idnits 2.17.1 draft-ietf-lamps-cmp-algorithms-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (October 24, 2020) is 1273 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS180-4' -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS186-5' == Outdated reference: A later version (-23) exists of draft-ietf-lamps-cmp-updates-05 ** Downref: Normative reference to an Informational RFC: RFC 2104 ** Downref: Normative reference to an Informational RFC: RFC 3394 ** Downref: Normative reference to an Informational RFC: RFC 5649 ** Downref: Normative reference to an Informational RFC: RFC 5753 ** Downref: Normative reference to an Informational RFC: RFC 6278 ** Downref: Normative reference to an Informational RFC: RFC 8017 ** Downref: Normative reference to an Informational RFC: RFC 8018 == Outdated reference: A later version (-21) exists of draft-ietf-lamps-lightweight-cmp-profile-03 Summary: 7 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 LAMPS Working Group H. Brockhaus 3 Internet-Draft Siemens 4 Intended status: Standards Track October 24, 2020 5 Expires: April 27, 2021 7 CMP Algorithms 8 draft-ietf-lamps-cmp-algorithms-00 10 Abstract 12 This document describes the conventions for using several 13 cryptographic algorithms with the Certificate Management Protocol 14 (CMP). CMP is used to enroll and further manage the lifecycle of 15 X.509 certificates. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on April 27, 2021. 34 Copyright Notice 36 Copyright (c) 2020 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Message Digest Algorithms . . . . . . . . . . . . . . . . . . 3 54 2.1. SHA2 . . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Signature Algorithms . . . . . . . . . . . . . . . . . . . . 3 56 3.1. DSA . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3.2. RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 3.3. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . 5 59 4. Key Management Algorithms . . . . . . . . . . . . . . . . . . 5 60 4.1. Key Agreement Algorithms . . . . . . . . . . . . . . . . 6 61 4.1.1. Diffie-Hellman . . . . . . . . . . . . . . . . . . . 6 62 4.1.2. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 6 63 4.2. Key Transport Algorithms . . . . . . . . . . . . . . . . 7 64 4.2.1. RSA . . . . . . . . . . . . . . . . . . . . . . . . . 7 65 4.3. Symmetric Key-Encryption Algorithms . . . . . . . . . . . 7 66 4.3.1. AES Key Wrap with Padding . . . . . . . . . . . . . . 8 67 4.4. Key Derivation Algorithms . . . . . . . . . . . . . . . . 8 68 4.4.1. Password-based Key Derivation Function 2 . . . . . . 8 69 5. Content Encryption Algorithms . . . . . . . . . . . . . . . . 9 70 5.1. AES . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 71 6. Message Authentication Code Algorithms . . . . . . . . . . . 9 72 6.1. Password-based MAC . . . . . . . . . . . . . . . . . . . 9 73 6.2. Diffie-Hellman-based MAC . . . . . . . . . . . . . . . . 10 74 6.3. HMAC SHA2 . . . . . . . . . . . . . . . . . . . . . . . . 10 75 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 76 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 77 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 78 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 79 10.1. Normative References . . . . . . . . . . . . . . . . . . 11 80 10.2. Informative References . . . . . . . . . . . . . . . . . 13 81 Appendix A. History of changes . . . . . . . . . . . . . . . . . 13 82 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 84 1. Introduction 86 1.1. Terminology 88 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 89 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 90 document are to be interpreted as described in BCP 14 [RFC2119] 91 [RFC8174] when, and only when, they appear in all capitals, as shown 92 here. 94 2. Message Digest Algorithms 96 This section specifies the conventions employed by CMP 97 implementations that support SHA-1 or SHA2 algorithm family. 99 Digest algorithm identifiers are located in the hashAlg field of 100 OOBCertHash, the owf field of Challenge, PBMParameter, and 101 DHBMParameter, and the digestAlgorithms field of SignedData and the 102 digestAlgorithm field of SignerInfo. 104 Digest values are located in the hashVal field of OOBCertHash, the 105 witness field of Challenge, and the certHash field of CertStatus. In 106 addition, digest values are input to signature algorithms. 