draft-ietf-smime-sha2-02.txt | draft-ietf-smime-sha2-03.txt | |||
---|---|---|---|---|

S/MIME WG Sean Turner, IECA | S/MIME WG Sean Turner, IECA | |||

Intended Status: Standard Track | Intended Status: Standard Track | |||

Expires: July 28, 2008 | Expires: July 30, 2008 | |||

Using SHA2 Algorithms with Cryptographic Message Syntax | Using SHA2 Algorithms with Cryptographic Message Syntax | |||

draft-ietf-smime-sha2-02.txt | draft-ietf-smime-sha2-03.txt | |||

Status of this Memo | Status of this Memo | |||

By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||

applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||

have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||

aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||

Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||

Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||

skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||

and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||

time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||

material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||

The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||

http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||

The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||

http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||

This Internet-Draft will expire on June 28, 2008. | This Internet-Draft will expire on July 30, 2008. | |||

Copyright Notice | Copyright Notice | |||

Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||

Abstract | Abstract | |||

This document describes the conventions for using the message digest | This document describes the conventions for using the message digest | |||

algorithms SHA-224, as defined in [RFC3874], and SHA-256, SHA-384, | algorithms SHA-224, SHA-256, SHA-384, SHA-512, as defined in FIPS | |||

SHA-512, as defined in [SHA2], with the Cryptographic Message Syntax | 180-3, with the Cryptographic Message Syntax (CMS). It also describes | |||

(CMS) [RFC3852]. It also describes the conventions for using these | the conventions for using these algorithms with CMS and the DSA, RSA, | |||

algorithms with CMS and the DSA, RSA, and ECDSA signature algorithms. | and ECDSA signature algorithms. | |||

Conventions used in this document | Conventions used in this document | |||

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||

"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||

document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||

Table of Contents | Table of Contents | |||

1. Introduction...................................................2 | 1. Introduction...................................................2 | |||

2. Message Digest Algorithms......................................3 | 2. Message Digest Algorithms......................................3 | |||

2.1. SHA-224...................................................4 | 2.1. SHA-224...................................................4 | |||

2.2. SHA-256...................................................4 | 2.2. SHA-256...................................................4 | |||

2.3. SHA-384...................................................4 | 2.3. SHA-384...................................................4 | |||

2.4. SHA-512...................................................4 | 2.4. SHA-512...................................................4 | |||

3. Signature Algorithms...........................................5 | 3. Signature Algorithms...........................................5 | |||

3.1. DSA.......................................................5 | 3.1. DSA.......................................................5 | |||

3.2. RSA.......................................................5 | 3.2. RSA.......................................................6 | |||

3.3. ECDSA.....................................................6 | 3.3. ECDSA.....................................................6 | |||

4. Security Considerations........................................7 | 4. Security Considerations........................................7 | |||

5. IANA Considerations............................................7 | 5. IANA Considerations............................................7 | |||

6. References.....................................................7 | 6. References.....................................................7 | |||

6.1. Normative References......................................7 | 6.1. Normative References......................................7 | |||

6.2. Informative References....................................8 | 6.2. Informative References....................................8 | |||

1. Introduction | 1. Introduction | |||

This document specifies the algorithm identifiers and specifies | This document specifies the algorithm identifiers and specifies | |||

parameters for the message digest algorithms SHA-224, SHA-256, SHA- | parameters for the message digest algorithms SHA-224, SHA-256, SHA- | |||

384, and SHA-512 for use with the Cryptographic Message Syntax (CMS) | 384, and SHA-512 for use with the Cryptographic Message Syntax (CMS) | |||

[RFC3852]. The message digest algorithms are defined in [RFC3874] | [RFC3852]. The message digest algorithms are defined in and [SHS]. | |||

and [SHA2]. If an implementation chooses to support one of the | If an implementation chooses to support one of the algorithms | |||

algorithms discussed in this document, then the implementation MUST | discussed in this document, then the implementation MUST do so as | |||

do so as described in this document. | described in this document. | |||

This document also specifies the algorithm identifier and parameters | This document also specifies the algorithm identifiers and parameters | |||

for use of SHA-224, SHA-256, SHA-384, and SHA-512 with DSA, RSA, and | for use of SHA-224, SHA-256, SHA-384, and SHA-512 with DSA, RSA, and | |||

