draft-ietf-keyprov-dskpp-09.txt   draft-ietf-keyprov-dskpp-10.txt 
KEYPROV Working Group A. Doherty KEYPROV Working Group A. Doherty
Internet-Draft RSA, The Security Division of EMC Internet-Draft RSA, The Security Division of EMC
Intended status: Standards Track M. Pei Intended status: Standards Track M. Pei
Expires: May 20, 2010 Verisign, Inc. Expires: October 10, 2010 Verisign, Inc.
S. Machani S. Machani
Diversinet Corp. Diversinet Corp.
M. Nystrom M. Nystrom
Microsoft Corp. Microsoft Corp.
November 16, 2009 April 8, 2010
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Dynamic Symmetric Key Provisioning Protocol (DSKPP)
draft-ietf-keyprov-dskpp-09.txt draft-ietf-keyprov-dskpp-10.txt
Abstract Abstract
DSKPP is a client-server protocol for initialization (and DSKPP is a client-server protocol for initialization (and
configuration) of symmetric keys to locally and remotely accessible configuration) of symmetric keys to locally and remotely accessible
cryptographic modules. The protocol can be run with or without cryptographic modules. The protocol can be run with or without
private-key capabilities in the cryptographic modules, and with or private-key capabilities in the cryptographic modules, and with or
without an established public-key infrastructure. without an established public-key infrastructure.
Two variations of the protocol support multiple usage scenarios. Two variations of the protocol support multiple usage scenarios.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
not transferred over-the-wire or over-the-air. The two-pass variant not transferred over-the-wire or over-the-air. The two-pass variant
enables secure and efficient download and installation of pre- enables secure and efficient download and installation of pre-
generated symmetric keys to a cryptographic module. generated symmetric keys to a cryptographic module.
This document builds on information contained in [RFC4758], adding This document builds on information contained in [RFC4758], adding
specific enhancements in response to implementation experience and specific enhancements in response to implementation experience and
liaison requests. liaison requests.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on October 10, 2010.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 20, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1. Key Words . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1. Key Words . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2. Versions . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2. Versions . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3. Namespace Identifiers . . . . . . . . . . . . . . . . . . 7 1.3. Namespace Identifiers . . . . . . . . . . . . . . . . . . 7
1.3.1. Defined Identifiers . . . . . . . . . . . . . . . . . 7 1.3.1. Defined Identifiers . . . . . . . . . . . . . . . . . 7
1.3.2. Identifiers Defined in Related Specifications . . . . 7 1.3.2. Identifiers Defined in Related Specifications . . . . 7
1.3.3. Referenced Identifiers . . . . . . . . . . . . . . . . 7 1.3.3. Referenced Identifiers . . . . . . . . . . . . . . . . 7
skipping to change at page 5, line 31 skipping to change at page 5, line 31
B.3.2. Example Using the Key Wrap Method . . . . . . . . . . 81 B.3.2. Example Using the Key Wrap Method . . . . . . . . . . 81
B.3.3. Example Using the Passphrase-Based Key Wrap Method . . 84 B.3.3. Example Using the Passphrase-Based Key Wrap Method . . 84
Appendix C. Integration with PKCS #11 . . . . . . . . . . . . . . 88 Appendix C. Integration with PKCS #11 . . . . . . . . . . . . . . 88
