idnits 2.17.1 draft-housley-smime-oids-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (20 October 2013) is 3834 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFC3161' is mentioned on line 288, but not defined == Missing Reference: 'RFC5272' is mentioned on line 365, but not defined ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 2630 (Obsoleted by RFC 3369, RFC 3370) -- Obsolete informational reference (is this intentional?): RFC 2633 (Obsoleted by RFC 3851) -- Obsolete informational reference (is this intentional?): RFC 3126 (Obsoleted by RFC 5126) -- Duplicate reference: RFC3183, mentioned in 'RFC3183', was also mentioned in 'Err3757'. -- Obsolete informational reference (is this intentional?): RFC 3211 (Obsoleted by RFC 3369, RFC 3370) -- Obsolete informational reference (is this intentional?): RFC 3369 (Obsoleted by RFC 3852) -- Obsolete informational reference (is this intentional?): RFC 3851 (Obsoleted by RFC 5751) -- Obsolete informational reference (is this intentional?): RFC 3852 (Obsoleted by RFC 5652) -- Obsolete informational reference (is this intentional?): RFC 4049 (Obsoleted by RFC 6019) -- Obsolete informational reference (is this intentional?): RFC 6486 (Obsoleted by RFC 9286) == Outdated reference: A later version (-07) exists of draft-housley-ct-keypackage-receipt-n-error-05 == Outdated reference: A later version (-10) exists of draft-housley-cms-mts-hash-sig-00 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 20 April 2014 20 October 2013 6 Object Identifier Registry for the S/MIME Mail Security Working Group 7 9 Abstract 11 When the S/MIME Mail Security Working Group was chartered, an object 12 identifier arc was donated by RSA Data Security for use by that 13 working group. This document describes the object identifiers that 14 were assigned in that donated arc, it transfers control of that arc 15 to IANA, and it establishes IANA allocation policies for any future 16 assignments within that arc. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as 26 Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/1id-abstracts.html 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html 39 Copyright and License Notice 41 Copyright (c) 2013 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 3 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 3.1. Update to SMI Security for Mechanism Codes Registry . . . 4 60 3.2. Add SMI Security for S/MIME Mail Security Registry . . . . 4 61 3.3. Add SMI Security for S/MIME Module Identifier Registry . . 5 62 3.4. Add SMI Security for S/MIME CMS Content Type Registry . . 6 63 3.5. Add SMI Security for S/MIME Attributes Registry . . . . . 7 64 3.6. Add SMI Security for S/MIME Algorithms Registry . . . . . 9 65 3.7. Add SMI Security for S/MIME Certificate Distribution 66 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 3.8. Add SMI Security for S/MIME Signature Policy Qualifier 68 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 3.9. Add SMI Security for S/MIME Commitment Type Identifier 70 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 10 71 3.10. Add SMI Security for S/MIME Test Security Policies 72 Registry . . . . . . . . . . . . . . . . . . . . . . . . 10 73 3.11. Add SMI Security for S/MIME Control Attributes for 74 Symmetric Key Distribution Registry . . . . . . . . . . . 10 75 3.12. Add SMI Security for S/MIME Signature Type Identifiers 76 Registry . . . . . . . . . . . . . . . . . . . . . . . . 11 77 3.13. Add SMI Security for S/MIME X.400 Encoded Information 78 Types Registry . . . . . . . . . . . . . . . . . . . . . 11 79 3.14. Add SMI Security for S/MIME Non-cryptographic 80 Capabilities Registry . . . . . . . . . . . . . . . . . . 12 81 3.15. Add SMI Security for S/MIME Portable Symmetric Key 82 Container (PSKC) Attributes Registry . . . . . . . . . . 12 83 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 84 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 85 5.1. Normative References . . . . . . . . . . . . . . . . . . . 