108 2.1. SHA2 110 The SHA2 message digest algorithm family is defined in FIPS Pub 180-4 111 [FIPS180-4]. 113 The message digest algorithms SHA-224, SHA-256, SHA-384, and SHA-512 114 produce a 224-bit are identified by the following object identifiers 115 (OIDs): 117 id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) 118 us(840) organization(1) gov(101) csor(3) nistalgorithm(4) 119 hashalgs(2) 4 } 120 id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) 121 us(840) organization(1) gov(101) csor(3) nistalgorithm(4) 122 hashalgs(2) 1 } 123 id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) 124 us(840) organization(1) gov(101) csor(3) nistalgorithm(4) 125 hashalgs(2) 2 } 126 id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) 127 us(840) organization(1) gov(101) csor(3) nistalgorithm(4) 128 hashalgs(2) 3 } 130 Further conventions to be considered are specified in RFC 5754 131 Section 2 [RFC5754]. 133 3. Signature Algorithms 135 This section specifies the conventions employed by CMP 136 implementations that support DSA, RSA, or ECDSA. 138 The signature algorithm is referred to as MSG_SIG_ALG in RFC 4210 139 Appendix D and E [RFC4210] and in the Lightweight CMP Profile 140 [I-D.ietf-lamps-lightweight-cmp-profile]. 142 Signature algorithm identifiers are located in the protectionAlg 143 field of PKIHeader, the algorithmIdentifier field of POPOSigningKey, 144 signatureAlgorithm field of p10cr, SignKeyPairTypes, and the 145 SignerInfo signatureAlgorithm field of SignedData. 147 Signature values are located in the protection field of PKIMessage, 148 signature field of POPOSigningKey, signature field of p10cr, and 149 SignerInfo signature field of SignedData. 151 3.1. DSA 153 The DSA signature algorithm is defined in FIPS Pub 186-5 [FIPS186-5] 154 and MAY be used with SHA-224 and SHA-256 as specified in RFC 5754 155 [RFC5754]. 157 The algorithm identifiers for DSA with SHA2 signature values are: 159 id-dsa-with-sha224 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) 160 country(16) us(840) organization(1) gov(101) csor(3) 161 algorithms(4) id-dsa-with-sha2(3) 1 } 162 id-dsa-with-sha256 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) 163 country(16) us(840) organization(1) gov(101) csor(3) 164 algorithms(4) id-dsa-with-sha2(3) 2 } 166 Further conventions to be considered are specified in RFC 5754 167 Section 3.1 [RFC5754]. 169 3.2. RSA 171 The RSA (RSASSA-PSS and RSASSA-PKCS1-v1_5) signature algorithm is 172 defined in RFC 8017 [RFC8017]. RSASSA-PKCS1-v1_5 MAY be used with 173 SHA-224, SHA-256, SHA-384, or SHA-512 as specified in RFC 5754 174 [RFC5754]. 176 The algorithm identifiers for RSASAA-PSS signatures as specified in 177 RFC 4055 [RFC4055] is: 179 id-RSASSA-PSS OBJECT IDENTIFIER ::= { iso(1) member-body(2) 180 us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 10 } 182 Further conventions to be considered are specified in RFC 4056 183 [RFC4056]. 185 The algorithm identifiers for RSASSA-PKCS1-v1_5 signatures as 186 specified in RFC 4055 [RFC4055] are: 188 sha224WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) 189 member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 14 } 190 sha256WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) 191 member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 11 } 192 sha384WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) 193 member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 12 } 194 sha512WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) 195 member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 13 } 197 Further conventions to be considered are specified in RFC 5754 198 Section 3.2 [RFC5754]. 200 3.3. ECDSA 202 The ECDSA signature algorithm is defined in FIPS Pub 186-5 203 [FIPS186-5] and MAY be used with SHA-224, SHA-256, SHA-384, or 204 SHA-512 as specified in RFC 5754 [RFC5754]. 206 The algorithm identifiers for ECDSA with SHA2 signature values are: 208 ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 209 us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 } 210 ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 211 us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } 212 ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 213 us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } 214 ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 215 us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 } 217 Further conventions to be considered are specified in RFC 5754 218 Section 3.3 [RFC5754]. 220 4. Key Management Algorithms 222 CMP accommodates the following general key management techniques: key 223 agreement, key transport, and passwords. 225 CRMF [RFC4211] and CMP Updates [I-D.ietf-lamps-cmp-updates] 226 facilitate the use of CMS [RFC5652] EnvelopedData by deprecating the 227 use of EncryptedValue. 229 4.1. Key Agreement Algorithms 231 The key agreement algorithm is referred to as PROT_ENC_ALG in 232 RFC 4210 Appendix D and E [RFC4210] and in the Lightweight CMP 233 Profile [I-D.ietf-lamps-lightweight-cmp-profile]. 235 Key agreement algorithms are only used in CMP when using CMS 236 [RFC5652] EnvelopedData together with the key agreement key 237 management technique. When a key agreement algorithm is used, a key- 238 encryption algorithm (Section 4.3) is needed next to the content- 239 encryption algorithm (Section 5). 241 Key agreement algorithm identifiers are located in the EnvelopedData 242 RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields. 244 Key encryption algorithm identifiers are located in the EnvelopedData 245 RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm field. 247 Wrapped content-encryption keys are located in the EnvelopedData 248 RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys 249 encryptedKey field. 251 4.1.1. Diffie-Hellman 253 Diffie-Hellman key agreement is defined in RFC 2631 [RFC2631] and MAY 254 be used in the ephemeral-static or a static-static variant as 255 specified in RFC 3370 [RFC3370]. 257 The Diffie-Hellman algorithm identifiers are: 259 id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) 260 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } 261 id-alg-SSDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) 262 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 } 264 Further conventions to be considered are specified in RFC 3370 265 Section 4.1 [RFC3370]. 267 4.1.2. ECDH 269 Elliptic Curve Diffie-Hellman (ECDH) key agreement is defined in 270 RFC 5753 [RFC5753] and MAY be used on the ephemeral-static variant in 271 RFC 5753 [RFC5753], the 1-Pass ECMQV variant as specified in RFC 5753 272 [RFC5753] or the static-static variant as specified in RFC RFC 6278 273 [RFC6278]. 275 Algorithm Identifiers and further conventions to be considered are 276 specified in RFC RFC 5753 [RFC5753] and RFC 6278 [RFC6278]. 278 4.2. Key Transport Algorithms 280 The key transport algorithm is also referred to as PROT_ENC_ALG in 281 RFC 4210 Appendix D and E [RFC4210] and in the Lightweight CMP 282 Profile [I-D.ietf-lamps-lightweight-cmp-profile]. 284 Key transport algorithms are only used in CMP when using CMS 285 [RFC5652] EnvelopedData together with the key transport key 286 management technique. 288 Key transport algorithm identifiers are located in the EnvelopedData 289 RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field. 291 Key transport encrypted content-encryption keys are located in the 292 EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey 293 field. 295 4.2.1. RSA 297 The RSA key transport algorithm is the RSA encryption scheme defined 298 in RFC 8017 [RFC8017]. 300 The algorithm identifier for RSA (PKCS #1 v1.5) is: 302 rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) 303 us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } 305 The algorithm identifier for RSAES-OAEP is: 307 id-RSAES-OAEP OBJECT IDENTIFIER ::= { iso(1) member-body(2) 308 us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 7 } 310 Further conventions to be considered for PKCS #1 v1.5 are specified 311 in RFC 3370 Section 4.2.1 [RFC3370] and for RSAES-OAEP in RFC 3560 312 [RFC3560]. 314 4.3. Symmetric Key-Encryption Algorithms 316 The symmetric key-encryption algorithm is also referred to as 317 PROT_SYM_ALG in RFC 4210 Appendix D and E [RFC4210] and in the 318 Lightweight CMP Profile [I-D.ietf-lamps-lightweight-cmp-profile]. 320 As symmetric key-encryption key management technique is not used by 321 CMP, the symmetric key-encryption algorithm is only needed when using 322 the key agreement or password-based key management technique with CMS 323 [RFC5652] EnvelopedData. 325 Key-encryption algorithm identifiers are located in the EnvelopedData 326 RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and 327 EnvelopedData RecipientInfos PassworRecipientInfo 328 keyEncryptionAlgorithm fields. 