idnits 2.17.1 draft-moriarty-acme-client-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (November 17, 2019) is 1594 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'NIST800-63r3' is mentioned on line 605, but not defined == Missing Reference: 'NIST800-63A' is mentioned on line 590, but not defined == Missing Reference: 'NIST800-63C' is mentioned on line 600, but not defined == Missing Reference: 'RFC6844' is mentioned on line 262, but not defined ** Obsolete undefined reference: RFC 6844 (Obsoleted by RFC 8659) == Missing Reference: 'NIST800-63B' is mentioned on line 595, but not defined == Unused Reference: 'RFC2119' is defined on line 553, but no explicit reference was found in the text == Unused Reference: 'RFC7030' is defined on line 568, but no explicit reference was found in the text == Unused Reference: 'RFC8174' is defined on line 573, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-acme-ip' is defined on line 584, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4226 ** Downref: Normative reference to an Informational RFC: RFC 6238 Summary: 3 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IETF K. Moriarty 3 Internet-Draft Dell Technologies 4 Intended status: Standards Track November 17, 2019 5 Expires: May 20, 2020 7 ACME End User Client and Code Signing Certificates 8 draft-moriarty-acme-client-04 10 Abstract 12 Automated Certificate Management Environment (ACME) core protocol 13 addresses the use case of web server certificates for TLS. This 14 document extends the ACME protocol to support end user client, device 15 client, and code signing certificates. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on May 20, 2020. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. Identity Proofing for Client Certificates . . . . . . . . . . 2 53 3. End User Client Certificates . . . . . . . . . . . . . . . . 3 54 4. CodeSigning Certificates . . . . . . . . . . . . . . . . . . 5 55 5. Pre-authorization . . . . . . . . . . . . . . . . . . . . . . 8 56 6. Challenge Types . . . . . . . . . . . . . . . . . . . . . . . 8 57 6.1. One Time Password (OTP) . . . . . . . . . . . . . . . . . 8 58 6.1.1. HMAC-Based One-Time Password (HOTP) . . . . . . . . . 9 59 6.1.2. Time-Based One-Time Password (TOTP) . . . . . . . . . 9 60 6.1.3. Generic One Time Password (OTP) . . . . . . . . . . . 10 61 6.2. Public Key Cryptography . . . . . . . . . . . . . . . . . 10 62 6.3. WebAuthn or Public/Private Key Pairs . . . . . . . . . . 11 63 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 64 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 65 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 12 66 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 10.1. Normative References . . . . . . . . . . . . . . . . . . 12 68 10.2. Informative References . . . . . . . . . . . . . . . . . 13 69 10.3. URL References . . . . . . . . . . . . . . . . . . . . . 13 70 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 14 71 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 14 72 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14 74 1. Introduction 76 ACME [RFC8555] is a mechanism for automating certificate management 77 on the Internet. It enables administrative entities to prove 78 effective control over resources like domain names, and automates the 79 process of generating and issuing certificates. 81 The core ACME protocol defined challenge types specific to web server 82 certificates with the possibility to create extensions, or additional 83 challenge types for other use cases and certificate types. Client 84 certificates, such as end user and code signing may also benefit from 85 automated management to ease the deployment and maintenance of these 86 certificate types, thus the definition of this extension defining 87 challenge types specific to that usage. 89 2. Identity Proofing for Client Certificates 91 As with the TLS certificates defined in the core ACME document , identity proofing for ACME issued end user 93 client, device client, and code signing certificates is a separate 94 process outside of the automation of ACME. Identity proofing may be 95 an out-of-band process, if needed, and for this draft is likely tied 96 to the credentials used for the defined challenge types. 98 Identity proofing for these certificate types present some challenges 99 for process automation. NIST SP 800-63 r3 [NIST800-63r3] serves as 100 guidance for identity proofing further detailed in NIST SP 800-63A 101 [NIST800-63A] that may occur prior to the ability to automate 102 certificate management via ACME or may obviate the need for it 103 weighing end user privacy as a higher concern and allowing for 104 credential issuance to be decoupled from identity proofing (IAL1). 105 Using this guidance, a CA might select from the identity proofing 106 levels to assert claims on the issued certificates as described in 107 NIST SP 800-63 r3 [NIST800-63r3]. 