C.1. The 4-pass Variant . . . . . . . . . . . . . . . . . . . . 88 C.1. The 4-pass Variant . . . . . . . . . . . . . . . . . . . . 88
C.2. The 2-pass Variant . . . . . . . . . . . . . . . . . . . . 88 C.2. The 2-pass Variant . . . . . . . . . . . . . . . . . . . . 88
Appendix D. Example of DSKPP-PRF Realizations . . . . . . . . . . 91 Appendix D. Example of DSKPP-PRF Realizations . . . . . . . . . . 91
D.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 91 D.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 91
D.2. DSKPP-PRF-AES . . . . . . . . . . . . . . . . . . . . . . 91 D.2. DSKPP-PRF-AES . . . . . . . . . . . . . . . . . . . . . . 91
D.2.1. Identification . . . . . . . . . . . . . . . . . . . . 91 D.2.1. Identification . . . . . . . . . . . . . . . . . . . . 91
D.2.2. Definition . . . . . . . . . . . . . . . . . . . . . . 91 D.2.2. Definition . . . . . . . . . . . . . . . . . . . . . . 91
D.2.3. Example . . . . . . . . . . . . . . . . . . . . . . . 92 D.2.3. Example . . . . . . . . . . . . . . . . . . . . . . . 93
D.3. DSKPP-PRF-SHA256 . . . . . . . . . . . . . . . . . . . . . 93 D.3. DSKPP-PRF-SHA256 . . . . . . . . . . . . . . . . . . . . . 93
D.3.1. Identification . . . . . . . . . . . . . . . . . . . . 93 D.3.1. Identification . . . . . . . . . . . . . . . . . . . . 93
D.3.2. Definition . . . . . . . . . . . . . . . . . . . . . . 93 D.3.2. Definition . . . . . . . . . . . . . . . . . . . . . . 93
D.3.3. Example . . . . . . . . . . . . . . . . . . . . . . . 94 D.3.3. Example . . . . . . . . . . . . . . . . . . . . . . . 94
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 95
1. Introduction 1. Introduction
Symmetric key based cryptographic systems (e.g., those providing Symmetric key based cryptographic systems (e.g., those providing
authentication mechanisms such as one-time passwords and challenge- authentication mechanisms such as one-time passwords and challenge-
response) offer performance and operational advantages over public response) offer performance and operational advantages over public
key schemes. Such use requires a mechanism for provisioning of key schemes. Such use requires a mechanism for provisioning of
symmetric keys providing equivalent functionality to mechanisms such symmetric keys providing equivalent functionality to mechanisms such
as CMP [RFC4210] and CMC [RFC5272] in a Public Key Infrastructure. as CMP [RFC4210] and CMC [RFC5272] in a Public Key Infrastructure.
skipping to change at page 71, line 24 skipping to change at page 71, line 24
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<dskpp:KeyProvTrigger Version="1.0" <dskpp:KeyProvTrigger Version="1.0"
xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp" xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"> xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<dskpp:InitializationTrigger> <dskpp:InitializationTrigger>
<dskpp:DeviceIdentifierData> <dskpp:DeviceIdentifierData>
<dskpp:DeviceId> <dskpp:DeviceId>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</dskpp:DeviceId> </dskpp:DeviceId>
</dskpp:DeviceIdentifierData> </dskpp:DeviceIdentifierData>
<dskpp:KeyID>SE9UUDAwMDAwMDAx</dskpp:KeyID> <dskpp:KeyID>SE9UUDAwMDAwMDAx</dskpp:KeyID>
<dskpp:TokenPlatformInfo KeyLocation="Hardware" <dskpp:TokenPlatformInfo KeyLocation="Hardware"
AlgorithmLocation="Software"/> AlgorithmLocation="Software"/>
<dskpp:AuthenticationData> <dskpp:AuthenticationData>
<dskpp:ClientID>31300257</dskpp:ClientID> <dskpp:ClientID>31300257</dskpp:ClientID>
