idnits 2.17.1 draft-eastlake-rfc6931bis-xmlsec-uris-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 2, 2020) is 1538 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1600' on line 304 -- Possible downref: Non-RFC (?) normative reference: ref. '10118-3' -- Possible downref: Non-RFC (?) normative reference: ref. '18033-2' -- Possible downref: Non-RFC (?) normative reference: ref. 'Camellia' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-3' -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEEP1363a' -- Possible downref: Non-RFC (?) normative reference: ref. 'RC4' ** Downref: Normative reference to an Informational RFC: RFC 1321 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 2315 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Downref: Normative reference to an Informational RFC: RFC 3713 ** Downref: Normative reference to an Informational RFC: RFC 4050 ** Downref: Normative reference to an Informational RFC: RFC 4269 ** Downref: Normative reference to an Informational RFC: RFC 6234 ** Downref: Normative reference to an Informational RFC: RFC 8017 -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC10' -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLENC11' -- Possible downref: Non-RFC (?) normative reference: ref. 'XPointer' -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3597') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err3965', was also mentioned in 'Err3597'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err3965') (Obsoleted by RFC 9231) -- Duplicate reference: RFC6931, mentioned in 'Err4004', was also mentioned in 'Err3965'. -- Obsolete informational reference (is this intentional?): RFC 6931 (ref. 'Err4004') (Obsoleted by RFC 9231) -- Obsolete informational reference (is this intentional?): RFC 3075 (Obsoleted by RFC 3275) -- Obsolete informational reference (is this intentional?): RFC 4051 (Obsoleted by RFC 6931) -- Duplicate reference: RFC6931, mentioned in 'RFC6931', was also mentioned in 'Err4004'. -- Obsolete informational reference (is this intentional?): RFC 6931 (Obsoleted by RFC 9231) Summary: 9 errors (**), 0 flaws (~~), 1 warning (==), 21 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Donald Eastlake 2 Obsoletes: 6931 Futurewei 3 Intended Status: Proposed Standard 4 Expires: July 1, 2020 January 2, 2020 6 Additional XML Security Uniform Resource Identifiers (URIs) 7 9 Abstract 11 This document updates and corrects the IANA registry for the list of 12 URIs intended for use with XML digital signatures, encryption, 13 canonicalization, and key management. These URIs identify algorithms 14 and types of information. This document corrrects three errata 15 against and obsoletes RFC 6931. 17 The intent is to keep this draft alive while it accumulates updates 18 until it seems reasonable to publish the next version. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Distribution of this document is unlimited. Comments should be sent 26 to the author. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft 40 Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html. 43 Table of Contents 45 1. Introduction............................................4 46 1.1 Terminology...........................................5 47 1.2 Acronyms..............................................5 49 2. Algorithms..............................................7 50 2.1 DigestMethod (Hash) Algorithms........................7 51 2.1.1 MD5.................................................7 52 2.1.2 SHA-224.............................................8 53 2.1.3 SHA-384.............................................8 54 2.1.4 Whirlpool...........................................8 55 2.1.5 New SHA Functions...................................9 56 2.2 SignatureMethod MAC Algorithms........................9 57 2.2.1 HMAC-MD5............................................9 58 2.2.2 HMAC SHA Variations................................10 59 2.2.3 HMAC-RIPEMD160.....................................10 60 2.3 SignatureMethod Public Key Signature Algorithms......11 61 2.3.1 RSA-MD5............................................11 62 2.3.2 RSA-SHA256.........................................12 63 2.3.3 RSA-SHA384.........................................12 64 2.3.4 RSA-SHA512.........................................12 65 2.3.5 RSA-RIPEMD160......................................12 66 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool.......13 67 2.3.7 ESIGN-SHA*.........................................14 68 2.3.8 RSA-Whirlpool......................................14 69 2.3.9 RSASSA-PSS with Parameters.........................14 70 2.3.10 RSASSA-PSS without Parameters.....................16 71 2.3.11 RSA-SHA224........................................16 72 2.4 Minimal Canonicalization.............................17 73 2.5 Transform Algorithms.................................17 74 2.5.1 XPointer...........................................17 75 2.6 EncryptionMethod Algorithms..........................18 76 2.6.1 ARCFOUR Encryption Algorithm.......................18 77 2.6.2 Camellia Block Encryption..........................19 78 2.6.3 Camellia Key Wrap..................................19 79 2.6.4 PSEC-KEM...........................................20 80 2.6.5 SEED Block Encryption..............................20 81 2.6.6 SEED Key Wrap......................................20 83 3. KeyInfo................................................22 84 3.1 PKCS #7 Bag of Certificates and CRLs.................22 85 3.2 Additional RetrievalMethod Type Values...............22 87 4. Indexes................................................23 88 4.1 Fragment Index.......................................23 89 4.2 URI Index............................................26 91 5. Allocation Considerations..............................31 92 5.1 W3C Allocation Considerations........................31 93 5.2 IANA Considerations..................................31 95 Table of Contents (continued) 97 6. Security Considerations................................32 99 Acknowledgements..........................................33 101 Appendix A: Changes from RFC 6931.........................34 102 Appendix B: Bad URIs......................................35 103 Appendix Z: Change History................................36 105 Normative References......................................37 106 Informational References..................................40 108 1. Introduction 110 XML digital signatures, canonicalization, and encryption have been 111 standardized by the W3C and by the joint IETF/W3C XMLDSIG working 112 group [W3C]. All of these are now W3C Recommendations and some are 113 also RFCs. They are available as follows: 115 RFC 116 Status W3C REC Topic 117 ----------- ------- ----- 119 [RFC3275] [XMLDSIG10] XML Digital Signatures 120 Draft Standard 122 [RFC3076] [CANON10] Canonical XML 123 Informational 125 - - - - - - [XMLENC10] XML Encryption 1.0 127 [RFC3741] [XCANON] Exclusive XML Canonicalization 1.0 128 Informational 130 All of these documents and recommendations use URIs [RFC3986] to 131 identify algorithms and keying information types. The W3C has 132 subsequently produced updated XML Signature 1.1 [XMLDSIG11], 133 Canonical XML 1.1 [CANON11], and XML Encryption 1.1 [XMLENC11] 134 versions, as well as a new XML Signature Properties specification 135 [XMLDSIG-PROP]. 137 All camel-case element names herein, such as DigestValue, are from 138 these documents. 140 This document is an updated convenient reference list of URIs and 141 corresponding algorithms in which there is expressed interest. This 142 document fixes Errata [Err3597], [Err3965], [Err4004] against and 143 obsoletes [RFC6931]. 145 All of the URIs appear in the indexes in Section 4. Only the URIs 146 that were added by [RFC4051], [RFC6931], or this document have a 147 subsection in Section 2 or 3, with the exception of Minimal 148 Canonicalization (Section 2.4). For example, use of SHA-256 is 149 defined in [XMLENC11] and hence there is no subsection on that 150 algorithm here, but its URI is included in the indexes in Section 4. 