ECDSA. If an implementation chooses to support one of the algorithms | ECDSA. If an implementation chooses to support one of the algorithms | |||

discussed in this document, then the implementation MUST do so as | discussed in this document, then the implementation MUST do so as | |||

described in this document. | described in this document. | |||

This document does not define new identifiers; they are taken from | This document does not define new identifiers; they are taken from | |||

[RFC3874], [RFC4055], [ECCADD], [RFC3278], and [RFC3370]. | [RFC3874], [RFC4055], [ECCADD], [RFC3278], and [RFC3370]. | |||

Additionally, the parameters follow the conventions specified | Additionally, the parameters follow the conventions specified | |||

therein. Therefore, there is no ASN.1 module included in this | therein. Therefore, there is no ASN.1 module included in this | |||

document. | document. | |||

Note that [RFC4231] specifies the conventions for use of for the | Note that [RFC4231] specifies the conventions for use of for the | |||

message authentication code (MAC) algorithms: HMAC with SHA-224, HMAC | message authentication code (MAC) algorithms: HMAC with SHA-224, HMAC | |||

with SHA-256, HMAC with SHA-384, and HMAC with SHA-512. | with SHA-256, HMAC with SHA-384, and HMAC with SHA-512. | |||

In CMS, the various algorithm identifiers use the AlgorithmIdentifier | ||||

syntax, which is included here for convenience: | ||||

AlgorithmIdentifier ::= SEQUENCE { | ||||

algorithm OBJECT IDENTIFIER, | ||||

parameters ANY DEFINED BY algorithm OPTIONAL } | ||||

2. Message Digest Algorithms | 2. Message Digest Algorithms | |||

Digest algorithm identifiers are located in the SignedData | Digest algorithm identifiers are located in the SignedData | |||

digestAlgorithms field, the SignerInfo digestAlgorithm field, the | digestAlgorithms field, the SignerInfo digestAlgorithm field, the | |||

DigestedData digestAlgorithm field, and the AuthenticatedData | DigestedData digestAlgorithm field, and the AuthenticatedData | |||

digestAlgorithm field. | digestAlgorithm field. | |||

Digest values are located in the DigestedData digest field and the | Digest values are located in the DigestedData digest field and the | |||

Message Digest authenticated attribute. In addition, digest values | Message Digest authenticated attribute. In addition, digest values | |||

are input to signature algorithms. | are input to signature algorithms. | |||

In CMS, the digest algorithm identifiers use the AlgorithmIdentifier | The digest algorithm identifiers use the AlgorithmIdentifier syntax | |||

syntax, which is included here for convenience: | elaborated upon in Section 1. | |||

AlgorithmIdentifier ::= SEQUENCE { | ||||

algorithm OBJECT IDENTIFIER, | ||||

parameters ANY DEFINED BY algorithm OPTIONAL } | ||||

The algorithm field is discussed in Sections 2.1-2.4 for each message | The algorithm field is discussed in Sections 2.1-2.4 for each message | |||

digest algorithm. | digest algorithm. | |||

The following addresses the parameters field: | The following addresses the parameters field: | |||

There are two possible encodings for the SHA AlgorithmIdentifier | There are two possible encodings for the SHA AlgorithmIdentifier | |||

parameters field. The two alternatives arise from the fact that when | parameters field. The two alternatives arise from the fact that when | |||

the 1988 syntax for AlgorithmIdentifier was translated into the 1997 | the 1988 syntax for AlgorithmIdentifier was translated into the 1997 | |||

syntax, the OPTIONAL associated with the AlgorithmIdentifier | syntax, the OPTIONAL associated with the AlgorithmIdentifier | |||

skipping to change at page 4, line 7 | skipping to change at page 4, line 9 | |||

The AlgorithmIdentifier parameters field is OPTIONAL. If present, | The AlgorithmIdentifier parameters field is OPTIONAL. If present, | |||

the parameters field MUST contain a NULL. Implementations MUST | the parameters field MUST contain a NULL. Implementations MUST | |||

accept SHA2 AlgorithmIdentifiers with absent parameters. | accept SHA2 AlgorithmIdentifiers with absent parameters. | |||

Implementations MUST accept SHA2 AlgorithmIdentifiers with NULL | Implementations MUST accept SHA2 AlgorithmIdentifiers with NULL | |||

parameters. Implementations SHOULD generate SHA2 | parameters. Implementations SHOULD generate SHA2 | |||

AlgorithmIdentifiers with absent parameters. | AlgorithmIdentifiers with absent parameters. | |||