109 The certificate issuing CA may make this choice by certificate type 110 issued. Once identity proofing has been performed, in cases where 111 this is part of the process, and certificates have been issued, NIST 112 SP 800-63 r3 [NIST800-63r3] includes recommendations for 113 authentication or in the context of ACME, management of issuance for 114 subsequent client, device, or code-signing certificates: 116 If federations and assertions are used for authorizing certificate 117 issuance, NIST SP 800-63 C [NIST800-63C] may be referenced for 118 guidance on levels of assurance. 120 Existing PKI certification authorities (CAs) tend to use a set of ad 121 hoc protocols for certificate issuance and identity verification. 122 For each certificate usage type, a basic process will be described to 123 obtain an initial certificate and for the certificate renewal 124 process. If higher assurance levels are desired, the guidance from 125 NIST SP 800-63 r3 [NIST800-63r3] may be useful and out-of-band 126 identity proofing options are possible options for pre-authorization 127 challenges or notifications. 129 3. End User Client Certificates 131 A client certificate used to authenticate an end user may be used for 132 mutual authentication in TLS, EAP-TLS, or messaging. The client 133 certificate in this case may be stored in a browser, PKCS-#11 134 container, KMIP (possible, but just code signing and device client 135 certificates in practice), or another key container. To obtain an 136 end user client certificate, there are several possibilities to 137 automate authentication of an identity credential intended to be tied 138 to an end user. 140 [We need to determine if it is important in ACME to define an 141 automated method that tests the identity or the user or to just have 142 consistent credentials for the authentication challenges. The 143 credentials may be distributed through an out-of-band method that 144 involves identity proofing.] 146 [Several authentication options with identity proofing are 147 intentionally provided for review and discussion by the ACME working 148 group.] 150 A trusted federated service that ties the user to an email address 151 with a reputation of the user attached to the email may be possible. 152 One such example might be the use of a JWT signed OAuth token. 154 Risk based authentication used for identity proofing with red herring 155 questions is a third option that could utilize public information on 156 individuals to authenticate. This would be similar to the signup 157 process used in some financial applications. 159 Existing credentials - for instance, FIDO. FIDO uses a public key 160 pair and does not perform identity proofing. FIDO authentication 161 provides a different key pair to each service using FIDO for 162 authentication, which are generated at the client and registered by 163 the server. This may require using the FIDO credentials from a 164 specific service for authentication to gain ACME issued crededentials 165 (not advised based on how FIDO credentials are supposed to be used). 166 Are there instances where the same provider would issue both sets of 167 credentials? You wouldn't want to expose your FIDO credentials to a 168 different party, that's why each service has their own. Would you 169 set up a mechanism to get FIDO credentials to then obtain a 170 certificate? (What use cases would this be necessary? When do you 171 need a certificate where you already have a specific public/private 172 key pair?) This can be defined as an auth type, but should it be? 174 One-time password (OTP) authentication is a secure option. In cases 175 where a higher assurance level is needed, OTP may be a good choice 176 and many options exist today for OTP that could use an app on a phone 177 for instance tied to an existing (or newly established) password. 178 The OTP may be tied to an out-of-band process and may be associated 179 with a username/password and other accounts. 181 One consideration is to understand if the use case could just use 182 FIDO and not create anything new (ACME client certificates). FIDO 183 provides a mechanism to have unique public key pair based access for 184 client authentication to web sites and they are working on non-web. 185 Identity proofing is intentionally decoupled from authentication in 186 this model as that is in line with NIST 800-63r3 recommendations for 187 privacy protections of the user. The credential in this case is 188 authenticated and would be consistent for it's use, but the identity 189 proofing for that credential is not performed. Obviously, identity 190 proofing is more important for some services, like financial 191 applications where tying the user to the identity for access to 192 financial information is important. However, is automated identity 193 proofing important for any user certificate or should it remain 194 decoupled where it could be automated by a service offering or is 195 there a need for a standardized mechanism to support it for user 196 certificates? 