idnits 2.17.1 draft-turner-vcard-smimecaps-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 12, 2013) is 3971 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFCTBD1' is mentioned on line 378, but not defined ** Obsolete normative reference: RFC 5751 (Obsoleted by RFC 8551) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETWORK WG Sean Turner 3 Internet Draft IECA 4 Intended Status: Informational A. Melnikov 5 Expires: December 14, 2013 ISODE Ltd 6 Carl Wallace 7 Red Hound Software 8 June 12, 2013 10 vCard S/MIME Capabilities Property 11 draft-turner-vcard-smimecaps-00.txt 13 Abstract 15 This document defines a vCard S/MIME Capabilities property and it 16 defines or references values for many algorithms. The SMIME 17 Capability values can also be included in S/MIME messages as a signed 18 attribute and in public key certificates as an extension. The S/MIME 19 Capabilities property is a complement to key property, which together 20 enable usage of S/MIME without an initial exchange of email messages. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 1. Introduction 54 This document defines or references values for the vCard S/MIME 55 Capabilities property. The syntax for the property is defined in 56 [RFC5751], but the values for each capability instance are defined in 57 separate RFCs and in some cases not at all. Capability values can 58 also be included in S/MIME messages as an attribute and in public key 59 certificates as an extension [RFC4262]. 61 The majority of the values in this document are defined in other 62 RFCs, and this document references those RFCs before the SMIME 63 Capability. Values are encoded using the Distinguished Encoding Rule 64 (DER) [X.690] and are a sequence of algorithm object identifier plus 65 any parameters. The values provided in this document are values for 66 single SMIMECapability instance, which contain one algorithm- 67 parameter pair. These values may be concatenated and preceded by a 68 tag and length value to produce a SMIMECapabilities value. The 69 syntax for the attribute is as follows and is repeated here from 70 [RFC5751] for convenience: 72 SMIMECapabilities ::= SEQUENCE OF SMIMECapability 74 SMIMECapability ::= SEQUENCE { 75 capabilityID OBJECT IDENTIFIER, 76 parameters ANY DEFINED BY capabilityID OPTIONAL } 78 As specified in [RFC5751]: "the object identifiers (OIDs) are listed 79 in order of their preference, but SHOULD be separated logically along 80 the lines of their categories (signature algorithms, symmetric 81 algorithms, key encipherment algorithms, etc.)" As the "structure of 82 the SMIMECapabilities attribute is [designed] to facilitate simple 83 table lookups and binary comparisons in order to determine matches", 84 the values are given in encoded format. 86 In the following sections, the DER [X.690] values for the 87 capabilities are preceded by the algorithm's name, and, if they were 88 previously defined a reference for the document in which they are 89 defined. 91 1.1. Requirements Terminology 93 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 94 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 95 document are to be interpreted as described in [RFC2119]. 97 2. Message Digest Algorithms 99 [RFC3370] and [RFC5754] define the following message digest 100 algorithms for use with CMS: 102 MD5: 300a 0608 2a86 4886 f70d 0205 104 NOTE: Though [RFC3370] allows NULL parameters for SHA-1, SHA-224, 105 SHA-256, SHA-384, SHA-512, parameters MUST NOT be included in 106 SMIMECapability values as per [RFC5751] because there is no 107 differentiating by parameters for SHA-1 (e.g., output length). 109 SHA-1: 3007 0605 290e 0302 1a 111 [RFC5754] SHA-224: 300b 0609 6086 4801 6503 0402 04 113 [RFC5754] SHA-256: 300b 0609 6086 4801 6503 0402 01 115 [RFC5754] SHA-384: 300b 0609 6086 4801 6503 0402 02 117 [RFC5754] SHA-512: 300b 0609 6086 4801 6503 0402 03 119 3. Digital Signature Algorithms 121 [RFC3370], [RFC4056], [RFC5754], and [RFC5753] define the following 122 digital signature algorithms for use with CMS: 124 RSA Encryption: 3009 0608 2a86 4886 f70d 0101 01 126 RSA With MD5: 3009 0608 2a86 4886 f70d 0101 04 128 RSA With SHA-1: 3009 0608 2a86 4886 f70d 0101 05 130 RSA With SHA-224: 3009 0608 2a86 4886 f70d 0101 0e 132 RSA With SHA-256: 3009 0608 2a86 4886 f70d 0101 0b 134 RSA With SHA-384: 3009 0608 2a86 4886 f70d 0101 0c 136 RSA With SHA-512: 3009 0608 2a86 4886 f70d 0101 0d 138 NOTE: [RFC4055] includes NULL parameters with SHA-1. 140 RSASSA-PSS Deaults: 300D 0609 2a86 4886 f70d 0101 0a30 00 142 DSA With SHA-1: 3009 0607 2a86 48ce 3804 03 144 [RFC5754] DSA With SHA-224: 300b 0609 6086 4801 6503 0403 01 146 [RFC5754] DSA With SHA-256: 300b 0609 6086 4801 6503 0403 02 148 NOTE: [RFC5753] shows the ECDSA with SHA-1 with NULL parameter 149 values, but the NULL parameters should not have been included 150 according to [RFC5751]. The NULL is retained for backwards 151 compatibility. 153 [RFC5753] ECDSA With SHA-1: 300b 0607 2a86 48ce 3d04 0105 00 155 [RFC5753] ECDSA With SHA-224: 300a 0608 2a86 48ce 3d04 0301 157 [RFC5753] ECDSA With SHA-256: 300a 0608 2a86 48ce 3d04 0302 159 [RFC5753] ECDSA With SHA-384: 300a 0608 2a86 48ce 3d04 0303 161 [RFC5753] ECDSA With SHA-512: 300a 0608 2a86 48ce 3d04 0304 163 4. Key Transport Algorithms 165 [RFC3370], [RFC3560], [RFC5990] define the following key transport 166 algorithms for use with CMS: 168 RSA Encryption: 300d 0608 2a86 4886 f70d 0101 01 170 [RFC3560] RSAES-OAEP Default: 300D 0609 2a86 4886 f70d 0101 0730 00 172 NOTE: [RFC3560] shows the RSAES-OAEP with SHA-224, SHA-256, 384, and 173 512 with NULL parameter values for the SHA algorithms, but the NULL 174 parameters should not have been included according to [RFCTBD1]. 176 [RFC3560] RSAES-OAEP SHA-224: 3038 0609 2a86 4886 f70d 0101 0730 2b30 177 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d 178 0101 0830 0d06 0960 8648 0165 0304 0204 0500 180 [RFC3560] RSAES-OAEP SHA-256: 3038 0609 2a86 4886 f70d 0101 0730 2b30 181 0d06 0960 8648 0165 0304 0201 0500 301a 0609 2a86 4886 f70d 182 0101 0830 0d06 0960 8648 0165 0304 0201 0500 184 [RFC3560] RSAES-OAEP SHA-384: 3038 0609 2a86 4886 f70d 0101 0730 2b30 185 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d 186 0101 0830 0d06 0960 8648 0165 0304 0202 0500 188 [RFC3560] RSAES-OAEP SHA-512: 3038 0609 2a86 4886 f70d 0101 0730 2b30 189 0d06 0960 8648 0165 0304 0202 0500 301a 0609 2a86 4886 f70d 190 0101 0830 0d06 0960 8648 0165 0304 0203 0500 192 [RFC5990] RSA-KEM KDF3 based on SHA-256, AES Key Wrap with a 128-bit 193 KEK: 3047 060b 2a86 4886 f70d 0109 