2.1. SHA-224 | 2.1. SHA-224 | |||

The SHA-224 message digest algorithm is defined in [RFC3874]. The | The SHA-224 message digest algorithm is defined in [SHS]. The | |||

algorithm identifier for SHA-224 is: | algorithm identifier for SHA-224 is: | |||

id-sha224 OBJECT IDENTIFIER ::= { | id-sha224 OBJECT IDENTIFIER ::= { | |||

joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | |||

csor(3) nistalgorithm(4) hashalgs(2) 4 } | csor(3) nistalgorithm(4) hashalgs(2) 4 } | |||

The parameters are as specified in Section 2. | The parameters are as specified in Section 2. | |||

2.2. SHA-256 | 2.2. SHA-256 | |||

The SHA-256 message digest algorithm is defined in [SHA2]. The | The SHA-256 message digest algorithm is defined in [SHS]. The | |||

algorithm identifier for SHA-256 is: | algorithm identifier for SHA-256 is: | |||

id-sha256 OBJECT IDENTIFIER ::= { | id-sha256 OBJECT IDENTIFIER ::= { | |||

joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | |||

csor(3) nistalgorithm(4) hashalgs(2) 1 } | csor(3) nistalgorithm(4) hashalgs(2) 1 } | |||

The parameters are as specified in Section 2. | The parameters are as specified in Section 2. | |||

2.3. SHA-384 | 2.3. SHA-384 | |||

The SHA-384 message digest algorithm is defined in [SHA2]. The | The SHA-384 message digest algorithm is defined in [SHS]. The | |||

algorithm identifier for SHA-384 is: | algorithm identifier for SHA-384 is: | |||

id-sha384 OBJECT IDENTIFIER ::= { | id-sha384 OBJECT IDENTIFIER ::= { | |||

joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | |||

csor(3) nistalgorithm(4) hashalgs(2) 2 } | csor(3) nistalgorithm(4) hashalgs(2) 2 } | |||

The parameters are as specified in Section 2. | The parameters are as specified in Section 2. | |||

2.4. SHA-512 | 2.4. SHA-512 | |||

The SHA-256 message digest algorithm is defined in [SHA2]. The | The SHA-256 message digest algorithm is defined in [SHS]. The | |||

algorithm identifier for SHA-512 is: | algorithm identifier for SHA-512 is: | |||

id-sha512 OBJECT IDENTIFIER ::= { | id-sha512 OBJECT IDENTIFIER ::= { | |||

joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | |||

csor(3) nistalgorithm(4) hashalgs(2) 3 } | csor(3) nistalgorithm(4) hashalgs(2) 3 } | |||

The parameters are as specified in Section 2. | The parameters are as specified in Section 2. | |||

3. Signature Algorithms | 3. Signature Algorithms | |||

This section specifies the conventions employed by CMS | This section specifies the conventions employed by CMS | |||

implementations that support DSA [FIPS186-3], ECDSA [X9.62], and RSA | implementations that support DSA [DSS], ECDSA [X9.62], and RSA | |||

[RFC2313] with SHA2 algorithms. | [RFC2313] with SHA2 algorithms. | |||

Signature algorithm identifiers are located in the SignerInfo | Signature algorithm identifiers are located in the SignerInfo | |||

signatureAlgorithm field of SignedData. Also, signature algorithm | signatureAlgorithm field of SignedData. Also, signature algorithm | |||

identifiers are located in the SignerInfo signatureAlgorithm field of | identifiers are located in the SignerInfo signatureAlgorithm field of | |||

countersignature attributes. | countersignature attributes. | |||

Signature values are located in the SignerInfo signature field of | Signature values are located in the SignerInfo signature field of | |||

SignedData. Also, signature values are located in the SignerInfo | SignedData. Also, signature values are located in the SignerInfo | |||

signature field of countersignature attributes. | signature field of countersignature attributes. | |||