198 Three methods for ACME client authentication, not identity proofing, 199 are proposed in the Challenge Type Section. 201 4. CodeSigning Certificates 203 The process to retrieve a code signing certificate is similar to that 204 of a web server certificate, with differences primarily in the CSR 205 request and the resulting certificate properties. [The storage and 206 access of a code signing certificate must be protected and is 207 typically done through hardware, a hardware security module (HSM), 208 which likely has a PKCS#11 interface. A code signing certificate may 209 either be a standard one or an extended validation (EV) certificate.] 211 For automation purposes, the process described in this document will 212 follow the standard process and any out-of-band preprocessing can 213 increase the level of the issued certificate if the CA offers such 214 options and has additional identity proofing mechanisms (in band or 215 out-of-band). 217 Strict vetting processes are necessary for many code signing 218 certificates to provide a high assurance on the signer. In some 219 cases, issuance of a standard CodeSigning certificate will be 220 appropriate and no additional "challenges" [RFC8555 Section 8] will 221 be necessary. In this case, the standard option could be automated 222 very similar to Web server certificates with the only changes being 223 in the CSR properties. However, this may not apply to all scenarios, 224 such as those requiring EV certificates with the possibility for 225 required out-of-band initial authentication and identity proofing. 227 EV code signing certificates have a distinct set of requirements from 228 EV web certificates. In particular, they don't have associated 229 domain names, nor is CAA checking done. The code signing certificate 230 links a public key to an organization, not a domain. CAs may chose 231 different methods to enable the use of ACME for EV code signing 232 certificates. The intent of this work is to provide additional 233 authentication challenge types that may enable their automation 234 process. 236 Organization validation is required for standard code signing 237 certificates from most issuers. The CSR is used to identify the 238 organization from the included domain name in the request. The 239 resulting certificate, however, instead contains the organization's 240 name and for EV certificates, other identifying information for the 241 organization. For EV certificates, this could require that the 242 domain is registered with the Certificate Authority provider, listed 243 in CAA [RFC6844], and administrators for the account are named with 244 provided portal access for certificate issuance and management 245 options. 247 While ACME allows for the client to directly establish an account 248 with a CA, an initial out-of-band process for this step may assist 249 with the additional requirements for EV certificates and assurance 250 levels typically required for code signing certificates. For 251 standard certificates, with a recommendation for additional vetting 252 through extended challenge options to enable ACME to establish the 253 account directly. In cases where code signing certificates are used 254 heavily for an organization, having the portal access replaced with 255 ACME authenticated client access with extra challenges for 256 authentication may be an option to automate the functionality. 258 [For standard certificates, is it worth defining SMS and email for 259 the challenge? Obviously, EV needs more, so a few choices are 260 suggested in this revision.] 262 To improve the vetting process, ACME's optional use of CAA [RFC6844] 263 with the Directory "meta" data "caaIdentities" ([RFC8555] 264 Section 9.7.6) assists with the validation that a CA may have issue 265 certificates for any particular domain and is RECOMMENDED for use 266 with code signing certificates for this additional level of 267 validation checking on issued certificates. 269 CAA helps as anyone verifying a certificate used for code signing can 270 verify that the CA used has been authorized to issue certificates for 271 that organization. CSR requests for code signing certificates 272 typically contain a Common Name (CN) using a domain name that is 273 replaced with the organization name to have the expected details 274 displayed in the resulting certificate. Since this work flow already 275 occurs, there is a path to automation and validation via an existing 276 ACME type, "dns". 278 As noted in RFC8555, "the external account binding feature (see 279 Section 7.3.4) can allow an ACME account to use authorizations that 280 have been granted to an external, non-ACME account. This allows ACME 281 to address issuance scenarios that cannot yet be fully automated, 282 such as the issuance of "Extended Validation" certificates." 