<dskpp:AuthenticationCodeMac> <dskpp:AuthenticationCodeMac>
<dskpp:IterationCount>512</dskpp:IterationCount> <dskpp:IterationCount>512</dskpp:IterationCount>
<dskpp:Mac>4bRJf9xXd3KchKoTenHJiw==</dskpp:Mac> <dskpp:Mac>4bRJf9xXd3KchKoTenHJiw==</dskpp:Mac>
skipping to change at page 72, line 15 skipping to change at page 72, line 15
<dskpp:KeyProvClientHello <dskpp:KeyProvClientHello
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp" xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Version="1.0"> Version="1.0">
<dskpp:DeviceIdentifierData> <dskpp:DeviceIdentifierData>
<dskpp:DeviceId> <dskpp:DeviceId>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</dskpp:DeviceId> </dskpp:DeviceId>
</dskpp:DeviceIdentifierData> </dskpp:DeviceIdentifierData>
<dskpp:SupportedKeyTypes> <dskpp:SupportedKeyTypes>
<dskpp:Algorithm> <dskpp:Algorithm>
urn:ietf:params:xml:ns:keyprov:pskc#hotp urn:ietf:params:xml:ns:keyprov:pskc#hotp
</dskpp:Algorithm> </dskpp:Algorithm>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedKeyTypes> </dskpp:SupportedKeyTypes>
skipping to change at page 72, line 38 skipping to change at page 72, line 38
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes128-cbc
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedEncryptionAlgorithms> </dskpp:SupportedEncryptionAlgorithms>
<dskpp:SupportedMacAlgorithms> <dskpp:SupportedMacAlgorithms>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedMacAlgorithms> </dskpp:SupportedMacAlgorithms>
<dskpp:SupportedProtocolVariants> <dskpp:SupportedProtocolVariants>
<dskpp:FourPass xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <dskpp:FourPass/>
xmlns:ns6="http://www.w3.org/2001/XMLSchema" xsi:type="ns6:string">
</dskpp:FourPass>
</dskpp:SupportedProtocolVariants> </dskpp:SupportedProtocolVariants>
<dskpp:SupportedKeyPackages> <dskpp:SupportedKeyPackages>
<dskpp:KeyPackageFormat> <dskpp:KeyPackageFormat>
urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer
</dskpp:KeyPackageFormat> </dskpp:KeyPackageFormat>
</dskpp:SupportedKeyPackages> </dskpp:SupportedKeyPackages>
</dskpp:KeyProvClientHello> </dskpp:KeyProvClientHello>
B.2.2. <KeyProvClientHello> Assuming a Preceding Trigger B.2.2. <KeyProvClientHello> Assuming a Preceding Trigger
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<dskpp:KeyProvClientHello <dskpp:KeyProvClientHello
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp" xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Version="1.0"> Version="1.0">
<dskpp:DeviceIdentifierData> <dskpp:DeviceIdentifierData>
<dskpp:DeviceId> <dskpp:DeviceId>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</dskpp:DeviceId> </dskpp:DeviceId>
</dskpp:DeviceIdentifierData> </dskpp:DeviceIdentifierData>
<dskpp:KeyID>SE9UUDAwMDAwMDAx</dskpp:KeyID> <dskpp:KeyID>SE9UUDAwMDAwMDAx</dskpp:KeyID>
<dskpp:SupportedKeyTypes> <dskpp:SupportedKeyTypes>
<dskpp:Algorithm> <dskpp:Algorithm>
urn:ietf:params:xml:ns:keyprov:pskc#hotp urn:ietf:params:xml:ns:keyprov:pskc#hotp
</dskpp:Algorithm> </dskpp:Algorithm>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES
</dskpp:Algorithm> </dskpp:Algorithm>
skipping to change at page 73, line 39 skipping to change at page 73, line 39
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes128-cbc
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedEncryptionAlgorithms> </dskpp:SupportedEncryptionAlgorithms>
<dskpp:SupportedMacAlgorithms> <dskpp:SupportedMacAlgorithms>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedMacAlgorithms> </dskpp:SupportedMacAlgorithms>