152 Specification in this document of the URI representing an algorithm 153 does not imply endorsement of the algorithm for any particular 154 purpose. A protocol specification, which this is not, generally 155 gives algorithm and implementation requirements for the protocol. 156 Security considerations for algorithms are constantly evolving, as 157 documented elsewhere. This specification simply provides some URIs 158 and relevant formatting for when those URIs are used. 160 Note that progressing XML Digital Signature [RFC3275] along the 161 Standards Track required removal of any algorithms from the original 162 version [RFC3075] for which there was not demonstrated 163 interoperability. This required removal of the Minimal 164 Canonicalization algorithm, in which there appears to be continued 165 interest. The URI for Minimal Canonicalization was included in 166 [RFC4051] and [RFC6931] and is included here. 168 1.1 Terminology 170 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 171 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 172 "OPTIONAL" in this document are to be interpreted as described in BCP 173 14 [RFC2119] [RFC8174] when, and only when, they appear in all 174 capitals, as shown here. 176 This document is not intended to change the algorithm implementation 177 requirements of any IETF or W3C document. Use of [RFC2119] 178 terminology is intended to be only such as is already stated or 179 implied by other authoritative documents. 181 1.2 Acronyms 183 The following acronyms are used in this document: 185 HMAC - Keyed-Hashing MAC [RFC2104] 187 IETF - Internet Engineering Task Force 189 MAC - Message Authentication Code 191 MD - Message Digest 193 NIST - United States National Institute of Standards and 194 Technology 196 RC - Rivest Cipher 198 RSA - Rivest, Shamir, and Adleman 200 SHA - Secure Hash Algorithm 202 URI - Uniform Resource Identifier [RFC3986] 203 W3C - World Wide Web Consortium 205 XML - eXtensible Markup Language 207 2. Algorithms 209 The URI [RFC3986] that was dropped from the XML Digital Signature 210 standard due to the transition from Proposed Standard to Draft 211 Standard [RFC3275] is included in Section 2.4 below with its original 213 http://www.w3.org/2000/09/xmldsig# 215 prefix so as to avoid changing the XMLDSIG standard's namespace. 217 Additional algorithms in [RFC4051] were given URIs that start with 219 http://www.w3.org/2001/04/xmldsig-more# 221 while further algorithms added in this document are given URIs that 222 start with 224 http://www.w3.org/2007/05/xmldsig-more# 226 In addition, for ease of reference, this document includes in the 227 indexes in Section 4 many cryptographic algorithm URIs from several 228 XML security documents using the namespaces with which they are 229 defined in those documents. For example, 2000/09/xmldsig# for some 230 URIs specified in [RFC3275] and 2001/04/xmlenc# for some URIs 231 specified in [XMLENC10]. 233 See also [XMLSECXREF]. 235 2.1 DigestMethod (Hash) Algorithms 237 These algorithms are usable wherever a DigestMethod element occurs. 239 2.1.1 MD5 241 Identifier: 242 http://www.w3.org/2001/04/xmldsig-more#md5 244 The MD5 algorithm [RFC1321] takes no explicit parameters. An example 245 of an MD5 DigestAlgorithm element is: 247 250 An MD5 digest is a 128-bit string. The content of the DigestValue 251 element SHALL be the base64 [RFC2045] encoding of this bit string 252 viewed as a 16-octet octet stream. See [RFC6151] for MD5 security 253 considerations. 255 2.1.2 SHA-224 257 Identifier: 258 http://www.w3.org/2001/04/xmldsig-more#sha224 260 The SHA-224 algorithm [FIPS180-4] [RFC6234] takes no explicit 261 parameters. An example of a SHA-224 DigestAlgorithm element is: 263 266 A SHA-224 digest is a 224-bit string. The content of the DigestValue 267 element SHALL be the base64 [RFC2045] encoding of this string viewed 268 as a 28-octet stream. 270 2.1.3 SHA-384 272 Identifier: 273 http://www.w3.org/2001/04/xmldsig-more#sha384 275 The SHA-384 algorithm [FIPS180-4] takes no explicit parameters. An 276 example of a SHA-384 DigestAlgorithm element is: 278 281 A SHA-384 digest is a 384-bit string. The content of the DigestValue 282 element SHALL be the base64 [RFC2045] encoding of this string viewed 283 as a 48-octet stream. 285 2.1.4 Whirlpool 287 Identifier: 288 http://www.w3.org/2007/05/xmldsig-more#whirlpool 290 The Whirlpool algorithm [10118-3] takes no explicit parameters. A 291 Whirlpool digest is a 512-bit string. The content of the DigestValue 292 element SHALL be the base64 [RFC2045] encoding of this string viewed 293 as a 64-octet stream. 295 2.1.5 New SHA Functions 297 Identifiers: 298 http://www.w3.org/2007/05/xmldsig-more#sha3-224 299 http://www.w3.org/2007/05/xmldsig-more#sha3-256 300 http://www.w3.org/2007/05/xmldsig-more#sha3-384 301 http://www.w3.org/2007/05/xmldsig-more#sha3-512 303 NIST has recently completed a hash function competition for an 304 alternative to the SHA family. The Keccak-f[1600] algorithm was 305 selected [Keccak] [SHA-3]. This hash function is commonly referred 306 to as "SHA-3", and this section is a space holder and reservation of 307 URIs for future information on Keccak use in XML security. 309 A SHA-3 224, 256, 384, and 512 digest is a 224-, 256-, 384-, and 310 512-bit string, respectively. The content of the DigestValue element 311 SHALL be the base64 [RFC2045] encoding of this string viewed as a 312 28-, 32-, 48-, and 64-octet stream, respectively. 314 2.2 SignatureMethod MAC Algorithms 316 This section covers SignatureMethod MAC (Message Authentication Code) 317 Algorithms. 319 Note: Some text in this section is duplicated from [RFC3275] for the 320 convenience of the reader. RFC 3275 is normative in case of conflict. 322 2.2.1 HMAC-MD5 324 Identifier: 325 http://www.w3.org/2001/04/xmldsig-more#hmac-md5 327 The HMAC algorithm [RFC2104] takes the truncation length in bits as a 328 parameter; if the parameter is not specified, then all the bits of 329 the hash are output. An example of an HMAC-MD5 SignatureMethod 330 element is as follows: 332 334 112 335 337 The output of the HMAC algorithm is ultimately the output (possibly 338 truncated) of the chosen digest algorithm. This value SHALL be base64 339 [RFC2045] encoded in the same straightforward fashion as the output 340 of the digest algorithms. Example: the SignatureValue element for the 341 HMAC-MD5 digest 343 9294727A 3638BB1C 13F48EF8 158BFC9D 345 from the test vectors in [RFC2104] would be 347 kpRyejY4uxwT9I74FYv8nQ== 349 Schema Definition: 351 352 353 355 DTD: 357 359 The Schema Definition and DTD immediately above are copied from 360 [RFC3275]. 362 See [RFC6151] for HMAC-MD5 security considerations. 364 2.2.2 HMAC SHA Variations 366 Identifiers: 367 http://www.w3.org/2001/04/xmldsig-more#hmac-sha224 368 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 369 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 370 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 372 SHA-224, SHA-256, SHA-384, and SHA-512 [FIPS180-4] [RFC6234] can also 373 be used in HMAC as described in Section 2.2.1 above for HMAC-MD5. 375 2.2.3 HMAC-RIPEMD160 377 Identifier: 378 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 380 RIPEMD-160 [10118-3] can also be used in HMAC as described in Section 381 2.2.1 above for HMAC-MD5. 