3.1. DSA | NOTE [to be removed upon publication as an RFC]: NIST has not yet | |||

finalized FIPS 186-3 and there is a chance that the draft may be | ||||

changed. This may result in differences between what is documented | ||||

in the current version of this document and what is in the FIPS. It | ||||

is intended to synchronize the final version of this draft with the | ||||

FIPS before publication as an RFC. | ||||

NOTE: NIST has not finalized FIPS 186-3 and there is a chance that | 3.1. DSA | |||

the draft may be changed. This may result in differences between | ||||

what is documented here and what is in the FIPS. | ||||

[RFC3370] section 3.1 specifies the conventions for DSA with SHA1 | [RFC3370] section 3.1 specifies the conventions for DSA with SHA1 | |||

public key algorithm identifiers, parameters, public keys, and | public key algorithm identifiers, parameters, public keys, and | |||

signature values. DSA with SHA2 algorithms use the same conventions | signature values. DSA with SHA2 algorithms uses the same conventions | |||

for these public key algorithm identifiers, parameters, public keys, | for these public key algorithm identifiers, parameters, public keys, | |||

and signature values. DSA MAY be used with SHA-224 and SHA-256. | and signature values. DSA MAY be used with SHA-224 and SHA-256. | |||

The algorithm identifier for DSA with SHA-224 signature values is: | The algorithm identifier for DSA with SHA-224 signature values is: | |||

id-dsa-with-sha224 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) | id-dsa-with-sha224 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) | |||

country(16) us(840) organization(1) gov(101) csor(3) | country(16) us(840) organization(1) gov(101) csor(3) | |||

algorithms(4) id-dsa-with-sha2(3) 1 } | algorithms(4) id-dsa-with-sha2(3) 1 } | |||

The algorithm identifier for DSA with SHA-224 signature values is: | The algorithm identifier for DSA with SHA-224 signature values is: | |||

id-dsa-with-sha256 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) | id-dsa-with-sha256 OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) | |||

country(16) us(840) organization(1) gov(101) csor(3) | country(16) us(840) organization(1) gov(101) csor(3) | |||

algorithms(4) id-dsa-with-sha2(3) 2 } | algorithms(4) id-dsa-with-sha2(3) 2 } | |||

When either of these algorithm identifiers are used, the | When either of these algorithm identifiers is used, the | |||

AlgorithmIdentifier parameters field MUST be absent. | AlgorithmIdentifier parameters field MUST be absent. | |||

3.2. RSA | 3.2. RSA | |||

[RFC3370] section 3.2 specifies the conventions for RSA with SHA-1 | [RFC3370] section 3.2 specifies the conventions for RSA with SHA-1 | |||

(PKCS #1 v1.5) public key algorithm identifiers, parameters, public | (PKCS #1 v1.5) public key algorithm identifiers, parameters, public | |||

keys, and signature values. RSA with SHA2 algorithms use the same | keys, and signature values. RSA with SHA2 algorithms uses the same | |||

conventions for these public key algorithm identifiers, parameters, | conventions for these public key algorithm identifiers, parameters, | |||

public keys, and signature values. RSA (PKCS #1 v1.5) MAY be used | public keys, and signature values. RSA (PKCS #1 v1.5) MAY be used | |||

with SHA-224, SHA-256, SHA-384, or SHA-512. | with SHA-224, SHA-256, SHA-384, or SHA-512. | |||

The object identifier for RSA with SHA-224 signature values is: | The object identifier for RSA with SHA-224 signature values is: | |||

sha224WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) | sha224WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) | |||

member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 14 } | member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 14 } | |||

The object identifier for RSA with SHA-256 signature values is: | The object identifier for RSA with SHA-256 signature values is: | |||

skipping to change at page 6, line 36 | skipping to change at page 6, line 42 | |||

member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 13 } | member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 13 } | |||

When any of these four object identifiers appears within an | When any of these four object identifiers appears within an | |||

AlgorithmIdentifier, the parameters MUST be NULL. Implementations | AlgorithmIdentifier, the parameters MUST be NULL. Implementations | |||

MUST accept the parameters being absent as well as present. | MUST accept the parameters being absent as well as present. | |||

3.3. ECDSA | 3.3. ECDSA | |||

[RFC3278] section 2.1 specifies the conventions for ECDSA with SHA1 | [RFC3278] section 2.1 specifies the conventions for ECDSA with SHA1 | |||

public key algorithm identifiers, parameters, public keys, and | public key algorithm identifiers, parameters, public keys, and | |||

signature values. ECDSA with SHA2 algorithms use the same conventions | signature values. ECDSA with SHA2 algorithms uses the same | |||

for these public key algorithm identifiers, parameters, public keys, | conventions for these public key algorithm identifiers, parameters, | |||

and signature values, except that the digestAlgorithm MUST include | public keys, and signature values, except that the digestAlgorithm | |||

the corresponding message digest algorithm identifier not sha-1 | MUST include the corresponding message digest algorithm identifier, | |||

object identifier. ECDSA MAY be used with SHA-224, SHA-256, SHA-384, | and not sha-1 object identifier. ECDSA MAY be used with SHA-224, | |||

or SHA-512. | SHA-256, SHA-384, or SHA-512. | |||

The algorithm identifier for ECDSA with SHA-224 signature values is: | The algorithm identifier for ECDSA with SHA-224 signature values is: | |||

ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) | ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||

us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 } | us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 } | |||

The algorithm identifier for ECDSA with SHA-256 signature values is: | The algorithm identifier for ECDSA with SHA-256 signature values is: | |||

ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) | ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||

us(840)ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } | us(840)ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 } | |||

The algorithm identifier for ECDSA with SHA-384 signature values is: | The algorithm identifier for ECDSA with SHA-384 signature values is: | |||

ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) | ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||

us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } | us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 } | |||

skipping to change at page 7, line 42 | skipping to change at page 7, line 48 | |||

6. References | 6. References | |||

6.1. Normative References | 6.1. Normative References | |||

[ECCADD] Dang, S., Santesson, S., Moriarty, K., and Brown, | [ECCADD] Dang, S., Santesson, S., Moriarty, K., and Brown, | |||

"Internet X.509 Public Key Infrastructure: Additional | "Internet X.509 Public Key Infrastructure: Additional | |||

Algorithms and Identifiers for DSA and ECDSA", work-in- | Algorithms and Identifiers for DSA and ECDSA", work-in- | |||

progress. | progress. | |||

[FIPS186-3] Federal Information Processing Standards Publication | [DSS] Federal Information Processing Standards Publication | |||

(FIPS PUB) 180-3, Secure Hash Standard (SHS), July 2007. | (FIPS PUB) 186-3, Secure Hash Standard (SHS), July 2007. | |||

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||

Requirement Levels", BCP 14, RFC 2119. March 1997. | Requirement Levels", BCP 14, RFC 2119. March 1997. | |||

[RFC2313] Kaliski, B., "PKCS #1: RSA Encryption Version 1.5", RFC | [RFC2313] Kaliski, B., "PKCS #1: RSA Encryption Version 1.5", RFC | |||

2313, March 1998. | 2313, March 1998. | |||

[RFC3278] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of | [RFC3278] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of | |||

Elliptic Curve Cryptography (ECC) Algorithms in | Elliptic Curve Cryptography (ECC) Algorithms in | |||

Cryptographic Message Syntax (CMS)", RFC 3278, April | Cryptographic Message Syntax (CMS)", RFC 3278, April | |||

skipping to change at page 8, line 28 | skipping to change at page 8, line 34 | |||

[RFC3874] Housley, R., "A 224-bit One Way Hash Function: SHA-224", | [RFC3874] Housley, R., "A 224-bit One Way Hash Function: SHA-224", | |||

RFC 3874. September 2004. | RFC 3874. September 2004. | |||

[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional | [RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional | |||

Algorithms and Identifiers for RSA Cryptography for use | Algorithms and Identifiers for RSA Cryptography for use | |||

in the Internet Public Key Infrastructure Certificate and | in the Internet Public Key Infrastructure Certificate and | |||

Certificate Revocation List (CRL) Profile", RFC 4055. | Certificate Revocation List (CRL) Profile", RFC 4055. | |||

June 2005. | June 2005. | |||

[SHA2] National Institute of Standards and Technology (NIST), | [SHS] National Institute of Standards and Technology (NIST), | |||

FIPS Publication 180-2: Secure Hash Standard, 1 August | FIPS Publication 180-3: Secure Hash Standard, June 2007. | |||

2002. | ||||

[X9.62] X9.62-2005, "Public Key Cryptography for the Financial | [X9.62] X9.62-2005, "Public Key Cryptography for the Financial | |||

Services Industry: The Elliptic Curve Digital Signature | Services Industry: The Elliptic Curve Digital Signature | |||

Standard (ECDSA)", November, 2005. | Standard (ECDSA)", November, 2005. | |||

6.2. Informative References | 6.2. Informative References | |||

[RFC4231] Nystrom, A. "Identifiers and Test Vectors for HMAC-SHA- | [RFC4231] Nystrom, A. "Identifiers and Test Vectors for HMAC-SHA- | |||

224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", | 224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", | |||

RFC4231. December 2005. | RFC4231. December 2005. | |||

End of changes. 23 change blocks. | ||||

42 lines changed or deleted | | 48 lines changed or added | ||

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |