reference to 1254 this RFC (for example, "2.6.4" means "[RFC6931], Section 2.6.4"). 1256 New entries, including new Types, will be added based on Expert 1257 Review [RFC8126]. Criterion for inclusion are (1) documentation 1258 sufficient for interoperability of the algorithm or data type and the 1259 XML syntax for its representation and use and (2) sufficient 1260 importance as normally indicated by inclusion in (2a) an approved W3C 1261 Note, Proposed Recommendation, or Recommendation or (2b) an approved 1262 IETF Standards Track document. Typically, the registry will 1263 reference a W3C or IETF document specifying such XML syntax; that 1264 document will either contain a more abstract description of the 1265 algorithm or data type or reference another document with a more 1266 abstract description. 1268 6. Security Considerations 1270 This RFC is concerned with documenting the URIs that designate 1271 algorithms and some data types used in connection with XML security. 1272 The security considerations vary widely with the particular 1273 algorithms, and the general security considerations for XML security 1274 are outside of the scope of this document but appear in [XMLDSIG11], 1275 [XMLENC11], [CANON10], [CANON11], and [GENERIC]. 1277 [RFC6151] should be consulted before considering the use of MD5 as a 1278 DigestMethod or RSA-MD5 as a SignatureMethod. 1280 See [RFC6194] for SHA-1 security considerations and [RFC6151] for MD5 1281 security considerations. 1283 Additional security considerations are given in connection with the 1284 description of some algorithms in the body of this document. 1286 Implementers should be aware that cryptographic algorithms become 1287 weaker with time. As new cryptoanalysis techniques are developed and 1288 computing performance improves, the work factor to break a particular 1289 cryptographic algorithm will reduce. Therefore, cryptographic 1290 implementations should be modular, allowing new algorithms to be 1291 readily inserted. That is, implementers should be prepared for the 1292 set of mandatory-to-implement algorithms to change over time. 1294 Acknowledgements 1296 The contributions of the following, listed in alphabetic order, by 1297 reporting errata against RFC 6931 or contributing to this document, 1298 are gratefully acknowleged: 1300 Frederick Hirsch, Axel Puhlmann, Annie Yousar 1302 The contributions of the following, listed in alphabetic order, to 1303 [RFC6931], on which this document is based, are gratefully 1304 acknowledged: 1306 Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, 1307 Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, 1308 Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter 1309 Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter 1310 Saint-Andre, and Sean Turner. 1312 The following contributors to [RFC4051] are gratefully acknowledged: 1314 Glenn Adams, Merlin Hughs, Gregor Karlinger, Brian LaMachia, Shiho 1315 Moriai, Joseph Reagle, Russ Housley, and Joel Halpern. 1317 The document was prepared in raw nroff. All macros used were defined 1318 within the source file. 1320 Appendix A: Changes from RFC 6931 1322 The following changes have been made in RFC 6931 to produce this 1323 document. 1325 1. Delete Appendix on Changes from RFC 4051, since they were already 1326 included in RFC 6931, and remove refeence to RFC 4051 and to the 1327 on Errata against RFC 4051. 1329 2. Fix three errata as follows: [Err3597], [Err3965], and [Err4004]. 1330 In cases where [RFC6931] had an erroneous URI, it is still 1331 included in the indicies and it is stated that implementations 1332 SHOULD only generate the correct URI but SHOULD understand both 1333 the correct and erroneous URI. 1335 3. Minor editorial changes. 1337 Appendix B: Bad URIs 1339 [RFC6931] included two bad URIs as shown below. "{Bad}" in the 1340 indexes (Section 4.1 and 4.1) indicates such a Bad value. 1341 Implementations SHOULD only generate the correct URI but SHOULD 1342 understand both the correct and erroneous URI. 1344 2006/12/xmlc12n11# 1345 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1346 it should be "2006/12/xmlc14n11#" (i.e., "12" should have been 1347 "14"). This is [Err3965] and is corrected in this document. 1349 2007/05/xmldsig-more#rsa-sha224 1350 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1351 it should be "2001/04/xmldsig-more#rsa-sha22". This is [Err4004] 1352 and is corrected in this document. 1354 Appendix Z: Change History 1356 RFC Editor Note: Plese delete this Appendix before publication. 1358 -00 to -01 to -02 to -03 to -04 to -05 to -06 to -07 to -08 1360 Bump up version and date to keep draft alive as a place where new 1361 URIs can be accumulated. At some point in here, author address was 1362 updated. 1364 -08 to -09 1366 Update author affiliation and references. 1368 Normative References 1370 [10118-3] - ISO, "Information technology -- Security techniques -- 1371 Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC 1372 10118-3:2004, 2004. 1374 [18033-2] - ISO, "Information technology -- Security techniques -- 1375 Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 1376 18033-2:2010, 2010. 