13 86 5.2. Informative References . . . . . . . . . . . . . . . . . . 13 87 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 18 88 Author's Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 90 1. Introduction 92 When the S/MIME Mail Security Working Group was chartered, an object 93 identifier arc was donated by RSA Data Security for use by that 94 working group. These object identifiers are primarily used with 95 Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. The ASN.1 96 specifications continure to evolve, but object identifiers can be 97 used with any and all versions of ASN.1. 99 The S/MIME object identifier arc is: 101 id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) 102 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } 104 This document describes the object identifiers that were assigned in 105 that donated arc, it transfers control of that arc to IANA, and it 106 establishes IANA allocation policies for any future assignments 107 within that arc. 109 2. Subordinate Object Identifier Arcs 111 Thirteen subordinate object identifier arcs were used, numbered from 112 zero to twelve. They were assigned as follows: 114 -- ASN.1 modules 115 id-mod OBJECT IDENTIFIER ::= { id-smime 0 } 117 -- CMS content types 118 id-ct OBJECT IDENTIFIER ::= { id-smime 1 } 120 -- attributes 121 id-aa OBJECT IDENTIFIER ::= { id-smime 2 } 123 -- algorithm identifiers 124 id-alg OBJECT IDENTIFIER ::= { id-smime 3 } 126 -- certificate distribution 127 id-cd OBJECT IDENTIFIER ::= { id-smime 4 } 129 -- signature policy qualifier 130 id-spq OBJECT IDENTIFIER ::= { id-smime 5 } 132 -- commitment type identifier 133 id-cti OBJECT IDENTIFIER ::= { id-smime 6 } 135 -- test security policies 136 id-tsp OBJECT IDENTIFIER ::= { id-smime 7 } 138 -- symmetric key distribution control attributes 139 id-skd OBJECT IDENTIFIER ::= { id-smime 8 } 141 -- signature type identifier 142 id-sti OBJECT IDENTIFIER ::= { id-smime 9 } 143 -- encoded information types 144 id-eit OBJECT IDENTIFIER ::= { id-smime 10 } 146 -- S/MIME capabilities 147 id-cap OBJECT IDENTIFIER ::= { id-smime 11 } 149 -- PSKC Attributes 150 id-pskc OBJECT IDENTIFIER ::= { id-smime 12 } 152 The values assigned in each of these subordinate object identifier 153 arcs are discussed in the next section. 155 3. IANA Considerations 157 IANA is asked to update one registry table and create fourteen 158 additional tables. 160 Updates to the new tables require Expert Review as defined in 161 [RFC5226]. The expert is expected to ensure that any new values are 162 strongly related to the work that was done by the S/MIME Mail 163 Security Working Group. Object identifiers for other purposes should 164 not be assigned in this arc. 166 3.1. Update to SMI Security for Mechanism Codes Registry 168 The SMI Security for Mechanism Codes table, generally contains 169 entries with a positive integer value, but the value donated by RSA 170 Data Security cannot be described in this manner. An accompanying 171 table is needed with this entry: 173 OID Value Name Description References 174 --------------------- ----- --------------------- ---------- 175 1.2.840.113549.1.9.16 smime S/MIME Mail Security {This RFC} 177 3.2. Add SMI Security for S/MIME Mail Security Registry 179 Within the SMI-numbers registry, add a "SMI Security for S/MIME Mail 180 Security (1.2.840.113549.1.9.16)" table with three columns: 182 Decimal Description References 183 ------- -------------------------------------- ---------- 184 0 module-identifiers {This RFC} 185 1 cms-content-types {This RFC} 186 2 attributes {This RFC} 187 3 algorithm-identifiers {This RFC} 188 4 certificate-distribution {This RFC} 189 5 signature-policy-qualifiers {This RFC} 190 6 commitment-type-identifiers {This RFC} 191 7 test-security-policies {This RFC} 192 8 symmetric-key-dist-ctrl-attrs {This RFC} 193 9 signature-type-identifier {This RFC} 194 10 encoded-information-types {This RFC} 195 11 smime-capabilities {This RFC} 196 12 pskc-attributes {This RFC} 198 Future updates to this table require Expert Review as defined in 199 [RFC5226]. 