383 2.3 SignatureMethod Public Key Signature Algorithms 385 These algorithms are distinguished from those in Section 2.2 above in 386 that they use public key methods. That is to say, the verification 387 key is different from and not feasibly derivable from the signing 388 key. 390 2.3.1 RSA-MD5 392 Identifier: 393 http://www.w3.org/2001/04/xmldsig-more#rsa-md5 395 This implies the PKCS#1 v1.5 padding algorithm described in 396 [RFC8017]. An example of use is 398 401 The SignatureValue content for an RSA-MD5 signature is the base64 402 [RFC2045] encoding of the octet string computed as per [RFC8017], 403 Section 8.2.1, signature generation for the RSASSA-PKCS1-v1_5 404 signature scheme. As specified in the EMSA-PKCS1-V1_5-ENCODE function 405 in [RFC8017], Section 9.2, the value input to the signature function 406 MUST contain a pre-pended algorithm object identifier for the hash 407 function, but the availability of an ASN.1 parser and recognition of 408 OIDs is not required of a signature verifier. The PKCS#1 v1.5 409 representation appears as: 411 CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) 413 Note that the padded ASN.1 will be of the following form: 415 01 | FF* | 00 | prefix | hash 417 Vertical bar ("|") represents concatenation. "01", "FF", and "00" are 418 fixed octets of the corresponding hexadecimal value, and the asterisk 419 ("*") after "FF" indicates repetition. "hash" is the MD5 digest of 420 the data. "prefix" is the ASN.1 BER MD5 algorithm designator prefix 421 required in PKCS #1 [RFC8017], that is, 423 hex 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04 10 425 This prefix is included to make it easier to use standard 426 cryptographic libraries. The FF octet MUST be repeated enough times 427 that the value of the quantity being CRYPTed is exactly one octet 428 shorter than the RSA modulus. 430 See [RFC6151] for MD5 security considerations. 432 2.3.2 RSA-SHA256 434 Identifier: 435 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 437 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 438 in Section 2.3.1, but with the ASN.1 BER SHA-256 algorithm designator 439 prefix. An example of use is 441 444 2.3.3 RSA-SHA384 446 Identifier: 447 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 449 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 450 in Section 2.3.1, but with the ASN.1 BER SHA-384 algorithm designator 451 prefix. An example of use is 453 456 Because it takes about the same effort to calculate a SHA-384 message 457 digest as it does a SHA-512 message digest, it is suggested that RSA- 458 SHA512 be used in preference to RSA-SHA384 where possible. 460 2.3.4 RSA-SHA512 462 Identifier: 463 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 465 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 466 in Section 2.3.1, but with the ASN.1 BER SHA-512 algorithm designator 467 prefix. An example of use is 469 472 2.3.5 RSA-RIPEMD160 474 Identifier: 475 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 477 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 478 in Section 2.3.1, but with the ASN.1 BER RIPEMD160 algorithm 479 designator prefix. An example of use is 481 485 2.3.6 ECDSA-SHA*, ECDSA-RIPEMD160, ECDSA-Whirlpool 487 Identifiers: 488 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 489 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 490 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 491 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 492 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 493 http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 494 http://www.w3.org/2007/05/xmldsig-more#ecdsa-whirlpool 496 The Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS180-4] is 497 the elliptic curve analogue of the Digital Signature Algorithm (DSA) 498 signature method, i.e., the Digital Signature Standard (DSS). It 499 takes no explicit parameters. For detailed specifications of how to 500 use it with SHA hash functions and XML Digital Signature, please see 501 [X9.62] and [RFC4050]. The #ecdsa-ripemd160 and #ecdsa-whirlpool 502 fragments in the new namespace identifies a signature method 503 processed in the same way as specified by the #ecdsa-sha1 fragment of 504 this namespace, with the exception that RIPEMD160 or Whirlpool is 505 used instead of SHA-1. 507 The output of the ECDSA algorithm consists of a pair of integers 508 usually referred by the pair (r, s). The signature value consists of 509 the base64 encoding of the concatenation of two octet streams that 510 respectively result from the octet encoding of the values r and s in 511 that order. Conversion from integer to octet-stream must be done 512 according to the I2OSP operation defined in the [RFC8017] 513 specification with the l parameter equal to the size of the base 514 point order of the curve in bytes (e.g., 32 for the P-256 curve and 515 66 for the P-521 curve [FIPS186-3]). 517 For an introduction to elliptic curve cryptographic algorithms, see 518 [RFC6090] and note the errata (Errata ID 2773-2777). 520 2.3.7 ESIGN-SHA* 522 Identifiers: 523 http://www.w3.org/2001/04/xmldsig-more#esign-sha1 524 http://www.w3.org/2001/04/xmldsig-more#esign-sha224 525 http://www.w3.org/2001/04/xmldsig-more#esign-sha256 526 http://www.w3.org/2001/04/xmldsig-more#esign-sha384 527 http://www.w3.org/2001/04/xmldsig-more#esign-sha512 529 The ESIGN algorithm specified in [IEEEP1363a] is a signature scheme 530 based on the integer factorization problem. It is much faster than 531 previous digital signature schemes, so ESIGN can be implemented on 532 smart cards without special co-processors. 534 An example of use is 536 540 2.3.8 RSA-Whirlpool 542 Identifier: 543 http://www.w3.org/2007/05/xmldsig-more#rsa-whirlpool 545 As in the definition of the RSA-SHA1 algorithm in [XMLDSIG11], the 546 designator "RSA" means the RSASSA-PKCS1-v1_5 algorithm as defined in 547 [RFC8017]. When identified through the #rsa-whirlpool fragment 548 identifier, Whirlpool is used as the hash algorithm instead. Use of 549 the ASN.1 BER Whirlpool algorithm designator is implied. That 550 designator is 551 hex 30 4e 30 0a 06 06 28 cf 06 03 00 37 05 00 04 40 552 as an explicit octet sequence. This corresponds to OID 553 1.0.10118.3.0.55 defined in [10118-3]. 555 An example of use is 557 561 2.3.9 RSASSA-PSS with Parameters 563 Identifiers: 564 http://www.w3.org/2007/05/xmldsig-more#rsa-pss 565 http://www.w3.org/2007/05/xmldsig-more#MGF1 567 These identifiers imply the PKCS#1 EMSA-PSS encoding algorithm 568 [RFC8017]. The RSASSA-PSS algorithm takes the digest method (hash 569 function), a mask generation function, the salt length in bytes 570 (SaltLength), and the trailer field as explicit parameters. 572 Algorithm identifiers for hash functions specified in XML encryption 573 [XMLENC11] [XMLDSIG11] and in Section 2.1 are considered to be valid 574 algorithm identifiers for hash functions. According to [RFC8017], 575 the default value for the digest function is SHA-1, but due to the 576 discovered weakness of SHA-1 [RFC6194], it is recommended that 577 SHA-256 or a stronger hash function be used. Notwithstanding 578 [RFC8017], SHA-256 is the default to be used with these 579 SignatureMethod identifiers if no hash function has been specified. 581 The default salt length for these SignatureMethod identifiers if the 582 SaltLength is not specified SHALL be the number of octets in the hash 583 value of the digest method, as recommended in [RFC4055]. In a 584 parameterized RSASSA-PSS signature the ds:DigestMethod and the 585 SaltLength parameters usually appear. If they do not, the defaults 586 make this equivalent to http://www.w3.org/2007/05/xmldsig- 587 more#sha256-rsa-MGF1 (see Section 2.3.10). The TrailerField defaults 588 to 1 (0xBC) when omitted. 590 Schema Definition (target namespace 591 http://www.w3.org/2007/05/xmldsig-more#): 593 594 595 596 Top level element that can be used in xs:any namespace="#other" 597 wildcard of ds:SignatureMethod content. 598 599 600 601 602 603 604 606 608 610 611 612 613 614 615 616 618 620 2.3.10 RSASSA-PSS without Parameters 622 [RFC8017] currently specifies only one mask generation function MGF1 623 based on a hash function. Although [RFC8017] allows for 624 parameterization, the default is to use the same hash function as the 625 digest method function. Only this default approach is supported by 626 this section; therefore, the definition of a mask generation function 627 type is not needed yet. The same applies to the trailer field. There 628 is only one value (0xBC) specified in [RFC8017]. Hence, this default 629 parameter must be used for signature generation. The default salt 630 length is the length of the hash function. 