1003 ??30 3830 2906 194 0728 818c 7102 0204 301e 3019 060a 2b81 0510 8648 092c 195 0102 300b 0609 6086 4801 6503 0402 0102 0110 300b 0609 196 6086 4801 6503 0401 05 198 [RFC5990] RSA-KEM KDF3 based on SHA-384, AES Key Wrap with a 192-bit 199 KEK: 3047 060b 2a86 4886 f70d 0109 1003 ??30 3830 2906 200 0728 818c 7102 0204 301e 3019 060a 2b81 0510 8648 092c 201 0102 300b 0609 6086 4801 6503 0402 0202 0118 300b 0609 202 6086 4801 6503 0401 19 204 [RFC5990] RSA-KEM KDF3 based on SHA-512, AES Key Wrap with a 256-bit 205 KEK: 3047 060b 2a86 4886 f70d 0109 1003 ??30 3830 2906 206 0728 818c 7102 0204 301e 3019 060a 2b81 0510 8648 092c 207 0102 300b 0609 6086 4801 6503 0402 0302 0120 300b 0609 208 6086 4801 6503 0401 2d 210 [RFC5990] RSA-KEM KDF2 based on SHA-1, Triple-DES Key Wrap with a 211 128-bit KEK (two-key triple-DES): 3045 060b 2a86 4886 212 f70d 0109 1003 ??30 3630 2506 0728 818c 7102 0204 301a 213 3015 060a 2b81 0510 8648 092c 0101 3007 0605 2b0e 0302 214 1a02 0110 300d 060b 2a86 4886 f70d 0109 1003 06 216 5. Key Agreement Algorithms 218 [RFC2876], [RFC3370], and [RFC5753] define the following key 219 agreement algorithms for use with CMS: 221 NOTE: The parameters for key agreement algorithms are the key wrap 222 algorithm (see Section 6). 224 [RFC2876] KEA: 3018 0609 6086 4801 6502 0101 1830 0b06 0960 8648 0165 225 0201 0117 227 KA=DH S-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0a30 228 0d06 0d2a 8648 86f7 0d01 0910 0306 230 KA=DH S-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 231 0a30 1106 0d2a 8648 86f7 0d01 0910 0306 0202 00a0 233 KA=DH S-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 234 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 78 236 KA=DH S-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 237 0a30 1006 0d2a 8648 86f7 0d01 0910 0306 0201 3a 239 KA=DH E-S Wrap=Triple-DES: 301c 060d 2a86 4886 f70d 0109 1003 0530 240 0d06 0d2a 8648 86f7 0d01 0910 0306 242 KA=DH E-S Wrap=RC2 Para=40-bit: 3020 060d 2a86 4886 f70d 0109 1003 243 0530 1106 0d2a 8648 86f7 0d01 0910 030a 0202 00a0 245 KA=DH E-S Wrap=RC2 Para=64-bit: 301f 060d 2a86 4886 f70d 0109 1003 246 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 78 248 KA=DH E-S Wrap=RC2 Para=128-bit: 301f 060d 2a86 4886 f70d 0109 1003 249 0530 1006 0d2a 8648 86f7 0d01 0910 030a 0201 3a 251 NOTE: [RFC5753] shows the ECDH with SHA-1|Triple-DES wrap 252 capabilities with NULL parameter values, but the NULL parameters 253 should not have been included according to [RFCTBD1]. The NULL is 254 retained for backwards compatibility. 256 [RFC5753] KA=ECDH standard KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 257 0510 8648 3f00 0230 0f06 0b2a 8648 86f7 0d01 0910 0306 0500 259 [RFC5753] KA=ECDH standard KDF=SHA-224 Wrap=Triple-DES: 3017 0606 260 2b81 0401 0b00 300e 060b 2a86 4886 f70d 0109 1003 06 262 [RFC5753] KA=ECDH standard KDF=SHA-256 Wrap=Triple-DES: 3017 0606 263 2b81 0401 0b01 300e 060b 2a86 4886 f70d 0109 1003 06 265 [RFC5753] KA=ECDH standard KDF=SHA-384 Wrap=Triple-DES: 3017 0606 266 2b81 0401 0b02 300e 060b 2a86 4886 f70d 0109 1003 06 268 [RFC5753] KA=ECDH standard KDF=SHA-512 Wrap=Triple-DES: 3017 0606 269 2b81 0401 0b03 300e 060b 2a86 4886 f70d 0109 1003 06 271 [RFC5753] KA=ECDH standard KDF=SHA-1 Wrap=AES-128: 3018 0609 2b81 272 0510 