284 The ACME challenge object, [RFC8555] Section 7.1.5 is RECOMMENDED for 285 use for Pre-authorization ([RFC8555] Section 7.4.1). Additional 286 challenge types are added to provide higher levels of security for 287 this issuance verification step. The use of OTP, FIDO credentials 288 (public/private key pairs), or validation from a certificate issued 289 at account setup time are defined in Section 8. Pre-Authoriziation. 291 Questions for reviewers: 293 [Is there interest to set a specific or default challenge object for 294 CodeSigning Certificates? Or should this be left to individual CAs 295 to decide and differentiate? The current challenge types defined in 296 RFC8555 include HTTPS (provisioning HTTP resources) and DNS 297 (provisioning a TXT resource record). Use of DNS may be possible, 298 but the HTTP resource doesn't necessarily make sense. Since the 299 process to retrieve an EV CodeSigning certificate usually requires 300 proof of the organization and validation from one of 2 named 301 administrators, some other challenge type like public/private key 302 pairs or OTP may be needed as defined challenge types. An 303 organization may want to tie this contact to a role rather than a 304 person and that consideration should be made in the design as well as 305 implementation by organizations.] 307 ACME provides an option for notification of the operator via email or 308 SMS upon issuance/renewal of a certificate after the domain has been 309 validated as owned by the requestor. This option is RECOMMENDED due 310 to the security considerations of code signing certificates as a way 311 to limit or reduce the possibility of a third party gaining access to 312 a code signing certificate inappropriately. Development of 313 additional challenge types is included in this document to support 314 this for pre-authorization, which would better match the security 315 considerations for this certificate type. Additional types may be 316 added if agreed upon by the working group. 318 Since DNS is used to identify the organization in the request, the 319 identifier "type" ([RFC8555]Section 7.4) is set to dns, not requiring 320 any additions to the ACME protocol for this type of certificate. The 321 distinction lies in the CSR, where the values are set to request a 322 CodeSigning certificate for a client certificate. [Question: Is it 323 helpful to define an identifier for the administrator or for the 324 developer to distinguish the certificate type in ACME and not just 325 the CSR?] 327 KeyUsage (DigitalSignature) and ExtendedKeyUsage (CodeSigning) in the 328 CSR MUST be set to the correct values for the CA to see the request 329 is for a Code Signing certificate. The Enhanced Key Usage SHOULD be 330 set to show this is a client certificate., using OID 331 "1.3.6.1.5.5.7.3.2". The CN MUST be set to the expected registered 332 domain with the CA account. 334 An advantage of ACME is the ability to automate rollover to allow for 335 easy management of short expiry times on certificates. The lifetime 336 of CodeSigning certificates is typically a year or two, but 337 automation could allow for shorter expiry times becoming feasible. 338 However, lifetimes are less of an issue for code signing certificates 339 than other certificate types. however there is a legitmate case for 340 "one signature per certificate." Automation might be helpful in this 341 case if patches or software updates were frequent or to minimize the 342 knowledge needed for the organization using this method. 344 Automation of storage to an HSM, which typically requires 345 authentication is intentionally left out-of-scope. 347 5. Pre-authorization 349 Additional challenge types are defined here for the verification of 350 administrators at an organization requesting CodeSigning 351 certificates. SMS and email are listed as possible in RFC8555 and 352 may be used singularly or in combination as the ACME protocol allows 353 for multiple pre-authorization challenges to be issued. Additional 354 pre-authorization types are defined that provide a higher level of 355 assurance to authorize a request. 357 6. Challenge Types 359 The challenge types defined in the following subsections are to 360 authenticate individuals or holders of specific pre-issued 361 credentials (users acting in roles for an organization). The 362 challenge types can be used to obtain end user certificate types or 363 as a pre-authorization challenges with certificate types such as the 364 Code Signing Certificate. Please note that the pre-authorization 365 challenge is also coupled with the account certificate in ACME for 366 verification. The process for obtaining EV Code Signing Certificates 367 typically requires authorization from one or more individuals in a 368 role for the organization. The use of pre-issued secure credentials, 369 at an assurance level appropriate for the certificate type being 370 issued, provides a way to automate the issuance and renewal process. 