201 3.3. Add SMI Security for S/MIME Module Identifier Registry 203 Within the SMI-numbers registry, add a "SMI Security for S/MIME 204 Module Identifier (1.2.840.113549.1.9.16.0)" table with three 205 columns: 207 Decimal Description References 208 ------- -------------------------------------- ---------- 209 1 id-mod-cms [RFC2630] 210 2 id-mod-ess [RFC2634] 211 3 id-mod-oid Reserved and Obsolete 212 4 id-mod-msg-v3 [RFC2633] 213 5 id-mod-ets-eSignature-88 [RFC3126] 214 6 id-mod-ets-eSignature-97 [RFC3126] 215 7 id-mod-ets-eSigPolicy-88 [RFC3125] 216 8 id-mod-ets-eSigPolicy-97 [RFC3125] 217 9 id-mod-certdist Reserved and Obsolete 218 10 id-mod-domsec [RFC3183] 219 11 id-mod-compress [RFC3274] 220 12 id-mod-symkeydist [RFC5275] 221 13 id-mod-cek-reuse [RFC3185] 222 14 id-mod-cms-2001 [RFC3369] 223 15 id-mod-v1AttrCert [RFC3369] 224 16 id-mod-cmsalg-2001 [RFC3370] 225 17 id-mod-cms-pwri-88 [RFC3211] 226 18 id-mod-cms-pwri-97 [RFC3211] 227 19 id-mod-cms-aes [RFC3565] 228 20 id-mod-cms-rsaes-oaep [RFC3560] 229 21 id-mod-msg-v3dot1 [RFC3851] 230 22 id-mod-cms-firmware-wrap [RFC4108] 231 23 id-mod-cms-camilla [RFC3657] 232 24 id-mod-cms-2004 [RFC3852] 233 25 id-mod-cms-seed [RFC4010] 234 26 id-mod-contentCollection [RFC4073] 235 27 id-mod-binarySigningTime [RFC4049] 236 28 id-mod-ets-eSignature-explicitSyntax88 [RFC5126] 237 29 id-mod-ets-eSignature-explicitSyntax97 [RFC5126] 238 30 id-mod-ess-2006 [RFC5035] 239 31 id-mod-cms-authEnvelopedData [RFC5083] 240 32 id-mod-cms-aes-ccm-and-gcm [RFC5084] 241 33 id-mod-symmetricKeyPkgV1 [RFC6031] 242 34 id-mod-multipleSig-2008 [RFC5752] 243 35 id-mod-timestampedData [RFC5544] 244 36 id-mod-symkeydist-02 [RFC5911] 245 37 id-mod-cmsalg-2001-02 [RFC5911] 246 38 id-mod-cms-aes-02 [RFC5911] 247 39 id-mod-msg-v3dot1-02 [RFC5911] 248 40 id-mod-cms-firmware-wrap-02 [RFC5911] 249 41 id-mod-cms-2004-02 [RFC5911] 250 42 id-mod-ess-2006-02 [RFC5911] 251 43 id-mod-cms-authEnvelopedData-02 [RFC5911] 252 44 id-mod-cms-aes-ccm-gcm-02 [RFC5911] 253 45 id-mod-cms-ecc-alg-2009-88 [RFC5753] 254 46 id-mod-cms-ecc-alg-2009-02 [RFC5753] 255 47 id-mod-aesKeyWrapWithPad-88 [RFC5649] 256 48 id-mod-aesKeyWrapWithPad-02 [RFC5649] 257 49 id-mod-MD5-XOR-EXPERIMENT [RFC6210] 258 50 id-mod-asymmetricKeyPkgV1 [RFC5958] 259 51 id-mod-encryptedKeyPkgV1 [RFC6032] 260 52 id-mod-cms-algorithmProtect [RFC6211] 261 53 id-mod-pskcAttributesModule [RFC6031] 262 54 id-mod-compressedDataContent [RFC6268] 263 55 id-mod-binSigningTime-2009 [RFC6268] 264 56 id-mod-contentCollect-2009 [RFC6268] 265 57 id-mod-cmsAuthEnvData-2009 [RFC6268] 266 58 id-mod-cms-2009 [RFC6268] 267 59 id-mod-multipleSign-2009 [RFC6268] 268 60 id-mod-rpkiManifest [RFC6486] 269 61 id-mod-rpkiROA [RFC6482] 270 62 id-mod-setKeyAttributeV1 [WIP1] 271 63 id-mod-keyPkgReceiptAndErrV2 [WIP2] 272 64 id-mod-mts-hashsig-2013 [WIP3] 274 Future updates to this table require Expert Review as defined in 275 [RFC5226]. 277 3.4. Add SMI Security for S/MIME CMS Content Type Registry 279 Within the SMI-numbers registry, add a "SMI Security for S/MIME CMS 280 Content Type (1.2.840.113549.1.9.16.1)" table with three columns: 282 Decimal Description References 283 ------- -------------------------------------- ---------- 284 0 id-ct-anyContentType [RFC6010] 285 1 id-ct-receipt [RFC2634] 286 2 id-ct-authData [RFC2630] 287 3 id-ct-publishCert Reserved and Obsolete 288 4 id-ct-TSTInfo [RFC3161] 289 5 id-ct-TDTInfo Reserved and Obsolete 290 6 id-ct-contentInfo [RFC2630] 291 7 id-ct-DVCSRequestData [RFC3029] 292 8 id-ct-DVCSResponseData [RFC3029] 293 9 id-ct-compressedData [RFC3274] 294 10 id-ct-scvp-certValRequest [RFC5055] 295 11 id-ct-scvp-certValResponse [RFC5055] 296 12 id-ct-scvp-valPolRequest [RFC5055] 297 13 id-ct-scvp-valPolResponse [RFC5055] 298 14 id-ct-attrCertEncAttrs [RFC5755] 299 15 id-ct-TSReq Reserved and Obsolete 300 16 id-ct-firmwarePackage [RFC4108] 301 17 id-ct-firmwareLoadReceipt [RFC4108] 302 18 id-ct-firmwareLoadError [RFC4108] 303 19 id-ct-contentCollection [RFC4073] 304 20 id-ct-contentWithAttrs [RFC4073] 305 21 id-ct-encKeyWithID [RFC4211] 306 22 id-ct-encPEPSI Reserved and Obsolete 307 23 id-ct-authEnvelopedData [RFC5083] 308 24 id-ct-routeOriginAuthz [RFC6482] 309 25 id-ct-KP-sKeyPackage [RFC6031] 310 26 id-ct-rpkiManifest [RFC6486] 311 27 id-ct-asciiTextWithCRLF [RFC5485] 312 28 id-ct-xml [RFC5485] 313 29 id-ct-pdf [RFC5485] 314 30 id-ct-postscript [RFC5485] 315 31 id-ct-timestampedData [RFC5544] 316 32 id-ct-ASAdjacencyAttest Reserved and Obsolete 317 33 id-ct-rpkiTrustAnchor Reserved and Obsolete 318 34 id-ct-trustAnchorList [RFC5914] 319 35 id-ct-rpkiGhostbusters [RFC6493] 320 36 id-ct-resourceTaggedAttest Reserved and Obsolete 322 Future updates to this table require Expert Review as defined in 323 [RFC5226]. 325 3.5. Add SMI Security for S/MIME Attributes Registry 327 Within the SMI-numbers registry, add a "SMI Security for S/MIME 328 Attributes (1.2.840.113549.1.9.16.2)" table with three columns: 330 Decimal Description References 331 ------- -------------------------------------- ---------- 332 1 id-aa-receiptRequest [RFC2634] 333 2 id-aa-securityLabel [RFC2634] 334 3 id-aa-mlExpandHistory [RFC2634] 335 4 id-aa-contentHint [RFC2634] 336 5 id-aa-msgSigDigest [RFC2634] 337 6 id-aa-encapContentType Reserved and Obsolete 338 7 id-aa-contentIdentifier [RFC2634] 339 8 id-aa-macValue Reserved and Obsolete 340 9 id-aa-equivalentLabels [RFC2634] 341 10 id-aa-contentReference [RFC2634] 342 11 id-aa-encrypKeyPref [RFC2634] 343 12 id-aa-signingCertificate [RFC2634] 344 13 id-aa-smimeEncryptCerts Reserved and Obsolete 345 14 id-aa-timeStampToken [RFC3126] 346 15 id-aa-ets-sigPolicyId [RFC3126] 347 16 id-aa-ets-commitmentType [RFC3126] 348 17 id-aa-ets-signerLocation [RFC3126] 349 18 id-aa-ets-signerAttr [RFC3126] 350 19 id-aa-ets-otherSigCert [RFC3126] 351 20 id-aa-ets-contentTimestamp [RFC3126] 352 21 id-aa-ets-CertificateRefs [RFC3126] 353 22 id-aa-ets-RevocationRefs [RFC3126] 354 23 id-aa-ets-certValues [RFC3126] 355 24 id-aa-ets-revocationValues [RFC3126] 356 25 id-aa-ets-escTimeStamp [RFC3126] 357 26 id-aa-ets-certCRLTimestamp [RFC3126] 358 27 id-aa-ets-archiveTimeStamp [RFC3126] 359 28 id-aa-signatureType [Err3757] 360 29 id-aa-dvcs-dvc [RFC3029] 361 30 id-aa-CEKReference [RFC3185] 362 31 id-aa-CEKMaxDecrypts [RFC3185] 363 32 id-aa-KEKDerivationAlg [RFC3185] 364 33 id-aa-intendedRecipients Reserved and Obsolete 365 34 id-aa-cmc-unsignedData [RFC5272] 366 35 id-aa-firmwarePackageID [RFC4108] 367 36 id-aa-targetHardwareIDs [RFC4108] 368 37 id-aa-decryptKeyID [RFC4108] 369 38 id-aa-implCryptoAlgs [RFC4108] 370 39 id-aa-wrappedFirmwareKey [RFC4108] 371 40 id-aa-communityIdentifiers [RFC4108] 372 41 id-aa-fwPkgMessageDigest [RFC4108] 373 42 id-aa-firmwarePackageInfo [RFC4108] 374 43 id-aa-implCompressAlgs [RFC4108] 375 44 id-aa-ets-attrCertificateRefs [RFC5126] 376 45 id-aa-ets-attrRevocationRefs [RFC5126] 377 46 id-aa-binarySigningTime [RFC4049] 378 47 id-aa-signingCertificateV2 [RFC5035] 379 48 id-aa-ets-archiveTimeStampV2 [RFC5126] 380 49 id-aa-er-internal [RFC4998] 381 50 id-aa-er-external [RFC4998] 382 51 id-aa-multipleSignatures [RFC5752] 383 52 id-aa-cmsAlgorithmProtect [RFC6211] 384 53 id-aa-setKeyInformation [WIP1] 385 54 id-aa-asymmDecryptKeyID [RFC7030] 387 Future updates to this table require Expert Review as defined in 388 [RFC5226]. 