632 Identifiers: 633 http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1 634 http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1 635 http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1 636 http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1 638 http://www.w3.org/2007/05/xmldsig-more#md2-rsa-MGF1 639 http://www.w3.org/2007/05/xmldsig-more#md5-rsa-MGF1 640 http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1 641 http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1 642 http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 643 http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1 644 http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1 645 http://www.w3.org/2007/05/xmldsig-more#ripemd128-rsa-MGF1 646 http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1 647 http://www.w3.org/2007/05/xmldsig-more#whirlpool-rsa-MGF1 649 An example of use is 651 656 2.3.11 RSA-SHA224 658 Identifier: 659 http://www.w3.org/2001/04/xmldsig-more#rsa-sha224 661 This implies the PKCS#1 v1.5 padding algorithm [RFC8017] as described 662 in Section 2.3.1 but with the ASN.1 BER SHA-224 algorithm designator 663 prefix. An example of use is 665 668 Because it takes about the same effort to calculate a SHA-224 message 669 digest as it does a SHA-256 message digest, it is suggested that RSA- 670 SHA256 be used in preference to RSA-SHA224 where possible. 672 See also Appendix B concerning an erroneous version of this URI that 673 appeared in [RFC6931]. 675 2.4 Minimal Canonicalization 677 Thus far, two independent interoperable implementations of Minimal 678 Canonicalization have not been announced. Therefore, when XML 679 Digital Signature was advanced along the Standards Track from 680 [RFC3075] to [RFC3275], Minimal Canonicalization was dropped. 681 However, there is still interest. For its definition, see Section 682 6.5.1 of [RFC3075]. 684 For reference, its identifier remains: 685 http://www.w3.org/2000/09/xmldsig#minimal 687 2.5 Transform Algorithms 689 Note that all CanonicalizationMethod algorithms can also be used as 690 Transform algorithms. 692 2.5.1 XPointer 694 Identifier: 695 http://www.w3.org/2001/04/xmldsig-more#xptr 697 This transform algorithm takes an [XPointer] as an explicit 698 parameter. An example of use is: 700 702 704 xpointer(id("foo")) xmlns(bar=http://foobar.example) 705 xpointer(//bar:Zab[@Id="foo"]) 706 707 709 Schema Definition: 711 713 DTD: 715 717 Input to this transform is an octet stream (which is then parsed into 718 XML). 720 Output from this transform is a node set; the results of the XPointer 721 are processed as defined in the XMLDSIG specification [RFC3275] for a 722 same-document XPointer. 724 2.6 EncryptionMethod Algorithms 726 This subsection gives identifiers and information for several 727 EncryptionMethod Algorithms. 729 2.6.1 ARCFOUR Encryption Algorithm 731 Identifier: 732 http://www.w3.org/2001/04/xmldsig-more#arcfour 734 ARCFOUR is a fast, simple stream encryption algorithm that is 735 compatible with RSA Security's RC4 algorithm [RC4]. An example 736 EncryptionMethod element using ARCFOUR is 738 740 40 741 743 Note that Arcfour makes use of the generic KeySize parameter 744 specified and defined in [XMLENC11]. 746 2.6.2 Camellia Block Encryption 748 Identifiers: 749 http://www.w3.org/2001/04/xmldsig-more#camellia128-cbc 750 http://www.w3.org/2001/04/xmldsig-more#camellia192-cbc 751 http://www.w3.org/2001/04/xmldsig-more#camellia256-cbc 753 Camellia is a block cipher with the same interface as the AES 754 [Camellia] [RFC3713]; it has a 128-bit block size and 128-, 192-, and 755 256-bit key sizes. In XML Encryption Camellia is used in the same way 756 as the AES: It is used in the Cipher Block Chaining (CBC) mode with a 757 128-bit initialization vector (IV). The resulting cipher text is 758 prefixed by the IV. If included in XML output, it is then base64 759 encoded. An example Camellia EncryptionMethod is as follows: 761 766 2.6.3 Camellia Key Wrap 768 Identifiers: 769 http://www.w3.org/2001/04/xmldsig-more#kw-camellia128 770 http://www.w3.org/2001/04/xmldsig-more#kw-camellia192 771 http://www.w3.org/2001/04/xmldsig-more#kw-camellia256 773 Camellia [Camellia] [RFC3713] key wrap is identical to the AES key 774 wrap algorithm [RFC3394] specified in the XML Encryption standard 775 with "AES" replaced by "Camellia". As with AES key wrap, the check 776 value is 0xA6A6A6A6A6A6A6A6. 778 The algorithm is the same whatever the size of the Camellia key used 779 in wrapping, called the "key encrypting key" or "KEK". If Camellia is 780 supported, it is particularly suggested that wrapping 128-bit keys 781 with a 128-bit KEK and wrapping 256-bit keys with a 256-bit KEK be 782 supported. 784 An example of use is: 786 791 2.6.4 PSEC-KEM 793 Identifier: 794 http://www.w3.org/2001/04/xmldsig-more#psec-kem 796 The PSEC-KEM algorithm, specified in [18033-2], is a key 797 encapsulation mechanism using elliptic curve encryption. 799 An example of use is: 801 803 804 version 805 id 806 curve 807 base 808 order 809 cofactor 810 811 813 See [18033-2] for information on the parameters above. 815 2.6.5 SEED Block Encryption 817 Identifier: 818 http://www.w3.org/2007/05/xmldsig-more#seed128-cbc 820 SEED [RFC4269] is a 128-bit block size with 128-bit key sizes. In XML 821 Encryption, SEED can be used in the Cipher Block Chaining (CBC) mode 822 with a 128-bit initialization vector (IV). The resulting cipher text 823 is prefixed by the IV. If included in XML output, it is then base64 824 encoded. 826 An example SEED EncryptionMethod is as follows: 828 831 2.6.6 SEED Key Wrap 833 Identifier: 834 http://www.w3.org/2007/05/xmldsig-more#kw-seed128 836 Key wrapping with SEED is identical to Section 2.2.1 of [RFC3394] 837 with "AES" replaced by "SEED". The algorithm is specified in 838 [RFC4010]. The implementation of SEED is optional. The default 839 initial value is 0xA6A6A6A6A6A6A6A6. 841 An example of use is: 843 848 3. KeyInfo 850 In Section 3.1 below a new KeyInfo element child is specified, while 851 in Section 3.2 additional KeyInfo Type values for use in 852 RetrievalMethod are specified. 854 3.1 PKCS #7 Bag of Certificates and CRLs 856 A PKCS #7 [RFC2315] "signedData" can also be used as a bag of 857 certificates and/or certificate revocation lists (CRLs). The 858 PKCS7signedData element is defined to accommodate such structures 859 within KeyInfo. The binary PKCS #7 structure is base64 [RFC2045] 860 encoded. Any signer information present is ignored. The following 861 is a example [RFC3092], eliding the base64 data: 863 865 ... 866 868 3.2 Additional RetrievalMethod Type Values 870 The Type attribute of RetrievalMethod is an optional identifier for 871 the type of data to be retrieved. The result of dereferencing a 872 RetrievalMethod reference for all KeyInfo types with an XML structure 873 is an XML element or document with that element as the root. The 874 various "raw" key information types return a binary value. Thus, they 875 require a Type attribute because they are not unambiguously parsable. 877 Identifiers: 878 http://www.w3.org/2001/04/xmldsig-more#KeyName 879 http://www.w3.org/2001/04/xmldsig-more#KeyValue 880 http://www.w3.org/2001/04/xmldsig-more#PKCS7signedData 881 http://www.w3.org/2001/04/xmldsig-more#rawPGPKeyPacket 882 http://www.w3.org/2001/04/xmldsig-more#rawPKCS7signedData 883 http://www.w3.org/2001/04/xmldsig-more#rawSPKISexp 884 http://www.w3.org/2001/04/xmldsig-more#rawX509CRL 885 http://www.w3.org/2001/04/xmldsig-more#RetrievalMethod 887 4. Indexes 889 The following subsections provide an index by URI and by fragment 890 identifier (the portion of the URI after "#") of the algorithm and 891 KeyInfo URIs defined in this document and in the standards (plus the 892 one KeyInfo child element name defined in this document). The 893 "Sec/Doc" column has the section of this document or, if not 894 specified in this document, the standards document where the item is 895 specified. See also [XMLSECXREF]. 