372 6.1. One Time Password (OTP) 374 There are numerous one time password technologies with slight 375 variations between implementations. The response to the challenge is 376 entered in the provided URL, offering flexibility to those using this 377 challenge type to acomodate the specific requirements of their 378 solution. Looking at 2 OTP solutions, the challenge response is 379 provided via a tool or app without any user interaction of 380 information required from the server to generate the challenge. The 381 2 solutions that operate in this manner include SecureID and Duo 382 Security. If a challenge is required to generate the response to be 383 provided in the URL, the token can supply the challenge. 385 type (required, string): The string "otp-01". 387 token (required, string): A random value that uniquely identifies 388 the challenge. OTP types and input vary between technologies. 389 The token value will match the type expected for the pre-issued 390 OTP credential. The user will be able to supply a response in the 391 provided URL from this challenge. It MUST NOT contain any 392 characters outside the base64url alphabet and MUST NOT include 393 base64 padding characters ("="). 395 { 396 "type": "otp-01", 397 "url": "https://example.com/acme/chall/WrV_H87EyD3", 398 "status": "pending", 399 "token": "challenge" 400 } 402 6.1.1. HMAC-Based One-Time Password (HOTP) 404 HOTP([RFC4226]) describes an algorithm for the generation of time- 405 based password values. 407 type (required, string): The string "hotp-01". 409 token (required, string): The HOTP value. This SHOULD be the 6 410 digit representation. 412 { 413 "type": "hotp-01", 414 "url": "https://example.com/acme/chall/WrV_H87EyD3", 415 "status": "pending", 416 "token": "123456" 417 } 419 6.1.2. Time-Based One-Time Password (TOTP) 421 TOTP([RFC6238]) describes an algorithm for the generation of time- 422 based password values, an extension from HOTP. 424 type (required, string): The string "totp-01". 426 token (required, string): The TOTP value. This SHOULD be the 6 427 digit representation. 429 { 430 "type": "totp-01", 431 "url": "https://example.com/acme/chall/WrV_H87EyD3", 432 "status": "pending", 433 "token": "123456" 434 } 436 6.1.3. Generic One Time Password (OTP) 438 There are numerous other one time password technologies with slight 439 variations between implementations. The response to the challenge is 440 entered in the provided URL, offering flexibility to those using this 441 challenge type to acomodate the specific requirements of their 442 solution. Looking at 2 OTP solutions, the challenge response is 443 provided via a tool or app without any user interaction of 444 information required from the server to generate the challenge. The 445 2 solutions that operate in this manner include SecureID and Duo 446 Security. If a challenge is required to generate the response to be 447 provided in the URL, the token can supply the challenge. 449 type (required, string): The string "otp-01". 451 token (required, string): A random value that uniquely identifies 452 the challenge. OTP types and input vary between technologies. 453 The token value will match the type expected for the pre-issued 454 OTP credential. The user will be able to supply a response in the 455 provided URL from this challenge. It MUST NOT contain any 456 characters outside the base64url alphabet and MUST NOT include 457 base64 padding characters ("="). 459 { 460 "type": "otp-01", 461 "url": "https://example.com/acme/chall/WrV_H87EyD3", 462 "status": "pending", 463 "token": "challenge" 464 } 466 6.2. Public Key Cryptography 468 Certificates may be pre-issued and stored according to assurance 469 level requirements for the purpose of identifying a user's identity. 470 If a higher assurance level is needed for a user serving in a 471 specific role or for that individual, it is possible for identity 472 proofing to occur in person using identifiers acceptable for the 473 specified process and the private key stored appropriately for the 474 required assurance level. PKCS#11 software or hardware tokens are 475 both possible options. This model assumes that there may be multiple 476 authorized users with different certificates that can be used for the 477 authorization or pre-authentication challenge. As such, the user 478 first provides the digital signature, so the account management can 479 determine if one of the acceptable certificates was used to digitally 480 sign the token. 482 type (required, string): The string "cert-01". 