8648 3f00 0230 0b06 0960 8648 0165 0304 0105 274 [RFC5753] KA=ECDH standard KDF=SHA-224 Wrap=AES-128: 3015 0606 2b81 275 0401 0b00 300b 0609 6086 4801 6503 0401 05 277 [RFC5753] KA=ECDH standard KDF=SHA-256 Wrap=AES-128: 3015 0606 2b81 278 0401 0b01 300b 0609 6086 4801 6503 0401 05 280 [RFC5753] KA=ECDH standard KDF=SHA-384 Wrap=AES-128: 3015 0606 2b81 282 [RFC5753] KA=ECDH standard KDF=SHA-512 Wrap=AES-128: 3015 283 0606 2b81 0401 0b03 300b 0609 6086 4801 6503 0401 05 284 [RFC5753] KA=ECDH standard KDF=SHA-1 Wrap=AES-192: 3018 0609 2b81 285 0510 8648 3f00 0230 0b06 0960 8648 0165 0304 0119 287 [RFC5753] KA=ECDH standard KDF=SHA-224 Wrap=AES-192: 3015 0606 2b81 288 0401 0b00 300b 0609 6086 4801 6503 0401 19 290 [RFC5753] KA=ECDH standard KDF=SHA-256 Wrap=AES-192: 3015 0606 2b81 291 0401 0b01 300b 0609 6086 4801 6503 0401 19 293 [RFC5753] KA=ECDH standard KDF=SHA-384 Wrap=AES-192: 3015 0606 2b81 294 0401 0b02 300b 0609 6086 4801 6503 0401 19 296 [RFC5753] KA=ECDH standard KDF=SHA-512 Wrap=AES-192: 3015 0606 2b81 297 0401 0b03 300b 0609 6086 4801 6503 0401 19 299 [RFC5753] KA=ECDH standard KDF=SHA-1 Wrap=AES-256: 3018 0609 2b81 300 0510 8648 3f00 0230 0b06 0960 8648 0165 0304 012d 302 [RFC5753] KA=ECDH standard KDF=SHA-224 Wrap=AES-256: 3015 0606 2b81 303 0401 0B00 300b 0609 6086 4801 6503 0401 2d 305 [RFC5753] KA=ECDH standard KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 306 0401 0b01 300b 0609 6086 4801 6503 0401 2d 308 [RFC5753] KA=ECDH standard KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 309 0401 0b02 300b 0609 6086 4801 6503 0401 2d 311 [RFC5753] KA=ECDH standard KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 312 0401 0B03 300b 0609 6086 4801 6503 0401 2d 314 NOTE: [RFC5753] shows the ECMQV with SHA-1 and Triple-DES wrap 315 capabilities with NULL parameter values, but the NULL parameters 316 should not have been included according to [RFCTBD1]. The NULL is 317 retained for backwards compatibility. 319 [RFC5753] KA=ECDH cofactor KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 320 0510 8648 3f00 0330 0f06 0b2a 8648 86f7 0d01 0910 0306 0500 322 [RFC5753] KA=ECDH cofactor KDF=SHA-224 Wrap=Triple-DES: 3017 0606 323 2b81 0401 0e00 300d 060b 2a86 4886 f70d 0109 1003 06 325 [RFC5753] KA=ECDH cofactor KDF=SHA-256 Wrap=Triple-DES: 3017 0606 327 [RFC5753] KA=ECDH cofactor KDF=SHA-384 Wrap=Triple-DES: 3017 0606 328 2b81 0401 0e02 300d 060b 2a86 4886 f70d 0109 1003 06 330 [RFC5753] KA=ECDH cofactor KDF=SHA-512 Wrap=Triple-DES: 3017 0606 331 2b81 0401 0e03 300d 060b 2a86 4886 f70d 0109 1003 06 333 [RFC5753] KA=ECDH cofactor KDF=SHA-1 Wrap=AES-128: 3018 0609 2b81 334 0510 8648 3f00 0330 0b06 0960 8648 0165 0304 0105 336 [RFC5753] KA=ECDH cofactor KDF=SHA-224 Wrap=AES-128: 3015 0606 2b81 337 0401 0e00 300b 0609 6086 4801 6503 0401 05 339 [RFC5753] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-128: 3015 0606 2b81 340 0401 0e01 300b 0609 6086 4801 6503 0401 05 342 [RFC5753] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-128: 3015 0606 2b81 343 0401 0e02 300b 0609 6086 4801 6503 0401 05 345 [RFC5753] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-128: 3017 0606 2b81 346 0401 0e03 300b 0609 6086 4801 6503 0401 05 348 [RFC5753] KA=ECDH cofactor KDF=SHA-1 Wrap=AES-192: 30 18 06 09 2b 81 349 0510 8648 3f00 0330 0b06 0960 8648 0165 0304 0119 351 [RFC5753] KA=ECDH cofactor KDF=SHA-224 Wrap=AES-192: 3015 0606 2b81 352 0401 0e00 300b 0609 6086 4801 6503 0401 19 354 [RFC5753] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-192: 3015 0606 2b81 355 0401 0e01 300b 0609 6086 4801 6503 0401 19 357 [RFC5753] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-192: 3015 0606 2b81 358 0401 0e02 300b 0609 6086 4801 6503 0401 19 360 [RFC5753] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-192: 3015 0606 2b81 361 0401 0e03 300b 0609 6086 4801 6503 0401 19 363 [RFC5753] KA=ECDH cofactor KDF=SHA-1 Wrap=AES-256: 3015 0609 2b81 364 0510 8648 3f00 0330 0b06 0960 8648 0165 0304 012d 366 [RFC5753] KA=ECDH cofactor KDF=SHA-224 Wrap=AES-256: 3015 0606 2b81 367 0401 0e00 300b 0609 6086 4801 6503 0401 2d 369 [RFC5753] KA=ECDH cofactor KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 370 0401 0e01 300b 0609 6086 4801 6503 0401 2d 372 [RFC5753] KA=ECDH cofactor KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 373 [RFC5753] KA=ECDH cofactor KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 374 0401 0e03 300b 0609 6086 4801 6503 0401 2d 376 NOTE: [RFC5753] shows the ECMQV with SHA-1 and Triple-DES wrap 377 capabilities with NULL parameter values, but the NULL parameters 378 should not have been included according to [RFCTBD1]. The NULL is 379 retained for backwards compatibility. 381 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=Triple-DES: 301c 0609 2b81 382 0510 8648 3f00 1030 0f06 0b2a 8648 86f7 0d01 0910 0306 0500 384 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=Triple-DES: 3017 0606 2b81 385 0401 0f00 300d 060b 2a86 4886 f70d 0109 1003 06 387 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=Triple-DES: 3017 0606 2b81 388 0401 0f01 300d 060b 2a86 4886 f70d 0109 1003 06 390 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=Triple-DES: 3017 0606 2b81 391 0401 0f02 300d 060b 2a86 4886 f70d 0109 1003 06 393 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=Triple-DES: 3017 0606 2b81 394 0401 0f03 300d 060b 2a86 4886 f70d 0109 1003 06 396 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-128: 3018 0609 2b81 0510 397 8648 3f00 1030 0b06 0960 8648 0165 0304 0105 399 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-128: 3015 0606 2b81 400 0401 0f00 300b 0609 6086 4801 6503 0401 05 402 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=AES-128: 3015 0606 2b81 403 0401 0f01 300b 0609 6086 4801 6503 0401 05 405 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-128: 3015 0606 2b81 406 0401 0f02 300b 0609 6086 4801 6503 0401 05 408 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-128: 3015 0606 2b81 409 0401 0f03 300b 0609 6086 4801 6503 0401 05 411 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-192: 3018 0609 2b81 0510 412 8648 3f00 1030 0b06 0960 8648 0165 0304 0119 414 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-192: 3015 0606 2b81 415 0401 0f00 300b 0609 6086 4801 6503 0401 19 417 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=AES-192: 3015 0606 2b81 418 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-192: 3015 0606 2b81 419 0401 0f02 300b 0609 6086 4801 6503 0401 19 421 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-192: 3015 0606 2b81 422 0401 0f03 300b 0609 6086 4801 6503 0401 19 424 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-256: 3018 0609 2b81 0510 425 8648 3f00 1030 0b06 0960 8648 0165 0304 012d 427 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-256: 3015 0606 2b81 428 0401 0f00 300b 0609 6086 4801 6503 0401 2d 430 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-256 Wrap=AES-256: 3015 0606 2b81 431 0401 0f01 300b 0609 6086 4801 6503 0401 2d 433 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256: 3015 0606 2b81 434 0401 0f02 300b 0609 6086 4801 6503 0401 2d 436 [RFC5753] KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256: 3015 0606 2b81 437 0401 0f03 300b 0609 6086 4801 6503 0401 2d 439 6. Key Wrap Algorithms 441 [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC4010], 442 [RFC5649] define the following key wrap algorithms for use with CMS: 444 NOTE: In most instances, the key wrap algorithm is included in the 445 capabilities set as part of the key agreement algorithm. 447 [RFC2876] FORTEZZA Wrap 80: 300b 0609 6086 4801 6502 0101 17 449 [RFC3058] IDEA: 300D 060B 2B06 0104 0181 3C07 0101 02 451 3-DES Wrap: 300e 060b 2a86 4886 f70d 0109 1003 06 453 RC2 40-bit: 3011 060d 2a86 4886 f70d 0109 1003 0602 0200 a0 455 RC2 64-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 0178 456 RC2 128-bit: 3010 060d 2a86 4886 f70d 0109 1003 0602 013a 458 AES-128 Key Wrap: 300b 0609 6086 4801 6503 0401 05 460 AES-196 Key Wrap: 300b 0609 6086 4801 6503 0401 19 462 AES-128 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 08 464 AES-196 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 1c 466 AES-256 Key Wrap with Padding: 300b 0609 6086 4801 6503 0401 30 468 Camellia 128-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 02 470 Camellia 196-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 03 472 Camellia 256-Wrap: 300d 060b 2a83 088c 9a4b 3d01 0103 04 474 SEED Wrap: 300c 060a 2a83 1a8c 9a44 0701 0101 476 7. Content Encryption Algorithms 478 [RFC2876], [RFC3058], [RFC3370], [RFC3565], [RFC3657], [RFC5084], and 479 [RFC5649] define the following content encryption algorithms for use 480 with CMS: 482 RC2-CBC 40-bit: 300d 0608 2a86 4886 f70d 0302 0201 28 484 RC2-CBC 64-bit: 300d 0608 2a86 4886 f70d 0302 0201 40 486 RC2-CBC 128-bit: 300e 0608 2a86 4886 f70d 0302 0202 0080 488 3-DES-CBC: 300a 0608 2a86 4886 f70d 0307 490 NOTE: [RFC2876] incorrectly included 00 at the end of the 491 SMIMECapability. 493 [RFC2876] SKIPJACK: 300b 0609 6086 4801 6502 0101 04 495 [RFC3058] IDEA-CBC: 300d 060b 2b06 0104 0181 3c07 0101 02 497 [RFC3565] AES-CBC-128: 300b 0609 6086 4801 6503 0401 02 499 [RFC3565] AES-CBC-196: 300b 0609 6086 4801 6503 0401 16 501 [RFC3565] AES-CBC-256: 300b 0609 6086 4801 6503 0401 2a 502 AES-CCM-128: 300b 0609 6086 4801 6503 0401 07 504 AES-CCM-196: 300b 0609 6086 4801 6503 0401 1b 506 AES-CCM-256: 300b 0609 6086 4801 6503 0401 2f 508 AES-GCM-128: 300b 0609 6086 4801 6503 0401 06 510 AES-GCM-196: 300b 0609 6086 4801 6503 0401 1a 512 AES-GCM-256: 300b 0609 6086 4801 6503 0401 2e 514 AES-128 Key Wrap: 300b 0609 6086 4801 6503 0401 05 516 AES-196 Key Wrap: 300b 0609 6086 4801 6503 0401 19 518 AES-256 Key Wrap: 300b 0609 6086 4801 6503 0401 2d 520 AES-128 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 08 522 AES-196 