<dskpp:SupportedProtocolVariants> <dskpp:SupportedProtocolVariants>
<dskpp:FourPass xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <dskpp:FourPass/>
xmlns:ns6="http://www.w3.org/2001/XMLSchema" xsi:type="ns6:string">
</dskpp:FourPass>
</dskpp:SupportedProtocolVariants> </dskpp:SupportedProtocolVariants>
<dskpp:SupportedKeyPackages> <dskpp:SupportedKeyPackages>
<dskpp:KeyPackageFormat> <dskpp:KeyPackageFormat>
urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer
</dskpp:KeyPackageFormat> </dskpp:KeyPackageFormat>
</dskpp:SupportedKeyPackages> </dskpp:SupportedKeyPackages>
</dskpp:KeyProvClientHello> </dskpp:KeyProvClientHello>
B.2.3. <KeyProvServerHello> Without a Preceding Trigger B.2.3. <KeyProvServerHello> Without a Preceding Trigger
skipping to change at page 74, line 25 skipping to change at page 74, line 25
SessionID="4114"> SessionID="4114">
<dskpp:KeyType> <dskpp:KeyType>
urn:ietf:params:xml:ns:keyprov:pskc#hotp urn:ietf:params:xml:ns:keyprov:pskc#hotp
</dskpp:KeyType> </dskpp:KeyType>
<dskpp:EncryptionAlgorithm> <dskpp:EncryptionAlgorithm>
http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes128-cbc
</dskpp:EncryptionAlgorithm> </dskpp:EncryptionAlgorithm>
<dskpp:MacAlgorithm> <dskpp:MacAlgorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:MacAlgorithm> </dskpp:MacAlgorithm>
<dskpp:EncryptionKey>Example-Key1</dskpp:EncryptionKey> <dskpp:EncryptionKey>
<ds:KeyName>Example-Key1</ds:KeyName>
</dskpp:EncryptionKey>
<dskpp:KeyPackageFormat> <dskpp:KeyPackageFormat>
urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer
</dskpp:KeyPackageFormat> </dskpp:KeyPackageFormat>
<dskpp:Payload> <dskpp:Payload>
<dskpp:Nonce>EjRWeJASNFZ4kBI0VniQEg==</dskpp:Nonce> <dskpp:Nonce>EjRWeJASNFZ4kBI0VniQEg==</dskpp:Nonce>
</dskpp:Payload> </dskpp:Payload>
</dskpp:KeyProvServerHello> </dskpp:KeyProvServerHello>
B.2.4. <KeyProvServerHello> Assuming Key Renewal B.2.4. <KeyProvServerHello> Assuming Key Renewal
skipping to change at page 75, line 25 skipping to change at page 75, line 25
Status="Continue"> Status="Continue">
<dskpp:KeyType> <dskpp:KeyType>
urn:ietf:params:xml:schema:keyprov:otpalg#SecurID-AES urn:ietf:params:xml:schema:keyprov:otpalg#SecurID-AES
</dskpp:KeyType> </dskpp:KeyType>
<dskpp:EncryptionAlgorithm> <dskpp:EncryptionAlgorithm>
http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes128-cbc
</dskpp:EncryptionAlgorithm> </dskpp:EncryptionAlgorithm>
<dskpp:MacAlgorithm> <dskpp:MacAlgorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:MacAlgorithm> </dskpp:MacAlgorithm>
<dskpp:EncryptionKey>Example-Key1</dskpp:EncryptionKey> <dskpp:EncryptionKey>
<ds:KeyName>Example-Key1</ds:KeyName>
</dskpp:EncryptionKey>
<dskpp:KeyPackageFormat> <dskpp:KeyPackageFormat>
urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer
</dskpp:KeyPackageFormat> </dskpp:KeyPackageFormat>
<dskpp:Payload> <dskpp:Payload>
<dskpp:Nonce>qw2ewasde312asder394jw==</dskpp:Nonce> <dskpp:Nonce>qw2ewasde312asder394jw==</dskpp:Nonce>
</dskpp:Payload> </dskpp:Payload>
<dskpp:Mac <dskpp:Mac
MacAlgorithm="http://www.ietf.org/keyprov/dskpp#dskpp-prf-aes-128"> MacAlgorithm="http://www.ietf.org/keyprov/dskpp#dskpp-prf-aes-128">
cXcycmFuZG9tMzEyYXNkZXIzOTRqdw== cXcycmFuZG9tMzEyYXNkZXIzOTRqdw==
</dskpp:Mac> </dskpp:Mac>
skipping to change at page 77, line 19 skipping to change at page 77, line 19
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Version="1.0" Version="1.0"
Status="Success" Status="Success"
SessionID="4114"> SessionID="4114">
<dskpp:KeyPackage> <dskpp:KeyPackage>