897 4.1 Fragment Index 899 The initial "http://www.w3.org/" part of the URI is not included 900 below. The first six entries have a null fragment identifier or no 901 fragment identifier. "{Bad}" indicates a Bad value that was 902 accidentally included in [RFC6931]. Implementations SHOULD only 903 generate the correct URI but SHOULD understand both the correct and 904 erroneous URI. See also Appendix B. 906 Fragment URI Sec/Doc 907 --------- ---- -------- 909 2002/06/xmldsig-filter2 [XPATH] 910 2006/12/xmlc12n11# {Bad} [CANON11] 911 2006/12/xmlc14n11# [CANON11] 912 TR/1999/REC-xslt-19991116 [XSLT] 913 TR/1999/REC-xpath-19991116 [XPATH] 914 TR/2001/06/xml-exc-c14n# [XCANON] 915 TR/2001/REC-xml-c14n-20010315 [CANON10] 916 TR/2001/REC-xmlschema-1-20010502 [Schema] 918 aes128-cbc 2001/04/xmlenc#aes128-cbc [XMLENC11] 919 aes128-gcm 2009/xmlenc11#aes128-gcm [XMLENC11] 920 aes192-cbc 2001/04/xmlenc#aes192-cbc [XMLENC11] 921 aes192-gcm 2009/xmlenc11#aes192-gcm [XMLENC11] 922 aes256-cbc 2001/04/xmlenc#aes256-cbc [XMLENC11] 923 aes256-gcm 2009/xmlenc11#aes256-gcm [XMLENC11] 924 arcfour 2001/04/xmldsig-more#arcfour 2.6.1 926 base64 2000/09/xmldsig#base64 [RFC3275] 928 camellia128-cbc 2001/04/xmldsig-more#camellia128-cbc 2.6.2 929 camellia192-cbc 2001/04/xmldsig-more#camellia192-cbc 2.6.2 930 camellia256-cbc 2001/04/xmldsig-more#camellia256-cbc 2.6.2 931 ConcatKDF 2009/xmlenc11#ConcatKDF [XMLENC11] 932 decrypt#XML 2002/07/decrypt#XML [DECRYPT] 933 decrypt#Binary 2002/07/decrypt#Binary [DECRYPT] 934 DEREncodedKeyValue 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] 935 dh 2001/04/xmlenc#dh [XMLENC11] 936 dh-es 2009/xmlenc11#dh-es [XMLENC11] 937 dsa-sha1 2000/09/xmldsig#dsa-sha1 [RFC3275] 938 dsa-sha256 2009/xmldsig11#dsa-sha256 [XMLDSIG11] 939 DSAKeyValue 2000/09/xmldsig#DSAKeyValue [XMLDSIG11] 941 ECDH-ES 2009/xmlenc11#ECDH-ES [XMLENC11] 942 ecdsa-ripemd160 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 943 ecdsa-sha1 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 944 ecdsa-sha224 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 945 ecdsa-sha256 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 946 ecdsa-sha384 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 947 ecdsa-sha512 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 948 ecdsa-whirlpool 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 949 ecies-kem 2010/xmlsec-ghc#ecies-kem [GENERIC] 950 ECKeyValue 2009/xmldsig11#ECKeyValue [XMLDSIG11] 951 enveloped-signature 2000/09/xmldsig#enveloped-signature [RFC3275] 952 esign-sha1 2001/04/xmldsig-more#esign-sha1 2.3.7 953 esign-sha224 2001/04/xmldsig-more#esign-sha224 2.3.7 954 esign-sha256 2001/04/xmldsig-more#esign-sha256 2.3.7 955 esign-sha384 2001/04/xmldsig-more#esign-sha384 2.3.7 956 esign-sha512 2001/04/xmldsig-more#esign-sha512 2.3.7 958 generic-hybrid 2010/xmlsec-ghc#generic-hybrid [GENERIC] 960 hmac-md5 2001/04/xmldsig-more#hmac-md5 2.2.1 961 hmac-ripemd160 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 962 hmac-sha1 2000/09/xmldsig#hmac-sha1 [RFC3275] 963 hmac-sha224 2001/04/xmldsig-more#hmac-sha224 2.2.2 964 hmac-sha256 2001/04/xmldsig-more#hmac-sha256 2.2.2 965 hmac-sha384 2001/04/xmldsig-more#hmac-sha384 2.2.2 966 hmac-sha512 2001/04/xmldsig-more#hmac-sha512 2.2.2 968 KeyName 2001/04/xmldsig-more#KeyName 3.2 969 KeyValue 2001/04/xmldsig-more#KeyValue 3.2 970 kw-aes128 2001/04/xmlenc#kw-aes128 [XMLENC11] 971 kw-aes128-pad 2009/xmlenc11#kw-aes-128-pad [XMLENC11] 972 kw-aes192 2001/04/xmlenc#kw-aes192 [XMLENC11] 973 kw-aes192-pad 2009/xmlenc11#kw-aes-192-pad [XMLENC11] 974 kw-aes256 2001/04/xmlenc#kw-aes256 [XMLENC11] 975 kw-aes256-pad 2009/xmlenc11#kw-aes-256-pad [XMLENC11] 976 kw-camellia128 2001/04/xmldsig-more#kw-camellia128 2.6.3 977 kw-camellia192 2001/04/xmldsig-more#kw-camellia192 2.6.3 978 kw-camellia256 2001/04/xmldsig-more#kw-camellia256 2.6.3 979 kw-seed128 2007/05/xmldsig-more#kw-seed128 2.6.6 980 md2-rsa-MGF1 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 981 md5 2001/04/xmldsig-more#md5 2.1.1 982 md5-rsa-MGF1 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 983 MGF1 2007/05/xmldsig-more#MGF1 2.3.9 984 mgf1sha1 2009/xmlenc11#mgf1sha1 [XMLENC11] 985 mgf1sha224 2009/xmlenc11#mgf1sha224 [XMLENC11] 986 mgf1sha256 2009/xmlenc11#mgf1sha256 [XMLENC11] 987 mgf1sha384 2009/xmlenc11#mgf1sha384 [XMLENC11] 988 mgf1sha512 2009/xmlenc11#mgf1sha512 [XMLENC11] 989 MgmtData 2000/09/xmldsig#MgmtData [XMLDSIG11] 990 minimal 2000/09/xmldsig#minimal 2.4 992 pbkdf2 2009/xmlenc11#pbkdf2 [XMLENC11] 993 PGPData 2000/09/xmldsig#PGPData [XMLDSIG11] 994 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.1 995 PKCS7signedData 2001/04/xmldsig-more#PKCS7signedData 3.2 996 psec-kem 2001/04/xmldsig-more#psec-kem 2.6.4 998 rawPGPKeyPacket 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 999 rawPKCS7signedData 2001/04/xmldsig-more#rawPKCS7signedData 3.2 1000 rawSPKISexp 2001/04/xmldsig-more#rawSPKISexp 3.2 1001 rawX509Certificate 2000/09/xmldsig#rawX509Certificate [RFC3275] 1002 rawX509CRL 2001/04/xmldsig-more#rawX509CRL 3.2 1003 RetrievalMethod 2001/04/xmldsig-more#RetrievalMethod 3.2 1004 ripemd128-rsa-MGF1 2007/05/xmldsig-more#ripemd128-rsa-MGF1 1005 2.3.10 1006 ripemd160 2001/04/xmlenc#ripemd160 [XMLENC11] 1007 ripemd160-rsa-MGF1 2007/05/xmldsig-more#ripemd160-rsa-MGF1 1008 2.3.10 1009 rsa-1_5 2001/04/xmlenc#rsa-1_5 [XMLENC11] 1010 rsa-md5 2001/04/xmldsig-more#rsa-md5 2.3.1 1011 rsa-oaep 2009/xmlenc11#rsa-oaep [XMLENC11] 1012 rsa-oaep-mgf1p 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] 1013 rsa-pss 2007/05/xmldsig-more#rsa-pss 2.3.9 1014 rsa-ripemd160 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 1015 rsa-sha1 2000/09/xmldsig#rsa-sha1 [RFC3275] 1016 rsa-sha224 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 1017 rsa-sha224 2001/04/xmldsig-more#rsa-sha224 2.3.11 1018 rsa-sha256 2001/04/xmldsig-more#rsa-sha256 2.3.2 1019 rsa-sha384 2001/04/xmldsig-more#rsa-sha384 2.3.3 1020 rsa-sha512 2001/04/xmldsig-more#rsa-sha512 2.3.4 1021 rsa-whirlpool 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 1022 rsaes-kem 2010/xmlsec-ghc#rsaes-kem [GENERIC] 1023 RSAKeyValue 2000/09/xmldsig#RSAKeyValue [XMLDSIG11] 1025 seed128-cbc 2007/05/xmldsig-more#seed128-cbc 2.6.5 1026 sha1 2000/09/xmldsig#sha1 [RFC3275] 1027 sha1-rsa-MGF1 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 1028 sha224 2001/04/xmldsig-more#sha224 2.1.2 1029 sha224-rsa-MGF1 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 1030 sha256 2001/04/xmlenc#sha256 [XMLENC11] 1031 sha256-rsa-MGF1 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 1032 sha3-224 2007/05/xmldsig-more#sha3-224 2.1.5 1033 sha3-224-rsa-MGF1 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 1034 sha3-256 2007/05/xmldsig-more#sha3-256 2.1.5 1035 sha3-256-rsa-MGF1 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 1036 sha3-384 2007/05/xmldsig-more#sha3-384 2.1.5 1037 sha3-384-rsa-MGF1 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 1038 sha3-512 2007/05/xmldsig-more#sha3-512 2.1.5 1039 sha3-512-rsa-MGF1 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 1040 sha384 2001/04/xmldsig-more#sha384 2.1.3 1041 sha384-rsa-MGF1 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 1042 sha512 2001/04/xmlenc#sha512 [XMLENC11] 1043 sha512-rsa-MGF1 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 1044 SPKIData 2000/09/xmldsig#SPKIData [XMLDSIG11] 1046 tripledes-cbc 2001/04/xmlenc#tripledes-cbc [XMLENC11] 1048 whirlpool 2007/05/xmldsig-more#whirlpool 2.1.4 1049 whirlpool-rsa-MGF1 2007/05/xmldsig-more#whirlpool-rsa-MGF1 1050 2.3.10 1051 WithComments 2006/12/xmlc14n11#WithComments [CANON11] 1052 WithComments TR/2001/06/xml-exc-c14n#WithComments 1053 [XCANON] 1054 WithComments TR/2001/REC-xml-c14n-20010315#WithComments 1055 [CANON10] 1057 X509Data 2000/09/xmldsig#X509Data [XMLDSIG11] 1058 xptr 2001/04/xmldsig-more#xptr 2.5.1 1060 The initial "http://www.w3.org/" part of the URI is not included 1061 above. 