1378 [Camellia] - Aoki, K., Ichikawa, T., Matsui, M., Moriai, S., 1379 Nakajima, J., and T. Tokita, "Camellia: A 128-bit Block Cipher 1380 Suitable for Multiple Platforms - Design and Analysis", in 1381 Selected Areas in Cryptography, 7th Annual International 1382 Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in 1383 Computer Science 2012, pp. 39-56, Springer-Verlag, 2001. 1385 [FIPS180-4] - US National Institute of Science and Technology, 1386 "Secure Hash Standard (SHS)", FIPS 180-4, March 2012, 1387 . 1390 [FIPS186-3] - US National Institute of Science and Technology, 1391 "Digital Signature Standard (DSS)", FIPS 186-3, June 2009, 1392 . 1395 [IEEEP1363a] - IEEE, "Standard Specifications for Public Key 1396 Cryptography- Amendment 1: Additional Techniques", IEEE 1397 1363a-2004, 2004. 1399 [RC4] - Schneier, B., "Applied Cryptography: Protocols, Algorithms, 1400 and Source Code in C", Second Edition, John Wiley and Sons, New 1401 York, NY, 1996. 1403 [RFC1321] - Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1404 April 1992. 1406 [RFC2045] - Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1407 Extensions (MIME) Part One: Format of Internet Message Bodies", 1408 RFC 2045, November 1996. 1410 [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1411 Hashing for Message Authentication", RFC 2104, February 1997. 1413 [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate 1414 Requirement Levels", BCP 14, RFC 2119, March 1997. 1416 [RFC2315] - Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1417 Version 1.5", RFC 2315, March 1998. 1419 [RFC3275] - Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1420 Markup Language) XML-Signature Syntax and Processing", RFC 1421 3275, March 2002. 1423 [RFC3394] - Schaad, J. and R. Housley, "Advanced Encryption Standard 1424 (AES) Key Wrap Algorithm", RFC 3394, September 2002. 1426 [RFC3713] - Matsui, M., Nakajima, J., and S. Moriai, "A Description 1427 of the Camellia Encryption Algorithm", RFC 3713, April 2004. 1429 [RFC3986] - Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1430 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, 1431 January 2005. 1433 [RFC4050] - Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. 1434 Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for 1435 XML Digital Signatures", RFC 4050, April 2005. 1437 [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional 1438 Algorithms and Identifiers for RSA Cryptography for use in the 1439 Internet X.509 Public Key Infrastructure Certificate and 1440 Certificate Revocation List (CRL) Profile", RFC 4055, June 1441 2005. 1443 [RFC4269] - Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The 1444 SEED Encryption Algorithm", RFC 4269, December 2005. 1446 [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash 1447 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 1448 2011. 1450 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, 1451 "PKCS #1: RSA Cryptography Specifications Version 2.2", RFC 1452 8017, DOI 10.17487/RFC8017, November 2016, . 1455 [RFC8126] - Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1456 Writing an IANA Considerations Section in RFCs", BCP 26, RFC 1457 8126, DOI 10.17487/RFC8126, June 2017, . 1460 [RFC8174] - Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1461 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 1462 2017, . 1464 [X9.62] - American National Standards Institute, Accredited Standards 1465 Committee X9, "Public Key Cryptography for the Financial 1466 Services Industry: The Elliptic Curve Digital Signature 1467 Algorithm (ECDSA)", ANSI X9.62:2005, 2005. 1469 [XMLENC10] - Reagle, J. and D. Eastlake, "XML Encryption Syntax and 1470 Processing", W3C Recommendation, 10 December 2002, 1471 . 1473 [XMLENC11] - Eastlake, D., Reagle, J., Hirsch, F., and T. Roessler, 1474 "XML Encryption Syntax and Processing Version 1.1", W3C 1475 Proposed Recommendation, 24 January 2013, 1476 . 1478 [XPointer] - Grosso, P., Maler, E., Marsh, J., and N. Walsh, 1479 "XPointer Framework", W3C Recommendation, 25 March 2003, 1480 . 1482 Informational References 1484 [CANON10] - Boyer, J., "Canonical XML Version 1.0", W3C 1485 Recommendation, 15 March 2001, . 1488 [CANON11] - Boyer, J., and G. Marcy, "Canonical XML Version 1.1", W3C 1489 Recommendation, 2 May 2008, . 1492 [DECRYPT] - Hughes, M., Imamura, T., and H. Maruyama, "Decryption 1493 Transform for XML Signature", W3C Recommendation, 10 December 1494 2002, . 1496 [Err3597] - RFC Errata, Errata ID 3597, RFC 6931, . 1499 [Err3965] - RFC Errata, Errata ID 3965, RFC 6931, . 1502 [Err4004] - RFC Errata, Errata ID 4004, RFC 6931, . 1505 [GENERIC] - Nystrom, M. and F. Hirsch, "XML Security Generic Hybrid 1506 Ciphers", W3C Working Group Note, 24 January 2013, 1507 . 1510 [Keccak] - Bertoni, G., Daeman, J., Peeters, M., and G. Van Assche, 1511 "The KECCAK sponge function family", January 2013, 1512 . 1514 [RFC3075] - Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature 1515 Syntax and Processing", RFC 3075, March 2001. 