<dskpp:KeyContainer Version="1.0" Id="KC0001"> <dskpp:KeyContainer Version="1.0" Id="KC0001">
<pskc:KeyPackage> <pskc:KeyPackage>
<pskc:DeviceInfo> <pskc:DeviceInfo>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</pskc:DeviceInfo> </pskc:DeviceInfo>
<pskc:CryptoModuleInfo> <pskc:CryptoModuleInfo>
<pskc:Id>CM_ID_001</pskc:Id> <pskc:Id>CM_ID_001</pskc:Id>
</pskc:CryptoModuleInfo> </pskc:CryptoModuleInfo>
<pskc:Key <pskc:Key
Id="MBK000000001" Id="MBK000000001"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp"> Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp">
<pskc:Issuer>Example-Issuer</pskc:Issuer> <pskc:Issuer>Example-Issuer</pskc:Issuer>
<pskc:AlgorithmParameters> <pskc:AlgorithmParameters>
<pskc:ResponseFormat Length="6" Encoding="DECIMAL"/> <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
skipping to change at page 78, line 23 skipping to change at page 78, line 23
<dskpp:KeyProvClientHello <dskpp:KeyProvClientHello
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp" xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Version="1.0"> Version="1.0">
<dskpp:DeviceIdentifierData> <dskpp:DeviceIdentifierData>
<dskpp:DeviceId> <dskpp:DeviceId>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</dskpp:DeviceId> </dskpp:DeviceId>
</dskpp:DeviceIdentifierData> </dskpp:DeviceIdentifierData>
<dskpp:SupportedKeyTypes> <dskpp:SupportedKeyTypes>
<dskpp:Algorithm> <dskpp:Algorithm>
urn:ietf:params:xml:ns:keyprov:pskc#hotp urn:ietf:params:xml:ns:keyprov:pskc#hotp
</dskpp:Algorithm> </dskpp:Algorithm>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedKeyTypes> </dskpp:SupportedKeyTypes>
skipping to change at page 80, line 29 skipping to change at page 80, line 29
h1AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAe875m84sYUJ8qPeZ+NG7REgTvlHTmoCdoByU0LBBL h1AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAe875m84sYUJ8qPeZ+NG7REgTvlHTmoCdoByU0LBBL
otUKuqfrnRuXJRMeZXaaEGmzY1kLonVjQGzjAkU4dJ+RPmiDlYuHLZS41Pg6VMwY+03lhk6I5A/ otUKuqfrnRuXJRMeZXaaEGmzY1kLonVjQGzjAkU4dJ+RPmiDlYuHLZS41Pg6VMwY+03lhk6I5A/
w4rnqdkmwZX/NgXg06alnc2pBsXWhL4O7nk0S2ZrLMsQZ6HcsXgdmHo= w4rnqdkmwZX/NgXg06alnc2pBsXWhL4O7nk0S2ZrLMsQZ6HcsXgdmHo=
</ds:X509Certificate> </ds:X509Certificate>
</ds:X509Data> </ds:X509Data>
</pskc:EncryptionKey> </pskc:EncryptionKey>
<pskc:KeyPackage> <pskc:KeyPackage>
<pskc:DeviceInfo> <pskc:DeviceInfo>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</pskc:DeviceInfo> </pskc:DeviceInfo>
<pskc:Key <pskc:Key
Id="MBK000000001" Id="MBK000000001"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp"> Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp">
<pskc:Issuer>Example-Issuer</pskc:Issuer> <pskc:Issuer>Example-Issuer</pskc:Issuer>
<pskc:AlgorithmParameters> <pskc:AlgorithmParameters>
<pskc:ResponseFormat Length="6" Encoding="DECIMAL"/> <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
</pskc:AlgorithmParameters> </pskc:AlgorithmParameters>
<pskc:Data> <pskc:Data>
<pskc:Secret> <pskc:Secret>
<pskc:EncryptedValue> <pskc:EncryptedValue>
<xenc:EncryptionMethod <xenc:EncryptionMethod
Algorithm= Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa_1_5" "http://www.w3.org/2001/04/xmlenc#rsa_1_5"/>
/>
<xenc:CipherData> <xenc:CipherData>
<xenc:CipherValue> <xenc:CipherValue>
eyjr23WMy9S2UdKgGnQEbs44T1jmX1TNWEBq48xfS20PK2VWF4ZK1iSctHj/u3uk+7+y8uKrAzH eyjr23WMy9S2UdKgGnQEbs44T1jmX1TNWEBq48xfS20PK2VWF4ZK1iSctHj/u3uk+7+y8uKrAzH
Em5mujKPAU4DCbb5mSibXMnAbbIoAi2cJW60/l8FlzwaU4EZsZ1LyQ1GcBQKACEeylG5vK8NTo4 Em5mujKPAU4DCbb5mSibXMnAbbIoAi2cJW60/l8FlzwaU4EZsZ1LyQ1GcBQKACEeylG5vK8NTo4
7vZTatL5UxmbmOX2HvaVQ= 7vZTatL5UxmbmOX2HvaVQ=
</xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData> </xenc:CipherData>
</pskc:EncryptedValue> </pskc:EncryptedValue>
</pskc:Secret> </pskc:Secret>
<pskc:Counter> <pskc:Counter>
<pskc:PlainValue>0</pskc:PlainValue> <pskc:PlainValue>0</pskc:PlainValue>
</pskc:Counter> </pskc:Counter>
</pskc:Data> </pskc:Data>
<pskc:Policy> <pskc:Policy>
<pskc:KeyUsage>OTP</pskc:KeyUsage> <pskc:KeyUsage>OTP</pskc:KeyUsage>
</pskc:Policy> </pskc:Policy>
</pskc:Key> </pskc:Key>
skipping to change at page 81, line 43 skipping to change at page 81, line 42
<dskpp:KeyProvClientHello <dskpp:KeyProvClientHello
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp" xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Version="1.0"> Version="1.0">
<dskpp:DeviceIdentifierData> <dskpp:DeviceIdentifierData>
<dskpp:DeviceId> <dskpp:DeviceId>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</dskpp:DeviceId> </dskpp:DeviceId>
</dskpp:DeviceIdentifierData> </dskpp:DeviceIdentifierData>
<dskpp:SupportedKeyTypes> <dskpp:SupportedKeyTypes>
<dskpp:Algorithm> <dskpp:Algorithm>
urn:ietf:params:xml:ns:keyprov:pskc#hotp urn:ietf:params:xml:ns:keyprov:pskc#hotp
</dskpp:Algorithm> </dskpp:Algorithm>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedKeyTypes> </dskpp:SupportedKeyTypes>
<dskpp:SupportedEncryptionAlgorithms> <dskpp:SupportedEncryptionAlgorithms>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes128-cbc
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedEncryptionAlgorithms> </dskpp:SupportedEncryptionAlgorithms>
<dskpp:SupportedMacAlgorithms> <dskpp:SupportedMacAlgorithms>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:Algorithm> </dskpp:Algorithm>
skipping to change at page 82, line 22 skipping to change at page 82, line 22
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedMacAlgorithms> </dskpp:SupportedMacAlgorithms>
<dskpp:SupportedProtocolVariants> <dskpp:SupportedProtocolVariants>
<dskpp:TwoPass> <dskpp:TwoPass>
<dskpp:SupportedKeyProtectionMethod> <dskpp:SupportedKeyProtectionMethod>
urn:ietf:params:xml:schema:keyprov:dskpp#wrap urn:ietf:params:xml:schema:keyprov:dskpp#wrap
</dskpp:SupportedKeyProtectionMethod> </dskpp:SupportedKeyProtectionMethod>
<dskpp:Payload> <dskpp:Payload>
<ds:KeyInfo>Pre-shared-key-1</ds:KeyInfo> <ds:KeyInfo>
<ds:KeyName>Pre-shared-key-1</ds:KeyName>
</ds:KeyInfo>
</dskpp:Payload> </dskpp:Payload>
</dskpp:TwoPass> </dskpp:TwoPass>
</dskpp:SupportedProtocolVariants> </dskpp:SupportedProtocolVariants>
<dskpp:SupportedKeyPackages> <dskpp:SupportedKeyPackages>
<dskpp:KeyPackageFormat> <dskpp:KeyPackageFormat>
urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer
</dskpp:KeyPackageFormat> </dskpp:KeyPackageFormat>
</dskpp:SupportedKeyPackages> </dskpp:SupportedKeyPackages>
<dskpp:AuthenticationData> <dskpp:AuthenticationData>
<dskpp:ClientID>AC00000A</dskpp:ClientID> <dskpp:ClientID>AC00000A</dskpp:ClientID>
skipping to change at page 83, line 17 skipping to change at page 83, line 19
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:dkey="http://www.w3.org/2009/xmlsec-derivedkey#" xmlns:dkey="http://www.w3.org/2009/xmlsec-derivedkey#"
xmlns:pkcs5= xmlns:pkcs5=
"http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#" "http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#"
Version="1.0" Version="1.0"
Status="Success" Status="Success"
SessionID="4114"> SessionID="4114">
<dskpp:KeyPackage> <dskpp:KeyPackage>
<dskpp:KeyContainer Version="1.0" Id="KC0001"> <dskpp:KeyContainer Version="1.0" Id="KC0001">