1063 4.2 URI Index 1065 The initial "http://www.w3.org/" part of the URI is not included 1066 below. "{Bad}" indicates a Bad value that was accidentally included 1067 in [RFC6931]. Implementations SHOULD only generate the correct URI 1068 but SHOULD understand both the correct and erroneous URI. See also 1069 Appendix B. 1071 URI Sec/Doc Type 1072 ---- -------- ----- 1074 2000/09/xmldsig#base64 [RFC3275] Transform 1075 2000/09/xmldsig#DSAKeyValue [RFC3275] Retrieval type 1076 2000/09/xmldsig#dsa-sha1 [RFC3275] SignatureMethod 1077 2000/09/xmldsig#enveloped-signature [RFC3275] Transform 1078 2000/09/xmldsig#hmac-sha1 [RFC3275] SignatureMethod 1079 2000/09/xmldsig#MgmtData [RFC3275] Retrieval type 1080 2000/09/xmldsig#minimal 2.4 Canonicalization 1081 2000/09/xmldsig#PGPData [RFC3275] Retrieval type 1082 2000/09/xmldsig#rawX509Certificate [RFC3275] Retrieval type 1083 2000/09/xmldsig#rsa-sha1 [RFC3275] SignatureMethod 1084 2000/09/xmldsig#RSAKeyValue [RFC3275] Retrieval type 1085 2000/09/xmldsig#sha1 [RFC3275] DigestAlgorithm 1086 2000/09/xmldsig#SPKIData [RFC3275] Retrieval type 1087 2000/09/xmldsig#X509Data [RFC3275] Retrieval type 1089 2001/04/xmldsig-more#arcfour 2.6.1 EncryptionMethod 1090 2001/04/xmldsig-more#camellia128-cbc 2.6.2 EncryptionMethod 1091 2001/04/xmldsig-more#camellia192-cbc 2.6.2 EncryptionMethod 1092 2001/04/xmldsig-more#camellia256-cbc 2.6.2 EncryptionMethod 1093 2001/04/xmldsig-more#ecdsa-sha1 2.3.6 SignatureMethod 1094 2001/04/xmldsig-more#ecdsa-sha224 2.3.6 SignatureMethod 1095 2001/04/xmldsig-more#ecdsa-sha256 2.3.6 SignatureMethod 1096 2001/04/xmldsig-more#ecdsa-sha384 2.3.6 SignatureMethod 1097 2001/04/xmldsig-more#ecdsa-sha512 2.3.6 SignatureMethod 1098 2001/04/xmldsig-more#esign-sha1 2.3.7 SignatureMethod 1099 2001/04/xmldsig-more#esign-sha224 2.3.7 SignatureMethod 1100 2001/04/xmldsig-more#esign-sha256 2.3.7 SignatureMethod 1101 2001/04/xmldsig-more#esign-sha384 2.3.7 SignatureMethod 1102 2001/04/xmldsig-more#esign-sha512 2.3.7 SignatureMethod 1103 2001/04/xmldsig-more#hmac-md5 2.2.1 SignatureMethod 1104 2001/04/xmldsig-more#hmac-ripemd160 2.2.3 SignatureMethod 1105 2001/04/xmldsig-more#hmac-sha224 2.2.2 SignatureMethod 1106 2001/04/xmldsig-more#hmac-sha256 2.2.2 SignatureMethod 1107 2001/04/xmldsig-more#hmac-sha384 2.2.2 SignatureMethod 1108 2001/04/xmldsig-more#hmac-sha512 2.2.2 SignatureMethod 1109 2001/04/xmldsig-more#KeyName 3.2 Retrieval type 1110 2001/04/xmldsig-more#KeyValue 3.2 Retrieval type 1111 2001/04/xmldsig-more#kw-camellia128 2.6.3 EncryptionMethod 1112 2001/04/xmldsig-more#kw-camellia192 2.6.3 EncryptionMethod 1113 2001/04/xmldsig-more#kw-camellia256 2.6.3 EncryptionMethod 1114 2001/04/xmldsig-more#md5 2.1.1 DigestAlgorithm 1115 2001/04/xmldsig-more#PKCS7signedData 3.2 Retrieval type 1116 2001/04/xmldsig-more#psec-kem 2.6.4 EncryptionMethod 1117 2001/04/xmldsig-more#rawPGPKeyPacket 3.2 Retrieval type 1118 2001/04/xmldsig-more#rawPKCS7signedData 3.2 Retrieval type 1119 2001/04/xmldsig-more#rawSPKISexp 3.2 Retrieval type 1120 2001/04/xmldsig-more#rawX509CRL 3.2 Retrieval type 1121 2001/04/xmldsig-more#RetrievalMethod 3.2 Retrieval type 1122 2001/04/xmldsig-more#rsa-md5 2.3.1 SignatureMethod 1123 2001/04/xmldsig-more#rsa-sha224 2.3.11 SignatureMethod 1124 2001/04/xmldsig-more#rsa-sha256 2.3.2 SignatureMethod 1125 2001/04/xmldsig-more#rsa-sha384 2.3.3 SignatureMethod 1126 2001/04/xmldsig-more#rsa-sha512 2.3.4 SignatureMethod 1127 2001/04/xmldsig-more#rsa-ripemd160 2.3.5 SignatureMethod 1128 2001/04/xmldsig-more#sha224 2.1.2 DigestAlgorithm 1129 2001/04/xmldsig-more#sha384 2.1.3 DigestAlgorithm 1130 2001/04/xmldsig-more#xptr 2.5.1 Transform 1131 2001/04/xmldsig-more#PKCS7signedData 3.1 KeyInfo child 1133 2001/04/xmlenc#aes128-cbc [XMLENC11] EncryptionMethod 1134 2001/04/xmlenc#aes192-cbc [XMLENC11] EncryptionMethod 1135 2001/04/xmlenc#aes256-cbc [XMLENC11] EncryptionMethod 1136 2001/04/xmlenc#dh [XMLENC11] AgreementMethod 1137 2001/04/xmlenc#kw-aes128 [XMLENC11] EncryptionMethod 1138 2001/04/xmlenc#kw-aes192 [XMLENC11] EncryptionMethod 1139 2001/04/xmlenc#kw-aes256 [XMLENC11] EncryptionMethod 1140 2001/04/xmlenc#ripemd160 [XMLENC11] DigestAlgorithm 1141 2001/04/xmlenc#rsa-1_5 [XMLENC11] EncryptionMethod 1142 2001/04/xmlenc#rsa-oaep-mgf1p [XMLENC11] EncryptionMethod 1143 2001/04/xmlenc#sha256 [XMLENC11] DigestAlgorithm 1144 2001/04/xmlenc#sha512 [XMLENC11] DigestAlgorithm 1145 2001/04/xmlenc#tripledes-cbc [XMLENC11] EncryptionMethod 1147 2002/06/xmldsig-filter2 [XPATH] Transform 1149 2002/07/decrypt#XML [DECRYPT] Transform 1150 2002/07/decrypt#Binary [DECRYPT] Transform 1152 2006/12/xmlc12n11# {Bad} [CANON11] Canonicalization 1153 2006/12/xmlc14n11# [CANON11] Canonicalization 1154 2006/12/xmlc14n11#WithComments [CANON11] Canonicalization 1156 2007/05/xmldsig-more#ecdsa-ripemd160 2.3.6 SignatureMethod 1157 2007/05/xmldsig-more#ecdsa-whirlpool 2.3.5 SignatureMethod 1158 2007/05/xmldsig-more#kw-seed128 2.6.6 EncryptionMethod 1159 2007/05/xmldsig-more#md2-rsa-MGF1 2.3.10 SignatureMethod 1160 2007/05/xmldsig-more#md5-rsa-MGF1 2.3.10 SignatureMethod 1161 2007/05/xmldsig-more#MGF1 2.3.9 SignatureMethod 1162 2007/05/xmldsig-more#ripemd128-rsa-MGF1 2.3.10 SignatureMethod 1163 2007/05/xmldsig-more#ripemd160-rsa-MGF1 2.3.10 SignatureMethod 1164 2007/05/xmldsig-more#rsa-pss 2.3.9 SignatureMethod 1165 2007/05/xmldsig-more#rsa-sha224 {Bad} 2.3.11 SignatureMethod 1166 2007/05/xmldsig-more#rsa-whirlpool 2.3.5 SignatureMethod 1167 2007/05/xmldsig-more#seed128-cbc 2.6.5 EncryptionMethod 1168 2007/05/xmldsig-more#sha1-rsa-MGF1 2.3.10 SignatureMethod 1169 2007/05/xmldsig-more#sha224-rsa-MGF1 2.3.10 SignatureMethod 1170 2007/05/xmldsig-more#sha256-rsa-MGF1 2.3.10 SignatureMethod 1171 2007/05/xmldsig-more#sha3-224 2.1.5 DigestAlgorithm 1172 2007/05/xmldsig-more#sha3-224-rsa-MGF1 2.3.10 SignatureMethod 1173 2007/05/xmldsig-more#sha3-256 2.1.5 DigestAlgorithm 1174 2007/05/xmldsig-more#sha3-256-rsa-MGF1 2.3.10 SignatureMethod 1175 2007/05/xmldsig-more#sha3-384 2.1.5 DigestAlgorithm 1176 2007/05/xmldsig-more#sha3-384-rsa-MGF1 2.3.10 SignatureMethod 1177 2007/05/xmldsig-more#sha3-512 2.1.5 DigestAlgorithm 1178 2007/05/xmldsig-more#sha3-512-rsa-MGF1 2.3.10 SignatureMethod 1179 2007/05/xmldsig-more#sha384-rsa-MGF1 2.3.10 SignatureMethod 1180 2007/05/xmldsig-more#sha512-rsa-MGF1 2.3.10 SignatureMethod 1181 2007/05/xmldsig-more#whirlpool 2.1.4 DigestAlgorithm 1182 2007/05/xmldsig-more#whirlpool-rsa-MGF1 2.3.10 SignatureMethod 1183 2009/xmlenc11#kw-aes-128-pad [XMLENC11] EncryptionMethod 1184 2009/xmlenc11#kw-aes-192-pad [XMLENC11] EncryptionMethod 1185 2009/xmlenc11#kw-aes-256-pad [XMLENC11] EncryptionMethod 1187 2009/xmldsig11#dsa-sha256 [XMLDSIG11] SignatureMethod 1188 2009/xmldsig11#ECKeyValue [XMLDSIG11] Retrieval type 1189 2009/xmldsig11#DEREncodedKeyValue [XMLDSIG11] Retrieval type 1191 2009/xmlenc11#aes128-gcm [XMLENC11] EncryptionMethod 1192 2009/xmlenc11#aes192-gcm [XMLENC11] EncryptionMethod 1193 2009/xmlenc11#aes256-gcm [XMLENC11] EncryptionMethod 1194 2009/xmlenc11#ConcatKDF [XMLENC11] EncryptionMethod 1195 2009/xmlenc11#mgf1sha1 [XMLENC11] SignatureMethod 1196 2009/xmlenc11#mgf1sha224 [XMLENC11] SignatureMethod 1197 2009/xmlenc11#mgf1sha256 [XMLENC11] SignatureMethod 1198 2009/xmlenc11#mgf1sha384 [XMLENC11] SignatureMethod 1199 2009/xmlenc11#mgf1sha512 [XMLENC11] SignatureMethod 1200 2009/xmlenc11#pbkdf2 [XMLENC11] EncryptionMethod 1201 2009/xmlenc11#rsa-oaep [XMLENC11] EncryptionMethod 1202 2009/xmlenc11#ECDH-ES [XMLENC11] EncryptionMethod 1203 2009/xmlenc11#dh-es [XMLENC11] EncryptionMethod 1205 2010/xmlsec-ghc#generic-hybrid [GENERIC] Generic Hybrid 1206 2010/xmlsec-ghc#rsaes-kem [GENERIC] Generic Hybrid 1207 2010/xmlsec-ghc#ecies-kem [GENERIC] Generic Hybrid 1209 TR/1999/REC-xpath-19991116 [XPATH] Transform 1210 TR/1999/REC-xslt-19991116 [XSLT] Transform 1211 TR/2001/06/xml-exc-c14n# [XCANON] Canonicalization 1212 TR/2001/06/xml-exc-c14n#WithComments 1213 [XCANON] Canonicalization 1214 TR/2001/REC-xml-c14n-20010315 [CANON10] Canonicalization 1215 TR/2001/REC-xml-c14n-20010315#WithComments 1216 [CANON10] Canonicalization 1217 TR/2001/REC-xmlschema-1-20010502 [Schema] Transform 1219 The initial "http://www.w3.org/" part of the URI is not included 1220 above. "{Bad}" indicates a Bad value that was accidentally included 1221 in [RFC6931]. Implementations SHOULD only generate the correct URI 1222 but SHOULD understand both the correct and erroneous URI. See also 1223 Appendix B. 1225 5. Allocation Considerations 1227 W3C and IANA allocation considerations are given below. 1229 5.1 W3C Allocation Considerations 1231 As it is easy for people to construct their own unique URIs [RFC3986] 1232 and, if appropriate, to obtain a URI from the W3C, it is not intended 1233 that any additional "http://www.w3.org/2007/05/xmldsig-more#" URIs be 1234 created beyond those enumerated in this RFC. (W3C Namespace 1235 stability rules prohibit the creation of new URIs under 1236 "http://www.w3.org/2000/09/xmldsig#" and URIs under 1237 "http://www.w3.org/2001/04/xmldsig-more#" were frozen with the 1238 publication of [RFC4051].) 