1517 [RFC3076] - Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 1518 2001. 1520 [RFC3092] - Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology 1521 of "Foo"", RFC 3092, April 1 2001. 1523 [RFC3741] - Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive 1524 XML Canonicalization, Version 1.0", RFC 3741, March 2004. 1526 [RFC4010] - Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 1527 Encryption Algorithm in Cryptographic Message Syntax (CMS)", 1528 RFC 4010, February 2005. 1530 [RFC4051] - Eastlake 3rd, D., "Additional XML Security Uniform 1531 Resource Identifiers (URIs)", RFC 4051, April 2005. 1533 [RFC6090] 1534 - D. McGrew, K. Igoe, M. Salter, "Fundamental Elliptic Curve 1535 Cryptography Algorithms", RFC 6090, February 2011. 1536 - Note RFC Errata numbers 2773, 2774, 2775, 2776, and 2777. 1538 [RFC6151] - Turner, S. and L. Chen, "Updated Security Considerations 1539 for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 1540 6151, March 2011. 1542 [RFC6194] - Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security 1543 Considerations for the SHA-0 and SHA-1 Message-Digest 1544 Algorithms", RFC 6194, March 2011. 1546 [RFC6931] - Eastlake 3rd, D., "Additional XML Security Uniform 1547 Resource Identifiers (URIs)", RFC 6931, April 2013, 1548 . 1550 [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, 1551 "XML Schema Part 1: Structures Second Edition", W3C 1552 Recommendation, 28 October 2004, 1553 . 1554 - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes 1555 Second Edition", W3C Recommendation, 28 October 2004, 1556 . 1558 [SHA-3] - US National Institute of Science and Technology, "SHA-3 1559 WINNER", February 2013, . 1562 [W3C] - World Wide Web Consortium, . 1564 [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML 1565 Canonicalization Version 1.0", W3C Recommendation, 18 July 1566 2002, . 1568 [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. 1569 Roessler, "XML Signature Syntax and Processing (Second 1570 Edition)", W3C Recommendation, 10 June 2008, 1571 ./ 1573 [XMLDSIG11] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., 1574 Nystrom, M., Roessler, T., and K. Yiu, "XML Signature Syntax 1575 and Processing Version 1.1", W3C Proposed Recommendation, 11 1576 April 2013, . 1578 [XMLDSIG-PROP] - Hirsch, F., "XML Signature Properties", W3C Proposed 1579 Recommendation, 24 January 2013, . 1582 [XMLSECXREF] - Hirsch, F., Roessler, T., and K. Yiu, "XML Security 1583 Algorithm Cross-Reference", W3C Working Group Note, 24 January 1584 2013, . 1587 [XPATH] - Boyer, J., Hughes, M., and J. Reagle, "XML-Signature XPath 1588 Filter 2.0", W3C Recommendation, 8 November 2002, 1589 . 1590 - Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, 1591 M., Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0 1592 (Second Edition)", W3C Recommendation, 14 December 2010, 1593 . 1595 [XSLT] - Saxonica, M., "XSL Transformations (XSLT) Version 2.0", W3C 1596 Recommendation, 23 January 2007, 1597 . 1599 Author's Address 1601 Donald E. Eastlake, 3rd 1602 Futurewei Technologies 1603 1424 Pro Shop Court 1604 Davenport, FL 33896 USA 1606 Phone: +1-508-333-2270 1607 EMail: d3e3e3@gmail.com 1609 Copyright, Disclaimer, and Additional IPR Provisions 1611 Copyright (c) 2019 IETF Trust and the persons identified as the 1612 document authors. All rights reserved. 1614 This document is subject to BCP 78 and the IETF Trust's Legal 1615 Provisions Relating to IETF Documents 1616 (http://trustee.ietf.org/license-info) in effect on the date of 1617 publication of this document. Please review these documents 1618 carefully, as they describe your rights and restrictions with respect 1619 to this document. Code Components extracted from this document must 1620 include Simplified BSD License text as described in Section 4.e of 1621 the Trust Legal Provisions and are provided without warranty as 1622 described in the Simplified BSD License. The definitive version of 1623 an IETF Document is that published by, or under the auspices of, the 1624 IETF. Versions of IETF Documents that are published by third parties, 1625 including those that are translated into other languages, should not 1626 be considered to be definitive versions of IETF Documents. The 1627 definitive version of these Legal Provisions is that published by, or 1628 under the auspices of, the IETF. Versions of these Legal Provisions 1629 that are published by third parties, including those that are 1630 translated into other languages, should not be considered to be 1631 definitive versions of these Legal Provisions. For the avoidance of 1632 doubt, each Contributor to the IETF Standards Process licenses each 1633 Contribution that he or she makes as part of the IETF Standards 1634 Process to the IETF Trust pursuant to the provisions of RFC 5378. No 1635 language to the contrary, or terms, conditions or rights that differ 1636 from or are inconsistent with the rights and licenses granted under 1637 RFC 5378, shall have any effect and shall be null and void, whether 1638 published or posted by such Contributor, or included with or in such 1639 Contribution.