<pskc:EncryptionKey>Pre-shared-key-1</pskc:EncryptionKey> <pskc:EncryptionKey>
<ds:KeyName>Pre-shared-key-1</ds:KeyName>
</pskc:EncryptionKey>
<pskc:MACMethod <pskc:MACMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
<pskc:MACKey> <pskc:MACKey>
<xenc:EncryptionMethod <xenc:EncryptionMethod
Algorithm= Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> "http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<xenc:CipherData> <xenc:CipherData>
<xenc:CipherValue> <xenc:CipherValue>
2GTTnLwM3I4e5IO5FkufoMUBJBuAf25hARFv0Z7MFk9Ecdb04PWY/qaeCbrgz7Es 2GTTnLwM3I4e5IO5FkufoMUBJBuAf25hARFv0Z7MFk9Ecdb04PWY/qaeCbrgz7Es
</xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData> </xenc:CipherData>
</pskc:MACKey> </pskc:MACKey>
</pskc:MACMethod> </pskc:MACMethod>
<pskc:KeyPackage> <pskc:KeyPackage>
<pskc:DeviceInfo> <pskc:DeviceInfo>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</pskc:DeviceInfo> </pskc:DeviceInfo>
<pskc:CryptoModuleInfo> <pskc:CryptoModuleInfo>
<pskc:Id>CM_ID_001</pskc:Id> <pskc:Id>CM_ID_001</pskc:Id>
</pskc:CryptoModuleInfo> </pskc:CryptoModuleInfo>
<pskc:Key <pskc:Key
Id="MBK000000001" Id="MBK000000001"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp"> Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp">
<pskc:Issuer>Example-Issuer</pskc:Issuer> <pskc:Issuer>Example-Issuer</pskc:Issuer>
<pskc:AlgorithmParameters> <pskc:AlgorithmParameters>
<pskc:ResponseFormat Length="6" Encoding="DECIMAL"/> <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
</pskc:AlgorithmParameters> </pskc:AlgorithmParameters>
<pskc:Data> <pskc:Data>
<pskc:Secret> <pskc:Secret>
<pskc:EncryptedValue> <pskc:EncryptedValue>
<xenc:EncryptionMethod <xenc:EncryptionMethod
Algorithm= Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" "http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
/>
<xenc:CipherData> <xenc:CipherData>
<xenc:CipherValue> <xenc:CipherValue>
oTvo+S22nsmS2Z/RtcoF8AabC6vr09sh0Q oTvo+S22nsmS2Z/RtcoF8AabC6vr09sh0Q
IU+E224S96sZjpV+6nFYgn6525OoepbPnL IU+E224S96sZjpV+6nFYgn6525OoepbPnL
/fGuuey64WCYXoqhTg== /fGuuey64WCYXoqhTg==
</xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData> </xenc:CipherData>
</pskc:EncryptedValue> </pskc:EncryptedValue>
<pskc:ValueMAC> <pskc:ValueMAC>
o+e9xgMVUbYuZH9UHe0W9dIo88A= o+e9xgMVUbYuZH9UHe0W9dIo88A=
skipping to change at page 85, line 9 skipping to change at page 85, line 11
<dskpp:KeyProvClientHello <dskpp:KeyProvClientHello
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp" xmlns:dskpp="urn:ietf:params:xml:ns:keyprov:dskpp"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Version="1.0"> Version="1.0">
<dskpp:DeviceIdentifierData> <dskpp:DeviceIdentifierData>
<dskpp:DeviceId> <dskpp:DeviceId>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</dskpp:DeviceId> </dskpp:DeviceId>
</dskpp:DeviceIdentifierData> </dskpp:DeviceIdentifierData>
<dskpp:SupportedKeyTypes> <dskpp:SupportedKeyTypes>
<dskpp:Algorithm> <dskpp:Algorithm>
urn:ietf:params:xml:ns:keyprov:pskc#hotp urn:ietf:params:xml:ns:keyprov:pskc#hotp
</dskpp:Algorithm> </dskpp:Algorithm>
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES http://www.rsa.com/rsalabs/otps/schemas/2005/09/otps-wst#SecurID-AES
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedKeyTypes> </dskpp:SupportedKeyTypes>
skipping to change at page 85, line 37 skipping to change at page 85, line 39
<dskpp:Algorithm> <dskpp:Algorithm>
http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256 http://www.ietf.org/keyprov/dskpp#dskpp-prf-sha256