330 Wrapped content-encryption keys are located in the EnvelopedData 331 RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys 332 encryptedKey and EnvelopedData RecipientInfos PassworRecipientInfo 333 encryptedKey fields. 335 4.3.1. AES Key Wrap with Padding 337 The AES key encryption algorithm is defined in RFC 3394 [RFC3394] and 338 the respective padding is defined in RFC 5649 [RFC5649]. 340 AES key encryption has the algorithm identifier: 342 id-aes256-wrap-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) 343 country(16) us(840) organization(1) gov(101) csor(3) 344 nistAlgorithm(4) aes(1) 48 } 346 Further conventions to be considered for AES key wrap with padding 347 are specified in RFC 5649 Section 4 [RFC5649]. 349 4.4. Key Derivation Algorithms 351 Key derivation algorithms are only used in CMP when using CMS 352 [RFC5652] EnvelopedData together with password-based key management 353 technique. 355 Key derivation algorithm identifiers are located in the EnvelopedData 356 RecipientInfos PassworRecipientInfo keyDerivationAlgorithm field. 358 4.4.1. Password-based Key Derivation Function 2 360 The password-based key derivation function 2 (PBKDF2) is defined in 361 RFC 8018 [RFC8018]. 363 Password-based key derivation function 2 has the algorithm 364 identifier: 366 id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 367 rsadsi(113549) pkcs(1) pkcs-5(5) 12 } 369 Further conventions to be considered for PBKDF2 are specified in 370 RFC 3370 Section 4.4.1 [RFC3370] and RFC 8018 Section 5.2 [RFC8018]. 372 5. Content Encryption Algorithms 374 The content encryption algorithm is also referred to as PROT_SYM_ALG 375 in RFC 4210 Appendix D and E [RFC4210] and in the Lightweight CMP 376 Profile [I-D.ietf-lamps-lightweight-cmp-profile]. 378 Content encryption algorithms are only used in CMP when using CMS 379 [RFC5652] EnvelopedData to transport a signed private key package in 380 case of central key generation or key archiving, a certificate to 381 facilitate implicit prove-of-possession, or a revocation passphrase 382 in encrypted form. 384 Content encryption algorithm identifiers are located in the 385 EnvelopedData EncryptedContentInfo contentEncryptionAlgorithmrithm 386 field. 388 Encrypted content is located in the EnvelopedData 389 EncryptedContentInfo encryptedContent field. 391 5.1. AES 393 Since the using CMP, the content encrypted is a cryptographic key and 394 its attributes, a certificate or a password, the same algorithms as 395 specified in Section 4.3.1 are used for content encryption. 397 6. Message Authentication Code Algorithms 399 The message authentication code algorithm is also referred to as 400 MSG_MAC_ALG in RFC 4210 Appendix D and E [RFC4210] and in the 401 Lightweight CMP Profile [I-D.ietf-lamps-lightweight-cmp-profile]. 403 Message authentication code algorithm identifiers are located in the 404 mac field of PBMParameter and DHBMParameter, the PBKDF2-params prf 405 field. 407 Message authentication code values are located in the EnvelopedData 408 EncryptedContentInfo encryptedContent field. 410 6.1. Password-based MAC 412 The password-based MAC is defined in RFC 4210 [RFC4210]. 414 The algorithm identifiers for password-based MAC is: 416 id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) 417 us(840) nt(113533) nsn(7) algorithms(66) 13 } 419 Further conventions to be considered for password-based MAC are 420 specified in RFC 4210 Section 5.1.3.1 [RFC4210]. 422 6.2. Diffie-Hellman-based MAC 424 The Diffie-Hellman-based MAC is defined in RFC 4210 [RFC4210]. 426 The algorithm identifiers for Diffie-Hellman-based MAC is: 428 id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) 429 us(840) nt(113533) nsn(7) algorithms(66) 30 } 431 Further conventions to be considered for Diffie-Hellman-based MAC are 432 specified in RFC 4210 Section 5.1.3.2 [RFC4210]. 434 6.3. HMAC SHA2 436 The HMAC is defined in RFC 2104 [RFC2104]. 438 The algorithm identifiers for HMAC with SHA2 as specified in RFC 4231 439 [RFC4231] are: 441 id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 442 us(840) rsadsi(113549) digestAlgorithm(2) 8 } 443 id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 444 us(840) rsadsi(113549) digestAlgorithm(2) 9 } 445 id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 446 us(840) rsadsi(113549) digestAlgorithm(2) 10 } 447 id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 448 us(840) rsadsi(113549) digestAlgorithm(2) 11 } 450 Further conventions to be considered for HMAC with SHA2 are specified 451 in RFC 4231 Section 3.1 [RFC4231]. 