1240 An "xmldsig-more" URI does not imply any official W3C or IETF status 1241 for these algorithms or identifiers nor does it imply that they are 1242 only useful in digital signatures. Currently, dereferencing such 1243 URIs may or may not produce a temporary placeholder document. 1244 Permission to use these URI prefixes has been given by the W3C. 1246 5.2 IANA Considerations 1248 IANA has established a registry entitled "XML Security URIs". The 1249 initial contents correspond to Section 4.2 of this document with each 1250 section number in the "Sec/Doc" column augmented with a reference to 1251 this RFC (for example, "2.6.4" means "[RFC6931], Section 2.6.4"). 1253 New entries, including new Types, will be added based on Expert 1254 Review [RFC8126]. Criterion for inclusion are (1) documentation 1255 sufficient for interoperability of the algorithm or data type and the 1256 XML syntax for its representation and use and (2) sufficient 1257 importance as normally indicated by inclusion in (2a) an approved W3C 1258 Note, Proposed Recommendation, or Recommendation or (2b) an approved 1259 IETF Standards Track document. Typically, the registry will 1260 reference a W3C or IETF document specifying such XML syntax; that 1261 document will either contain a more abstract description of the 1262 algorithm or data type or reference another document with a more 1263 abstract description. 1265 6. Security Considerations 1267 This RFC is concerned with documenting the URIs that designate 1268 algorithms and some data types used in connection with XML security. 1269 The security considerations vary widely with the particular 1270 algorithms, and the general security considerations for XML security 1271 are outside of the scope of this document but appear in [XMLDSIG11], 1272 [XMLENC11], [CANON10], [CANON11], and [GENERIC]. 1274 [RFC6151] should be consulted before considering the use of MD5 as a 1275 DigestMethod or RSA-MD5 as a SignatureMethod. 1277 See [RFC6194] for SHA-1 security considerations and [RFC6151] for MD5 1278 security considerations. 1280 Additional security considerations are given in connection with the 1281 description of some algorithms in the body of this document. 1283 Implementers should be aware that cryptographic algorithms become 1284 weaker with time. As new cryptoanalysis techniques are developed and 1285 computing performance improves, the work factor to break a particular 1286 cryptographic algorithm will reduce. Therefore, cryptographic 1287 implementations should be modular, allowing new algorithms to be 1288 readily inserted. That is, implementers should be prepared for the 1289 set of mandatory-to-implement algorithms to change over time. 1291 Acknowledgements 1293 The contributions of the following, listed in alphabetic order, by 1294 reporting errata against RFC 6931 or contributing to this document, 1295 are gratefully acknowleged: 1297 Frederick Hirsch, Axel Puhlmann, Annie Yousar 1299 The contributions of the following, listed in alphabetic order, to 1300 [RFC6931], on which this document is based, are gratefully 1301 acknowledged: 1303 Benoit Claise, Adrian Farrel, Stephen Farrell, Ernst Giessmann, 1304 Frederick Hirsch, Bjoern Hoehrmann, Russ Housley, Satoru Kanno, 1305 Charlie Kaufman, Konrad Lanz, HwanJin Lee, Barry Leiba, Peter 1306 Lipp, Subramanian Moonesamy, Thomas Roessler, Hanseong Ryu, Peter 1307 Saint-Andre, and Sean Turner. 1309 The following contributors to [RFC4051] are gratefully acknowledged: 1311 Glenn Adams, Merlin Hughs, Gregor Karlinger, Brian LaMachia, Shiho 1312 Moriai, Joseph Reagle, Russ Housley, and Joel Halpern. 1314 The document was prepared in raw nroff. All macros used were defined 1315 within the source file. 1317 Appendix A: Changes from RFC 6931 1319 The following changes have been made in RFC 6931 to produce this 1320 document. 1322 1. Delete Appendix on Changes from RFC 4051, since they were already 1323 included in RFC 6931, and remove refeence to RFC 4051 and to the 1324 on Errata against RFC 4051. 1326 2. Fix three errata as follows: [Err3597], [Err3965], and [Err4004]. 1327 In cases where [RFC6931] had an erroneous URI, it is still 1328 included in the indicies and it is stated that implementations 1329 SHOULD only generate the correct URI but SHOULD understand both 1330 the correct and erroneous URI. 1332 3. Minor editorial changes. 1334 Appendix B: Bad URIs 1336 [RFC6931] included two bad URIs as shown below. "{Bad}" in the 1337 indexes (Section 4.1 and 4.1) indicates such a Bad value. 1338 Implementations SHOULD only generate the correct URI but SHOULD 1339 understand both the correct and erroneous URI. 1341 2006/12/xmlc12n11# 1342 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1343 it should be "2006/12/xmlc14n11#" (i.e., "12" should have been 1344 "14"). This is [Err3965] and is corrected in this document. 1346 2007/05/xmldsig-more#rsa-sha224 1347 Appears in the indicies (Section 4.1 and 4.2] of [RFC6931] when 1348 it should be "2001/04/xmldsig-more#rsa-sha22". This is [Err4004] 1349 and is corrected in this document. 1351 Appendix Z: Change History 1353 RFC Editor Note: Plese delete this Appendix before publication. 1355 -00 to -01 to -02 to -03 to -04 to -05 to -06 to -07 to -08 1357 Bump up version and date to keep draft alive as a place where new 1358 URIs can be accumulated. At some point in here, author address was 1359 updated. 1361 -08 to -09 to -10 1363 Update author affiliation and references. 1365 -10 to -11 1367 Update author address. 1369 Normative References 1371 [10118-3] - ISO, "Information technology -- Security techniques -- 1372 Hash-functions -- Part 3: Dedicated hash-functions", ISO/IEC 1373 10118-3:2004, 2004. 1375 [18033-2] - ISO, "Information technology -- Security techniques -- 1376 Encryption algorithms -- Part 3: Asymmetric ciphers", ISO/IEC 1377 18033-2:2010, 2010. 1379 [Camellia] - Aoki, K., Ichikawa, T., Matsui, M., Moriai, S., 1380 Nakajima, J., and T. Tokita, "Camellia: A 128-bit Block Cipher 1381 Suitable for Multiple Platforms - Design and Analysis", in 1382 Selected Areas in Cryptography, 7th Annual International 1383 Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in 1384 Computer Science 2012, pp. 39-56, Springer-Verlag, 2001. 1386 [FIPS180-4] - US National Institute of Science and Technology, 1387 "Secure Hash Standard (SHS)", FIPS 180-4, March 2012, 1388 . 1391 [FIPS186-3] - US National Institute of Science and Technology, 1392 "Digital Signature Standard (DSS)", FIPS 186-3, June 2009, 1393 . 1396 [IEEEP1363a] - IEEE, "Standard Specifications for Public Key 1397 Cryptography- Amendment 1: Additional Techniques", IEEE 1398 1363a-2004, 2004. 1400 [RC4] - Schneier, B., "Applied Cryptography: Protocols, Algorithms, 1401 and Source Code in C", Second Edition, John Wiley and Sons, New 1402 York, NY, 1996. 1404 [RFC1321] - Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 1405 April 1992. 1407 [RFC2045] - Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1408 Extensions (MIME) Part One: Format of Internet Message Bodies", 1409 RFC 2045, November 1996. 1411 [RFC2104] - Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1412 Hashing for Message Authentication", RFC 2104, February 1997. 1414 [RFC2119] - Bradner, S., "Key words for use in RFCs to Indicate 1415 Requirement Levels", BCP 14, RFC 2119, March 1997. 1417 [RFC2315] - Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1418 Version 1.5", RFC 2315, March 1998. 1420 [RFC3275] - Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible 1421 Markup Language) XML-Signature Syntax and Processing", RFC 1422 3275, March 2002. 1424 [RFC3394] - Schaad, J. and R. Housley, "Advanced Encryption Standard 1425 (AES) Key Wrap Algorithm", RFC 3394, September 2002. 1427 [RFC3713] - Matsui, M., Nakajima, J., and S. Moriai, "A Description 1428 of the Camellia Encryption Algorithm", RFC 3713, April 2004. 