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 1c 524 AES-256 Key Wrap with MLI: 300b 0609 6086 4801 6503 0401 30 526 NOTE: Camellia defines their capability parameters as NULL. 528 [RFC3657] Camellia 128-CBC: 300f 060b 2a83 088c 9a4b 3d01 0101 0205 529 00 531 [RFC3657] Camellia 196-CBC: 300f 060b 2a83 088c 9a4b 3d01 0101 0305 532 00 534 [RFC3657] Camellia 256-CBC: 300f 060b 2a83 088c 9a4b 3d01 0101 0405 535 00 537 NOTE: SEED defines their capability parameters as NULL. 539 [RFC4010] SEED CBC: 300C 0608 2a83 1a8c 9a44 0104 0500 541 8. Message Authentication Code Algorithms 543 [RFC3370], [RFC4231], and [RFC4490] define the following message 544 authentication code algorithms for use with CMS: 546 HMAC SHA-1: 3009 0608 2b0601 0505 0801 02 548 HMAC SHA-224: 300a 0608 2a86 4886 f70d 0208 549 HMAC SHA-256: 300a 0608 2a86 4886 f70d 0209 551 HMAC SHA-384: 300a 0608 2a86 4886 f70d 020a 553 [RFC4490] HMAC GOST: 3008 0606 2A85 0302 0209 555 9. Compression Algorithms 557 [RFC3274] define the following compression algorithms for use with 558 CMS: 560 [RFC3274] ZLIB: 300D 060B 2A86 4886 F70D 0109 1003 08 562 10. Security Considerations 564 This document does not advocate the use of any particular algorithm. 565 The strength of the algorithms and applicability to their use in a 566 particular environment is defined in the algorithms specifications. 568 Unlike the S/MIME Capabilities attribute that may be included in 569 S/MIME messages or the S/MIME capabilities attribute that may be 570 included in X.509 certificates, the vCard property defined in this 571 document is not signed. Locally stored copies of the vCard property 572 should be updated as necessary when presented a signed S/MIME 573 capabilities instance. 575 11. IANA Considerations 577 This document registers a new vCard property [RFC6350] for S/MIME 578 Capabilities defined in Section 1. The registation template is 579 specified below: 581 Purpose: To specify a list of S/MIME capabilities associated with 582 the object that the vCard represents. Each value represents a single 583 SMIMECapability. 585 Value type: A text value (base64-encoded DER [X.690]). It can also 586 be reset to a single URI. [[Or just always use data: URIs?]] 588 Cardinality: * 590 ABNF: 592 SMIMECAPA-param = SMIMECAPA-uri-param / SMIMECAPA-text-param 593 SMIMECAPA-value = SMIMECAPA-uri-value / SMIMECAPA-text-value 594 ; Value and parameter MUST match. 596 SMIMECAPA-uri-param = "VALUE=uri" / mediatype-param 597 SMIMECAPA-uri-value = URI 599 SMIMECAPA-text-param = "VALUE=text" 600 SMIMECAPA-text-value = text 602 SMIMECAPA-param =/ altid-param / pid-param / pref-param / 603 type-param / any-param 605 Examples: 607 SMIMECAPA:<... remainder of base64-encoded data ...> 608 [[Add a real example]] 610 12. References 612 12.1. Normative References 614 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 615 Requirement Levels", BCP 14, RFC 2119, March 1997. 617 [RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose 618 Internet Mail Extensions (S/MIME) Version 3.2 Message 619 Specification", RFC 5751, January 2010. 621 [RFC6350] Perreault, S., "vCard Format Specification", RFC 6350, 622 August 2011. 