453 7. IANA Considerations 455 TBD 457 8. Security Considerations 459 TBD 461 9. Acknowledgements 463 TBD 465 10. References 467 10.1. Normative References 469 [FIPS180-4] 470 NIST, "FIPS Pub 180-4: Secure Hash Standard (SHA)", August 471 2015 , . 474 [FIPS186-5] 475 NIST, "FIPS Pub 186-5: Digital Signature Standard (DSS)", 476 October 2019, . 479 [I-D.ietf-lamps-cmp-updates] 480 Brockhaus, H., "CMP Updates", draft-ietf-lamps-cmp- 481 updates-05 (work in progress), September 2020. 483 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 484 Hashing for Message Authentication", RFC 2104, 485 DOI 10.17487/RFC2104, February 1997, 486 . 488 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 489 Requirement Levels", BCP 14, RFC 2119, 490 DOI 10.17487/RFC2119, March 1997, 491 . 493 [RFC2631] Rescorla, E., "Diffie-Hellman Key Agreement Method", 494 RFC 2631, DOI 10.17487/RFC2631, June 1999, 495 . 497 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 498 Algorithms", RFC 3370, DOI 10.17487/RFC3370, August 2002, 499 . 501 [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard 502 (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, 503 September 2002, . 505 [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport 506 Algorithm in Cryptographic Message Syntax (CMS)", 507 RFC 3560, DOI 10.17487/RFC3560, July 2003, 508 . 510 [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional 511 Algorithms and Identifiers for RSA Cryptography for use in 512 the Internet X.509 Public Key Infrastructure Certificate 513 and Certificate Revocation List (CRL) Profile", RFC 4055, 514 DOI 10.17487/RFC4055, June 2005, 515 . 517 [RFC4056] Schaad, J., "Use of the RSASSA-PSS Signature Algorithm in 518 Cryptographic Message Syntax (CMS)", RFC 4056, 519 DOI 10.17487/RFC4056, June 2005, 520 . 522 [RFC4210] Adams, C., Farrell, S., Kause, T., and T. Mononen, 523 "Internet X.509 Public Key Infrastructure Certificate 524 Management Protocol (CMP)", RFC 4210, 525 DOI 10.17487/RFC4210, September 2005, 526 . 528 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 529 Certificate Request Message Format (CRMF)", RFC 4211, 530 DOI 10.17487/RFC4211, September 2005, 531 . 533 [RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA- 534 224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", 535 RFC 4231, DOI 10.17487/RFC4231, December 2005, 536 . 538 [RFC5649] Housley, R. and M. Dworkin, "Advanced Encryption Standard 539 (AES) Key Wrap with Padding Algorithm", RFC 5649, 540 DOI 10.17487/RFC5649, September 2009, 541 . 543 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 544 RFC 5652, DOI 10.17487/RFC5652, September 2009, 545 . 547 [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve 548 Cryptography (ECC) Algorithms in Cryptographic Message 549 Syntax (CMS)", RFC 5753, DOI 10.17487/RFC5753, January 550 2010, . 552 [RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic 553 Message Syntax", RFC 5754, DOI 10.17487/RFC5754, January 554 2010, . 556 [RFC6278] Herzog, J. and R. Khazan, "Use of Static-Static Elliptic 557 Curve Diffie-Hellman Key Agreement in Cryptographic 558 Message Syntax", RFC 6278, DOI 10.17487/RFC6278, June 559 2011, . 561 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, 562 "PKCS #1: RSA Cryptography Specifications Version 2.2", 563 RFC 8017, DOI 10.17487/RFC8017, November 2016, 564 . 566 [RFC8018] Moriarty, K., Ed., Kaliski, B., and A. Rusch, "PKCS #5: 567 Password-Based Cryptography Specification Version 2.1", 568 RFC 8018, DOI 10.17487/RFC8018, January 2017, 569 . 571 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 572 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 573 May 2017, . 575 10.2. Informative References 577 [I-D.ietf-lamps-lightweight-cmp-profile] 578 Brockhaus, H., Fries, S., and D. Oheimb, "Lightweight CMP 579 Profile", draft-ietf-lamps-lightweight-cmp-profile-03 580 (work in progress), October 2020. 582 Appendix A. History of changes 584 Note: This appendix will be deleted in the final version of the 585 document. 587 Author's Address 589 Hendrik Brockhaus 590 Siemens AG 592 Email: hendrik.brockhaus@siemens.com