1430 [RFC3986] - Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1431 Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, 1432 January 2005. 1434 [RFC4050] - Blake-Wilson, S., Karlinger, G., Kobayashi, T., and Y. 1435 Wang, "Using the Elliptic Curve Signature Algorithm (ECDSA) for 1436 XML Digital Signatures", RFC 4050, April 2005. 1438 [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional 1439 Algorithms and Identifiers for RSA Cryptography for use in the 1440 Internet X.509 Public Key Infrastructure Certificate and 1441 Certificate Revocation List (CRL) Profile", RFC 4055, June 1442 2005. 1444 [RFC4269] - Lee, H., Lee, S., Yoon, J., Cheon, D., and J. Lee, "The 1445 SEED Encryption Algorithm", RFC 4269, December 2005. 1447 [RFC6234] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash 1448 Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, May 1449 2011. 1451 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, 1452 "PKCS #1: RSA Cryptography Specifications Version 2.2", RFC 1453 8017, DOI 10.17487/RFC8017, November 2016, . 1456 [RFC8126] - Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1457 Writing an IANA Considerations Section in RFCs", BCP 26, RFC 1458 8126, DOI 10.17487/RFC8126, June 2017, . 1461 [RFC8174] - Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1462 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 1463 2017, . 1465 [X9.62] - American National Standards Institute, Accredited Standards 1466 Committee X9, "Public Key Cryptography for the Financial 1467 Services Industry: The Elliptic Curve Digital Signature 1468 Algorithm (ECDSA)", ANSI X9.62:2005, 2005. 1470 [XMLENC10] - Reagle, J. and D. Eastlake, "XML Encryption Syntax and 1471 Processing", W3C Recommendation, 10 December 2002, 1472 . 1474 [XMLENC11] - Eastlake, D., Reagle, J., Hirsch, F., and T. Roessler, 1475 "XML Encryption Syntax and Processing Version 1.1", W3C 1476 Proposed Recommendation, 24 January 2013, 1477 . 1479 [XPointer] - Grosso, P., Maler, E., Marsh, J., and N. Walsh, 1480 "XPointer Framework", W3C Recommendation, 25 March 2003, 1481 . 1483 Informational References 1485 [CANON10] - Boyer, J., "Canonical XML Version 1.0", W3C 1486 Recommendation, 15 March 2001, . 1489 [CANON11] - Boyer, J., and G. Marcy, "Canonical XML Version 1.1", W3C 1490 Recommendation, 2 May 2008, . 1493 [DECRYPT] - Hughes, M., Imamura, T., and H. Maruyama, "Decryption 1494 Transform for XML Signature", W3C Recommendation, 10 December 1495 2002, . 1497 [Err3597] - RFC Errata, Errata ID 3597, RFC 6931, . 1500 [Err3965] - RFC Errata, Errata ID 3965, RFC 6931, . 1503 [Err4004] - RFC Errata, Errata ID 4004, RFC 6931, . 1506 [GENERIC] - Nystrom, M. and F. Hirsch, "XML Security Generic Hybrid 1507 Ciphers", W3C Working Group Note, 24 January 2013, 1508 . 1511 [Keccak] - Bertoni, G., Daeman, J., Peeters, M., and G. Van Assche, 1512 "The KECCAK sponge function family", January 2013, 1513 . 1515 [RFC3075] - Eastlake 3rd, D., Reagle, J., and D. Solo, "XML-Signature 1516 Syntax and Processing", RFC 3075, March 2001. 1518 [RFC3076] - Boyer, J., "Canonical XML Version 1.0", RFC 3076, March 1519 2001. 1521 [RFC3092] - Eastlake 3rd, D., Manros, C., and E. Raymond, "Etymology 1522 of "Foo"", RFC 3092, April 1 2001. 1524 [RFC3741] - Boyer, J., Eastlake 3rd, D., and J. Reagle, "Exclusive 1525 XML Canonicalization, Version 1.0", RFC 3741, March 2004. 1527 [RFC4010] - Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 1528 Encryption Algorithm in Cryptographic Message Syntax (CMS)", 1529 RFC 4010, February 2005. 1531 [RFC4051] - Eastlake 3rd, D., "Additional XML Security Uniform 1532 Resource Identifiers (URIs)", RFC 4051, April 2005. 1534 [RFC6090] 1535 - D. McGrew, K. Igoe, M. Salter, "Fundamental Elliptic Curve 1536 Cryptography Algorithms", RFC 6090, February 2011. 1537 - Note RFC Errata numbers 2773, 2774, 2775, 2776, and 2777. 1539 [RFC6151] - Turner, S. and L. Chen, "Updated Security Considerations 1540 for the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 1541 6151, March 2011. 1543 [RFC6194] - Polk, T., Chen, L., Turner, S., and P. Hoffman, "Security 1544 Considerations for the SHA-0 and SHA-1 Message-Digest 1545 Algorithms", RFC 6194, March 2011. 1547 [RFC6931] - Eastlake 3rd, D., "Additional XML Security Uniform 1548 Resource Identifiers (URIs)", RFC 6931, April 2013, 1549 . 1551 [Schema] - Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, 1552 "XML Schema Part 1: Structures Second Edition", W3C 1553 Recommendation, 28 October 2004, 1554 . 1555 - Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes 1556 Second Edition", W3C Recommendation, 28 October 2004, 1557 . 1559 [SHA-3] - US National Institute of Science and Technology, "SHA-3 1560 WINNER", February 2013, . 1563 [W3C] - World Wide Web Consortium, . 1565 [XCANON] - Boyer, J., Eastlake, D., and J. Reagle, "Exclusive XML 1566 Canonicalization Version 1.0", W3C Recommendation, 18 July 1567 2002, . 1569 [XMLDSIG10] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., and T. 1570 Roessler, "XML Signature Syntax and Processing (Second 1571 Edition)", W3C Recommendation, 10 June 2008, 1572 ./ 1574 [XMLDSIG11] - Eastlake, D., Reagle, J., Solo, D., Hirsch, F., 1575 Nystrom, M., Roessler, T., and K. Yiu, "XML Signature Syntax 1576 and Processing Version 1.1", W3C Proposed Recommendation, 11 1577 April 2013, . 1579 [XMLDSIG-PROP] - Hirsch, F., "XML Signature Properties", W3C Proposed 1580 Recommendation, 24 January 2013, . 1583 [XMLSECXREF] - Hirsch, F., Roessler, T., and K. Yiu, "XML Security 1584 Algorithm Cross-Reference", W3C Working Group Note, 24 January 1585 2013, . 1588 [XPATH] - Boyer, J., Hughes, M., and J. Reagle, "XML-Signature XPath 1589 Filter 2.0", W3C Recommendation, 8 November 2002, 1590 . 1591 - Berglund, A., Boag, S., Chamberlin, D., Fernandez, M., Kay, 1592 M., Robie, J., and J. Simeon, "XML Path Language (XPath) 2.0 1593 (Second Edition)", W3C Recommendation, 14 December 2010, 1594 . 1596 [XSLT] - Saxonica, M., "XSL Transformations (XSLT) Version 2.0", W3C 1597 Recommendation, 23 January 2007, 1598 . 1600 Author's Address 1602 Donald E. Eastlake, 3rd 1603 Futurewei Technologies 1604 2386 Panoramic Circle 1605 Apopka, FL 32703 USA 1607 Phone: +1-508-333-2270 1608 EMail: d3e3e3@gmail.com 1610 Copyright, Disclaimer, and Additional IPR Provisions 1612 Copyright (c) 2020 IETF Trust and the persons identified as the 1613 document authors. All rights reserved. 1615 This document is subject to BCP 78 and the IETF Trust's Legal 1616 Provisions Relating to IETF Documents 1617 (http://trustee.ietf.org/license-info) in effect on the date of 1618 publication of this document. Please review these documents 1619 carefully, as they describe your rights and restrictions with respect 1620 to this document. Code Components extracted from this document must 1621 include Simplified BSD License text as described in Section 4.e of 1622 the Trust Legal Provisions and are provided without warranty as 1623 described in the Simplified BSD License. The definitive version of 1624 an IETF Document is that published by, or under the auspices of, the 1625 IETF. Versions of IETF Documents that are published by third parties, 1626 including those that are translated into other languages, should not 1627 be considered to be definitive versions of IETF Documents. The 1628 definitive version of these Legal Provisions is that published by, or 1629 under the auspices of, the IETF. Versions of these Legal Provisions 1630 that are published by third parties, including those that are 1631 translated into other languages, should not be considered to be 1632 definitive versions of these Legal Provisions. For the avoidance of 1633 doubt, each Contributor to the IETF Standards Process licenses each 1634 Contribution that he or she makes as part of the IETF Standards 1635 Process to the IETF Trust pursuant to the provisions of RFC 5378. No 1636 language to the contrary, or terms, conditions or rights that differ 1637 from or are inconsistent with the rights and licenses granted under 1638 RFC 5378, shall have any effect and shall be null and void, whether 1639 published or posted by such Contributor, or included with or in such 1640 Contribution.