390 3.6. Add SMI Security for S/MIME Algorithms Registry 392 Within the SMI-numbers registry, add a "SMI Security for S/MIME 393 Algorithms (1.2.840.113549.1.9.16.3)" table with three columns: 395 Decimal Description References 396 ------- -------------------------------------- ---------- 397 1 id-alg-ESDHwith3DES Reserved and Obsolete 398 2 id-alg-ESDHwithRC2 Reserved and Obsolete 399 3 id-alg-3DESwrap Reserved and Obsolete 400 4 id-alg-RC2wrap Reserved and Obsolete 401 5 id-alg-ESDH [RFC2630] 402 6 id-alg-CMS3DESwrap [RFC2630] 403 7 id-alg-CMSRC2wrap [RFC2630] 404 8 id-alg-zLibCompress [RFC3274] 405 9 id-alg-PWRI-KEK [RFC3211] 406 10 id-alg-SSDH [RFC3370] 407 11 id-alg-HMACwith3DESwrap [RFC3537] 408 12 id-alg-HMACwithAESwrap [RFC3537] 409 13 id-alg-MD5-XOR-EXPERIMENT [RFC6210] 410 14 id-alg-rsa-kem [RFC5990] 411 15 id-alg-authEnc-128 [RFC6476] 412 16 id-alg-authEnc-256 [RFC6476] 413 17 id-alg-mts-hashsig [WIP3] 415 Future updates to this table require Expert Review as defined in 416 [RFC5226]. 418 3.7. Add SMI Security for S/MIME Certificate Distribution Registry 420 Within the SMI-numbers registry, add a "SMI Security for S/MIME 421 Certificate Distribution Mechanisms (1.2.840.113549.1.9.16.4)" table 422 with three columns: 424 Decimal Description References 425 ------- -------------------------------------- ---------- 426 1 id-cd-ldap Reserved and Obsolete 428 Future updates to this table require Expert Review as defined in 429 [RFC5226]. 431 3.8. Add SMI Security for S/MIME Signature Policy Qualifier Registry 433 Within the SMI-numbers registry, add a "SMI Security for S/MIME 434 Signature Policy Qualifier (1.2.840.113549.1.9.16.5)" table with 435 three columns: 437 Decimal Description References 438 ------- -------------------------------------- ---------- 439 1 id-spq-ets-sqt-uri [RFC3126] 440 2 id-spq-ets-sqt-unotice [RFC3126] 442 Future updates to this table require Expert Review as defined in 443 [RFC5226]. 445 3.9. Add SMI Security for S/MIME Commitment Type Identifier Registry 447 Within the SMI-numbers registry, add a "SMI Security for S/MIME 448 Commitment Type Identifier (1.2.840.113549.1.9.16.6)" table with 449 three columns: 451 Decimal Description References 452 ------- -------------------------------------- ---------- 453 1 id-cti-ets-proofOfOrigin [RFC3126] 454 2 id-cti-ets-proofOfReceipt [RFC3126] 455 3 id-cti-ets-proofOfDelivery [RFC3126] 456 4 id-cti-ets-proofOfSender [RFC3126] 457 5 id-cti-ets-proofOfApproval [RFC3126] 458 6 id-cti-ets-proofOfCreation [RFC3126] 460 Future updates to this table require Expert Review as defined in 461 [RFC5226]. 463 3.10. Add SMI Security for S/MIME Test Security Policies Registry 465 Within the SMI-numbers registry, add a "SMI Security for S/MIME Test 466 Security Policies (1.2.840.113549.1.9.16.7)" table with three 467 columns: 469 Decimal Description References 470 ------- -------------------------------------- ---------- 471 1 id-tsp-TEST-Amoco [RFC3114] 472 2 id-tsp-TEST-Caterpillar [RFC3114] 473 3 id-tsp-TEST-Whirlpool [RFC3114] 474 4 id-tsp-TEST-Whirlpool-Categories [RFC3114] 476 Future updates to this table require Expert Review as defined in 477 [RFC5226]. 479 3.11. Add SMI Security for S/MIME Control Attributes for Symmetric Key 480 Distribution Registry 482 Within the SMI-numbers registry, add a "SMI Security for S/MIME 483 Control Attributes for Symmetric Key Distribution 484 (1.2.840.113549.1.9.16.8)" table with three columns: 486 Decimal Description References 487 ------- -------------------------------------- ---------- 488 1 id-skd-glUseKEK [RFC5275] 489 2 id-skd-glDelete [RFC5275] 490 3 id-skd-glAddMember [RFC5275] 491 4 id-skd-glDeleteMember [RFC5275] 492 5 id-skd-glRekey [RFC5275] 493 6 id-skd-glAddOwner [RFC5275] 494 7 id-skd-glRemoveOwner [RFC5275] 495 8 id-skd-glkCompromise [RFC5275] 496 9 id-skd-glkRefresh [RFC5275] 497 10 id-skd-glFailInfo Reserved and Obsolete 498 11 id-skd-glaQueryRequest [RFC5275] 499 12 id-skd-glaQueryResponse [RFC5275] 500 13 id-skd-glProvideCert [RFC5275] 501 14 id-skd-glManageCert [RFC5275] 502 15 id-skd-glKey [RFC5275] 504 Future updates to this table require Expert Review as defined in 505 [RFC5226]. 