624 [X.690] ITU-T Recommendation X.690 (2002) | ISO/IEC 8825- 625 1:2002, Information technology - ASN.1 encoding rules: 626 Specification of Basic Encoding Rules (BER), Canonical 627 Encoding Rules (CER) and Distinguished Encoding Rules 628 (DER). 630 12.2. Informative References 632 [RFC2876] Pawling, J., "Use of the KEA and SKIPJACK Algorithms in 633 CMS", RFC 2876, July 2000. 635 [RFC3058] Teiwes, S., Hartmann, P., and D. Kuenzi, "Use of the 636 IDEA Encryption Algorithm in CMS", RFC 3058, February 637 2001. 639 [RFC3274] Gutmann, P., "Compressed Data Content Type for 640 Cryptographic Message Syntax (CMS)", RFC 3274, June 641 2002. 643 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 644 Algorithms", RFC 3370, August 2002. 646 [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport 647 Algorithm in Cryptographic Message Syntax (CMS)", 648 RFC 3560, July 2003. 650 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard 651 (AES) Encryption Algorithm in Cryptographic Message 652 Syntax (CMS)", RFC 3565, July 2003. 654 [RFC3657] Moriai, S. and A. Kato, "Use of the Camellia Encryption 655 Algorithm in Cryptographic Message Syntax (CMS)", 656 RFC 3657, January 2004. 658 [RFC4010] Park, J., Lee, S., Kim, J., and J. Lee, "Use of the 659 SEED Encryption Algorithm in Cryptographic Message 660 Syntax (CMS)", RFC 4010, February 2005. 662 [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional 663 Algorithms and Identifiers for RSA Cryptography for use 664 in the Internet X.509 Public Key Infrastructure 665 Certificate and Certificate Revocation List (CRL) 666 Profile", RFC 4055, June 2005. 668 [RFC4056] Schaad, J., "Use of the RSASSA-PSS Signature Algorithm 669 in Cryptographic Message Syntax (CMS)", RFC 4056, June 670 2005. 672 [RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC- 673 SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", 674 RFC 4231, December 2005. 676 [RFC4262] Santesson, S., "X.509 Certificate Extension for 677 Secure/Multipurpose Internet Mail Extensions (S/MIME) 678 Capabilities", RFC 4262, December 2005. 680 [RFC4490] Leontiev, S., Ed., and G. Chudov, Ed., "Using the GOST 681 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 682 34.10-2001 Algorithms with Cryptographic Message Syntax 683 (CMS)", RFC 4490, May 2006. 685 [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated 686 Encryption in the Cryptographic Message Syntax (CMS)", 687 RFC 5084, November 2007. 689 [RFC5649] Housley, R. and M. Dworkin, "Advanced Encryption 690 Standard (AES) Key Wrap with Padding Algorithm", 691 RFC 5649, September 2009. 693 [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve 694 Cryptography (ECC) Algorithms in Cryptographic Message 695 Syntax (CMS)", RFC 5753, January 2010. 697 [RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic 698 Message Syntax", RFC 5754, January 2010. 700 [RFC5990] Randall, J., Kaliski, B., Brainard, J., and S. Turner, 701 "Use of the RSA-KEM Key Transport Algorithm in the 702 Cryptographic Message Syntax (CMS)", RFC 5990, 703 September 2010. 705 Authors' Addresses 707 Sean Turner 709 IECA, Inc. 710 3057 Nutley Street, Suite 106 711 Fairfax, VA 22031 712 USA 714 Email: turners@ieca.com 716 Alexey Melnikov 717 Isode Ltd 718 5 Castle Business Village 719 36 Station Road 720 Hampton, Middlesex TW12 2BX 721 UK 723 EMail: Alexey.Melnikov@isode.com 725 Carl Wallace 727 Email: carl@redhoundsoftware.com