484 token (required, string): A random value that uniquely identifies 485 the challenge. The token for a certificate authentication 486 challenge includes a value for the recipeint to digitally sign 487 using their private key and post to the provided URL. The ACME 488 server then uses the digitally signed content to verify that the 489 challenge was signed using authorized credentials (certificate 490 issued and authorized for this challenge type). It MUST NOT 491 contain any characters outside the base64url alphabet and MUST NOT 492 include base64 padding characters ("="). 494 { 495 "type": "cert-01", 496 "url": "https://example.com/acme/chall/WrV_H87EyD3", 497 "status": "pending", 498 "token": "Some challenge to digitally sign" 499 } 501 6.3. WebAuthn or Public/Private Key Pairs 503 W3C's WebAuthn uses raw public/private key pairs that are issued 504 specific to a service. If WebAuthn or public/private key pairs 505 (PPKP) are selected as the challenge type, the account and credential 506 issuance will have to occur prior to use of this challenge type. The 507 WebAuthn or public/private key pair credentials would be specific to 508 the certificate management account and would be created by the 509 client, then registered with the service as occurs with normal 510 WebAuthn regisration of credentials. As with normal WebAuthn and 511 public/private key pairs, the token or challenge is digitally signed 512 to prove possession of the private key. 514 type (required, string): The string "ppkp-01". 516 token (required, string): A random value that uniquely identifies 517 the challenge. This challenge will operate much in the same way 518 as the certificate challenge as the operations are largely the 519 same. The user will be able to supply a response in the provided 520 URL from this challenge. It MUST NOT contain any characters 521 outside the base64url alphabet and MUST NOT include base64 padding 522 characters ("="). 524 { 525 "type": "ppkp-01", 526 "url": "https://example.com/acme/chall/WrV_H87EyD3", 527 "status": "pending", 528 "token": "Some challenge to sign" 529 } 531 7. Security Considerations 533 This will likely be full of considerations and is TBD for this 534 revision until challenge types are settled. 536 8. IANA Considerations 538 This memo includes no request to IANA, yet. 540 9. Contributors 542 Thank you to reviewers and contributors who helped to improve this 543 document. Thank you to Thomas Peterson who added the one-time 544 password types, HOTP and TOTP. Thank you to Tim Hollebeek for your 545 early review and added text specific to EV certificate issuance and 546 one time use code signing certificates. Thank you to Andrei Popov 547 and Deb Cooley for your reviews and suggestions made in -04. 549 10. References 551 10.1. Normative References 553 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 554 Requirement Levels", BCP 14, RFC 2119, 555 DOI 10.17487/RFC2119, March 1997, 556 . 558 [RFC4226] M'Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., and 559 O. Ranen, "HOTP: An HMAC-Based One-Time Password 560 Algorithm", RFC 4226, DOI 10.17487/RFC4226, December 2005, 561 . 563 [RFC6238] M'Raihi, D., Machani, S., Pei, M., and J. Rydell, "TOTP: 564 Time-Based One-Time Password Algorithm", RFC 6238, 565 DOI 10.17487/RFC6238, May 2011, 566 . 568 [RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed., 569 "Enrollment over Secure Transport", RFC 7030, 570 DOI 10.17487/RFC7030, October 2013, 571 . 573 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 574 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 575 May 2017, . 577 [RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J. 578 Kasten, "Automatic Certificate Management Environment 579 (ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019, 580 . 582 10.2. Informative References 584 [I-D.ietf-acme-ip] 585 Shoemaker, R., "ACME IP Identifier Validation Extension", 586 draft-ietf-acme-ip-08 (work in progress), October 2019. 588 10.3. URL References 590 [NIST800-63A] 591 US National Institute of Standards and Technology, 592 "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ 593 NIST.SP.800-63a.pdf". 595 [NIST800-63B] 596 US National Institute of Standards and Technology, 597 "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ 598 NIST.SP.800-63b.pdf". 600 [NIST800-63C] 601 US National Institute of Standards and Technology, 602 "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ 603 NIST.SP.800-63c.pdf". 605 [NIST800-63r3] 606 US National Institute of Standards and Technology, 607 "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/ 608 NIST.SP.800-63-3.pdf". 610 Appendix A. Change Log 612 Note to RFC Editor: if this document does not obsolete an existing 613 RFC, please remove this appendix before publication as an RFC. 615 02 draft added subsections contributed from Thomas Peterson on HOTP 616 and TOTP. 618 Appendix B. Open Issues 620 Note to RFC Editor: please remove this appendix before publication as 621 an RFC. 623 Author's Address 625 Kathleen M. Moriarty 626 Dell Technologies 627 176 South Street 628 Hopkinton 629 US 631 EMail: Kathleen.Moriarty@dell.com