507 3.12. Add SMI Security for S/MIME Signature Type Identifiers Registry 509 Within the SMI-numbers registry, add a "SMI Security for S/MIME 510 Signature Type Identifiers (1.2.840.113549.1.9.16.9)" table with 511 three columns: 513 Decimal Description References 514 ------- -------------------------------------- ---------- 515 1 id-sti-originatorSig [RFC3183] 516 2 id-sti-domainSig [RFC3183] 517 3 id-sti-addAttribSig [RFC3183] 518 4 id-sti-reviewSig [RFC3183] 520 Future updates to this table require Expert Review as defined in 521 [RFC5226]. 523 3.13. Add SMI Security for S/MIME X.400 Encoded Information Types 524 Registry 526 Within the SMI-numbers registry, add a "SMI Security for X.400 527 Encoded Information Types (EIT) for S/MIME objects 528 (1.2.840.113549.1.9.16.10)" table with three columns: 530 Decimal Description References 531 ------- -------------------------------------- ---------- 532 1 id-eit-envelopedData [RFC3855] 533 2 id-eit-signedData [RFC3855] 534 3 id-eit-certOnly [RFC3855] 535 4 id-eit-signedReceipt [RFC3855] 536 5 id-eit-envelopedX400 [RFC3855] 537 6 id-eit-signedX400 [RFC3855] 538 7 id-eit-compressedData [RFC3855] 540 Future updates to this table require Expert Review as defined in 541 [RFC5226]. 543 3.14. Add SMI Security for S/MIME Non-cryptographic Capabilities 544 Registry 546 Within the SMI-numbers registry, add a "SMI Security for S/MIME 547 Capabilities (other than cryptographic algorithms) 548 (1.2.840.113549.1.9.16.11)" table with three columns: 550 Decimal Description References 551 ------- -------------------------------------- ---------- 552 1 id-cap-preferBinaryInside [RFC3851] 554 Future updates to this table require Expert Review as defined in 555 [RFC5226]. 557 3.15. Add SMI Security for S/MIME Portable Symmetric Key Container 558 (PSKC) Attributes Registry 560 Within the SMI-numbers registry, add a "SMI Security for S/MIME 561 Portable Symmetric Key Container (PSKC) Attributes 562 (1.2.840.113549.1.9.16.12)" table with three columns: 564 Decimal Description References 565 ------- -------------------------------------- ---------- 566 1 id-pskc-manufacturer [RFC6031] 567 2 id-pskc-serialNo [RFC6031] 568 3 id-pskc-model [RFC6031] 569 4 id-pskc-issueNo [RFC6031] 570 5 id-pskc-deviceBinding [RFC6031] 571 6 id-pskc-deviceStartDate [RFC6031] 572 7 id-pskc-deviceExpiryDate [RFC6031] 573 7 id-pskc-moduleId [RFC6031] 574 9 id-pskc-keyId [RFC6031] 575 10 id-pskc-algorithm [RFC6031] 576 11 id-pskc-issuer [RFC6031] 577 12 id-pskc-keyProfileId [RFC6031] 578 13 id-pskc-keyReference [RFC6031] 579 14 id-pskc-friendlyName [RFC6031] 580 15 id-pskc-algorithmParams [RFC6031] 581 16 id-pskc-counter [RFC6031] 582 17 id-pskc-time [RFC6031] 583 18 id-pskc-timeInterval [RFC6031] 584 19 id-pskc-timeDrift [RFC6031] 585 20 id-pskc-valueMAC [RFC6031] 586 21 id-pskc-keyStartDate [RFC6031] 587 22 id-pskc-keyExpiryDate [RFC6031] 588 23 id-pskc-noOfTransactions [RFC6031] 589 24 id-pskc-keyUsages [RFC6031] 590 25 id-pskc-pinPolicy [RFC6031] 591 26 id-pskc-deviceUserId [RFC6031] 592 27 id-pskc-keyUserId [RFC6031] 594 Future updates to this table require Expert Review as defined in 595 [RFC5226]. 597 4. Security Considerations 599 This document populates an IANA registry, and it raises no new 600 security considerations. The protocols that specify these values 601 include the security considerations associated with their usage. 603 5. References 605 5.1. Normative References 607 [ASN1-88] International Telephone and Telegraph Consultative 608 Committee, "Specification of Abstract Syntax Notation One 609 (ASN.1)", CCITT Recommendation X.208, 1988. 611 [ASN1-97] International Telecommunications Union, "Abstract Syntax 612 Notation One (ASN.1): Specification of basic notation", 613 ITU-T Recommendation X.680, 1997. 615 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 616 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 617 May 2008. 