</dskpp:Algorithm> </dskpp:Algorithm>
</dskpp:SupportedMacAlgorithms> </dskpp:SupportedMacAlgorithms>
<dskpp:SupportedProtocolVariants> <dskpp:SupportedProtocolVariants>
<dskpp:TwoPass> <dskpp:TwoPass>
<dskpp:SupportedKeyProtectionMethod> <dskpp:SupportedKeyProtectionMethod>
urn:ietf:params:xml:schema:keyprov:dskpp#passphrase-wrap urn:ietf:params:xml:schema:keyprov:dskpp#passphrase-wrap
</dskpp:SupportedKeyProtectionMethod> </dskpp:SupportedKeyProtectionMethod>
<dskpp:Payload> <dskpp:Payload>
<ds:KeyInfo>Passphrase-1</ds:KeyInfo> <ds:KeyInfo>
<ds:KeyName>Passphrase-1</ds:KeyName>
</ds:KeyInfo>
</dskpp:Payload> </dskpp:Payload>
</dskpp:TwoPass> </dskpp:TwoPass>
</dskpp:SupportedProtocolVariants> </dskpp:SupportedProtocolVariants>
<dskpp:SupportedKeyPackages> <dskpp:SupportedKeyPackages>
<dskpp:KeyPackageFormat> <dskpp:KeyPackageFormat>
urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer urn:ietf:params:xml:ns:keyprov:pskc#KeyContainer
</dskpp:KeyPackageFormat> </dskpp:KeyPackageFormat>
</dskpp:SupportedKeyPackages> </dskpp:SupportedKeyPackages>
<dskpp:AuthenticationData> <dskpp:AuthenticationData>
<dskpp:ClientID>AC00000A</dskpp:ClientID> <dskpp:ClientID>AC00000A</dskpp:ClientID>
skipping to change at page 87, line 20 skipping to change at page 87, line 24
<xenc:CipherValue> <xenc:CipherValue>
2GTTnLwM3I4e5IO5FkufoOEiOhNj91fhKRQBtBJYluUDsPOLTfUvoU2dStyOwYZx 2GTTnLwM3I4e5IO5FkufoOEiOhNj91fhKRQBtBJYluUDsPOLTfUvoU2dStyOwYZx
</xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData> </xenc:CipherData>
</pskc:MACKey> </pskc:MACKey>
</pskc:MACMethod> </pskc:MACMethod>
<pskc:KeyPackage> <pskc:KeyPackage>
<pskc:DeviceInfo> <pskc:DeviceInfo>
<pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer>
<pskc:SerialNo>987654321</pskc:SerialNo> <pskc:SerialNo>987654321</pskc:SerialNo>
<pskc:StartDate>2009-09-01Z</pskc:StartDate> <pskc:StartDate>2009-09-01T00:00:00Z</pskc:StartDate>
<pskc:ExpiryDate>2014-09-01Z</pskc:ExpiryDate> <pskc:ExpiryDate>2014-09-01T00:00:00Z</pskc:ExpiryDate>
</pskc:DeviceInfo> </pskc:DeviceInfo>
<pskc:CryptoModuleInfo> <pskc:CryptoModuleInfo>
<pskc:Id>CM_ID_001</pskc:Id> <pskc:Id>CM_ID_001</pskc:Id>
</pskc:CryptoModuleInfo> </pskc:CryptoModuleInfo>
<pskc:Key <pskc:Key
Id="MBK000000001" Id="MBK000000001"
Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp"> Algorithm="urn:ietf:params:xml:ns:keyprov:pskc#hotp">
<pskc:Issuer>Example-Issuer</pskc:Issuer> <pskc:Issuer>Example-Issuer</pskc:Issuer>
<pskc:AlgorithmParameters> <pskc:AlgorithmParameters>
<pskc:ResponseFormat Length="6" Encoding="DECIMAL"/> <pskc:ResponseFormat Length="6" Encoding="DECIMAL"/>
</pskc:AlgorithmParameters> </pskc:AlgorithmParameters>
<pskc:Data> <pskc:Data>
<pskc:Secret> <pskc:Secret>
<pskc:EncryptedValue> <pskc:EncryptedValue>
<xenc:EncryptionMethod <xenc:EncryptionMethod
Algorithm= Algorithm=
"http://www.w3.org/2001/04/ "http://www.w3.org/2001/04/
xmlenc#aes128-cbc"/> xmlenc#aes128-cbc"/>
</xenc:EncryptionMethod>
<xenc:CipherData> <xenc:CipherData>
<xenc:CipherValue> <xenc:CipherValue>
oTvo+S22nsmS2Z/RtcoF8HX385uMWgJmyIFME oTvo+S22nsmS2Z/RtcoF8HX385uMWgJmyIFME
SBmcvtHQXp/6T1TgCS9CsgKtmcOrF8VoK254t SBmcvtHQXp/6T1TgCS9CsgKtmcOrF8VoK254t
ZKnrAjiD5cdw== ZKnrAjiD5cdw==
</xenc:CipherValue> </xenc:CipherValue>
</xenc:CipherData> </xenc:CipherData>
</pskc:EncryptedValue> </pskc:EncryptedValue>
<pskc:ValueMAC> <pskc:ValueMAC>
pbgEbVYxoYs0x41wdeC7eDRbUEk= pbgEbVYxoYs0x41wdeC7eDRbUEk=
 End of changes. 33 change blocks. 
55 lines changed or deleted 53 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/