619 5.2. Informative References 621 [Err3757] Errata for RFC 3183. [http://www.rfc- 622 editor.org/errata_search.php?eid=3757] 624 [RFC2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, 625 June 1999. 627 [RFC2633] Ramsdell, B., Ed., "S/MIME Version 3 Message 628 Specification", RFC 2633, June 1999. 630 [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", 631 RFC 2634, June 1999. 633 [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. 634 Zuccherato, "Internet X.509 Public Key Infrastructure Data 635 Validation and Certification Server Protocols", RFC 3029, 636 February 2001. 638 [RFC3114] Nicolls, W., "Implementing Company Classification Policy 639 with the S/MIME Security Label", RFC 3114, May 2002. 641 [RFC3125] Ross, J., Pinkas, D., and N. Pope, "Electronic Signature 642 Policies", RFC 3125, September 2001. 644 [RFC3126] Pinkas, D., Ross, J., and N. Pope, "Electronic Signature 645 Formats for long term electronic signatures", RFC 3126, 646 September 2001. 648 [RFC3183] Dean, T. and W. Ottaway, "Domain Security Services using 649 S/MIME", RFC 3183, October 2001. 651 [RFC3185] Farrell, S. and S. Turner, "Reuse of CMS Content 652 Encryption Keys", RFC 3185, October 2001. 654 [RFC3211] Gutmann, P., "Password-based Encryption for CMS", 655 RFC 3211, December 2001. 657 [RFC3274] Gutmann, P., "Compressed Data Content Type for 658 Cryptographic Message Syntax (CMS)", RFC 3274, June 2002. 660 [RFC3369] Housley, R., "Cryptographic Message Syntax (CMS)", 661 RFC 3369, August 2002. 663 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 664 Algorithms", RFC 3370, August 2002. 666 [RFC3537] Schaad, J. and R. Housley, "Wrapping a Hashed Message 667 Authentication Code (HMAC) key with a Triple-Data 668 Encryption Standard (DES) Key or an Advanced Encryption 669 Standard (AES) Key", RFC 3537, May 2003. 671 [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport 672 Algorithm in Cryptographic Message Syntax (CMS)", 673 RFC 3560, July 2003. 675 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard (AES) 676 Encryption Algorithm in Cryptographic Message Syntax 677 (CMS)", RFC 3565, July 2003. 679 [RFC3657] Moriai, S. and A. Kato, "Use of the Camellia Encryption 680 Algorithm in Cryptographic Message Syntax (CMS)", 681 RFC 3657, January 2004. 683 [RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail 684 Extensions (S/MIME) Version 3.1 Message Specification", 685 RFC 3851, July 2004. 687 [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", 688 RFC 3852, July 2004. 690 [RFC3855] Hoffman, P. and C. Bonatti, "Transporting 691 Secure/Multipurpose Internet Mail Extensions (S/MIME) 692 Objects in X.400", RFC 3855, July 2004. 694 [RFC4010] Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 695 Encryption Algorithm in Cryptographic Message Syntax 696 (CMS)", RFC 4010, February 2005. 698 [RFC4073] Housley, R., "Protecting Multiple Contents with the 699 Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. 701 [RFC4049] Housley, R., "BinaryTime: An Alternate Format for 702 Representing Date and Time in ASN.1", RFC 4049, April 703 2005. 705 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 706 Protect Firmware Packages", RFC 4108, August 2005. 708 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 709 Certificate Request Message Format (CRMF)", RFC 4211, 710 September 2005. 712 [RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence 713 Record Syntax (ERS)", RFC 4998, August 2007. 715 [RFC5035] Schaad, J., "Enhanced Security Services (ESS) Update: 716 Adding CertID Algorithm Agility", RFC 5035, August 2007. 718 [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. 719 Polk, "Server-Based Certificate Validation Protocol 720 (SCVP)", RFC 5055, December 2007. 722 [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) 723 Authenticated-Enveloped-Data Content Type", RFC 5083, 724 November 2007. 726 [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated 727 Encryption in the Cryptographic Message Syntax (CMS)", 728 RFC 5084, November 2007. 730 [RFC5126] Pinkas, D., Pope, N., and J. Ross, "CMS Advanced 731 Electronic Signatures (CAdES)", RFC 5126, March 2008. 733 [RFC5275] Turner, S., "CMS Symmetric Key Management and 734 Distribution", RFC 5275, June 2008. 736 [RFC5485] Housley, R., "Digital Signatures on Internet-Draft 737 Documents", RFC 5485, March 2009. 739 [RFC5544] Santoni, A., "Syntax for Binding Documents with Time- 740 Stamps", RFC 5544, February 2010. 742 [RFC5649] Housley, R. and M. Dworkin, "Advanced Encryption Standard 743 (AES) Key Wrap with Padding Algorithm", RFC 5649, 744 September 2009. 746 [RFC5752] Turner, S. and J. Schaad, "Multiple Signatures in 747 Cryptographic Message Syntax (CMS)", RFC 5752, January 748 2010. 750 [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve 751 Cryptography (ECC) Algorithms in Cryptographic Message 752 Syntax (CMS)", RFC 5753, January 2010. 754 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 755 Attribute Certificate Profile for Authorization", 756 RFC 5755, January 2010. 758 [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for 759 Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, 760 June 2010. 762 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 763 Format", RFC 5914, June 2010. 765 [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, August 766 2010. 768 [RFC5990] Randall, J., Kaliski, B., Brainard, J., and S. Turner, 769 "Use of the RSA-KEM Key Transport Algorithm in the 770 Cryptographic Message Syntax (CMS)", RFC 5990, September 771 2010. 773 [RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic 774 Message Syntax (CMS) Content Constraints Extension", 775 RFC 6010, September 2010. 777 [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax 778 (CMS) Symmetric Key Package Content Type", RFC 6031, 779 December 2010. 781 [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax 782 (CMS) Encrypted Key Package Content Type", RFC 6032, 783 December 2010. 785 [RFC6210] Schaad, J., "Experiment: Hash Functions with Parameters in 786 the Cryptographic Message Syntax (CMS) and S/MIME", 787 RFC 6210, April 2011. 789 [RFC6211] Schaad, J., "Cryptographic Message Syntax (CMS) Algorithm 790 Identifier Protection Attribute", RFC 6211, April 2011. 792 [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules 793 for the Cryptographic Message Syntax (CMS) and the Public 794 Key Infrastructure Using X.509 (PKIX)", RFC 6268, July 795 2011. 797 [RFC6476] Gutmann, P., "Using Message Authentication Code (MAC) 798 Encryption in the Cryptographic Message Syntax (CMS)", 799 RFC 6476, January 2012. 801 [RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route 802 Origin Authorizations (ROAs)", RFC 6482, February 2012. 804 [RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski, 805 "Manifests for the Resource Public Key Infrastructure 806 (RPKI)", RFC 6486, February 2012. 808 [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) 809 Ghostbusters Record", RFC 6493, February 2012. 811 [RFC7030] M. Pritikin, M., P. Yee, and D. Harkins, "Enrollment over 812 Secure Transport", RFC 7030, October 2013. 814 [WIP1] Herzog, J., and R. Khazan, "A set-key attribute for 815 symmetric-key packages", Work in progress, October 2012. 817 [draft-herzog-setkey-07] 819 [WIP2] Housley, R., "Cryptographic Message Syntax (CMS) Key 820 Package Receipt and Error Content Types", Work in 821 progress, October 2013. [draft-housley-ct-keypackage- 822 receipt-n-error-05] 824 [WIP3] Housley, R., "Use of the Hash-based Merkle Tree Signature 825 (MTS) Algorithm in the Cryptographic Message Syntax 826 (CMS)", Work in progress, August 2013. [draft-housley-cms- 827 mts-hash-sig-00] 829 Acknowledgements 831 Thanks to Jim Schaad, Sean Turner, and Carl Wallace for their review 832 and comments. 834 Author's Addresses 836 Russ Housley 837 918 Spring Knoll Drive 838 Herndon, VA 20170 839 USA 840 EMail: housley@vigilsec.com