draft-ietf-lamps-cmp-algorithms-11.txt   draft-ietf-lamps-cmp-algorithms-12.txt 
LAMPS Working Group H. Brockhaus, Ed. LAMPS Working Group H. Brockhaus, Ed.
Internet-Draft H. Aschauer Internet-Draft H. Aschauer
Updates: 4210 (if approved) Siemens Updates: 4210 (if approved) Siemens
Intended status: Standards Track M. Ounsworth Intended status: Standards Track M. Ounsworth
Expires: 19 August 2022 J. Gray Expires: 8 October 2022 J. Gray
Entrust Entrust
15 February 2022 6 April 2022
Certificate Management Protocol (CMP) Algorithms Certificate Management Protocol (CMP) Algorithms
draft-ietf-lamps-cmp-algorithms-11 draft-ietf-lamps-cmp-algorithms-12
Abstract Abstract
This document updates RFC 4210 describing the conventions for using This document updates RFC 4210 describing the conventions for using
concrete cryptographic algorithms with the Certificate Management concrete cryptographic algorithms with the Certificate Management
Protocol (CMP). CMP is used to enroll and further manage the Protocol (CMP). CMP is used to enroll and further manage the
lifecycle of X.509 certificates. lifecycle of X.509 certificates.
Status of This Memo Status of This Memo
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 19 August 2022. This Internet-Draft will expire on 8 October 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 38 skipping to change at page 2, line 38
4.1.2. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 8 4.1.2. ECDH . . . . . . . . . . . . . . . . . . . . . . . . 8
4.2. Key Transport Algorithms . . . . . . . . . . . . . . . . 10 4.2. Key Transport Algorithms . . . . . . . . . . . . . . . . 10
4.2.1. RSA . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.2.1. RSA . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.3. Symmetric Key-Encryption Algorithms . . . . . . . . . . . 11 4.3. Symmetric Key-Encryption Algorithms . . . . . . . . . . . 11
4.3.1. AES Key Wrap . . . . . . . . . . . . . . . . . . . . 11 4.3.1. AES Key Wrap . . . . . . . . . . . . . . . . . . . . 11
4.4. Key Derivation Algorithms . . . . . . . . . . . . . . . . 12 4.4. Key Derivation Algorithms . . . . . . . . . . . . . . . . 12
4.4.1. PBKDF2 . . . . . . . . . . . . . . . . . . . . . . . 12 4.4.1. PBKDF2 . . . . . . . . . . . . . . . . . . . . . . . 12
5. Content Encryption Algorithms . . . . . . . . . . . . . . . . 12 5. Content Encryption Algorithms . . . . . . . . . . . . . . . . 12
5.1. AES-CBC . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.1. AES-CBC . . . . . . . . . . . . . . . . . . . . . . . . . 13
6. Message Authentication Code Algorithms . . . . . . . . . . . 13 6. Message Authentication Code Algorithms . . . . . . . . . . . 13
6.1. Password-based MAC . . . . . . . . . . . . . . . . . . . 13 6.1. Password-Based MAC . . . . . . . . . . . . . . . . . . . 13
6.1.1. PasswordBasedMac . . . . . . . . . . . . . . . . . . 14 6.1.1. PasswordBasedMac . . . . . . . . . . . . . . . . . . 14
6.1.2. PBMAC1 . . . . . . . . . . . . . . . . . . . . . . . 14 6.1.2. PBMAC1 . . . . . . . . . . . . . . . . . . . . . . . 14
6.2. Symmetric key-based MAC . . . . . . . . . . . . . . . . . 14 6.2. Symmetric Key-Based MAC . . . . . . . . . . . . . . . . . 14
6.2.1. SHA2-based HMAC . . . . . . . . . . . . . . . . . . . 15 6.2.1. SHA2-Based HMAC . . . . . . . . . . . . . . . . . . . 15
6.2.2. AES-GMAC . . . . . . . . . . . . . . . . . . . . . . 15 6.2.2. AES-GMAC . . . . . . . . . . . . . . . . . . . . . . 15
6.2.3. SHAKE-based KMAC . . . . . . . . . . . . . . . . . . 16 6.2.3. SHAKE-Based KMAC . . . . . . . . . . . . . . . . . . 16
7. Algorithm Use Profiles . . . . . . . . . . . . . . . . . . . 16 7. Algorithm Use Profiles . . . . . . . . . . . . . . . . . . . 16
7.1. Algorithm Profile for RFC 4210 PKI Management Message 7.1. Algorithm Profile for RFC 4210 PKI Management Message
Profiles . . . . . . . . . . . . . . . . . . . . . . . . 19 Profiles . . . . . . . . . . . . . . . . . . . . . . . . 19
7.2. Algorithm Profile for Lightweight CMP Profile . . . . . . 21 7.2. Algorithm Profile for Lightweight CMP Profile . . . . . . 21
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
9. Security Considerations . . . . . . . . . . . . . . . . . . . 23 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24
11. Normative References . . . . . . . . . . . . . . . . . . . . 24 11. Normative References . . . . . . . . . . . . . . . . . . . . 24
12. Informative References . . . . . . . . . . . . . . . . . . . 28 12. Informative References . . . . . . . . . . . . . . . . . . . 28
Appendix A. History of changes . . . . . . . . . . . . . . . . . 29 Appendix A. History of Changes . . . . . . . . . . . . . . . . . 29
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32
1. Introduction 1. Introduction
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
skipping to change at page 13, line 38 skipping to change at page 13, line 38
6. Message Authentication Code Algorithms 6. Message Authentication Code Algorithms
The message authentication code is either used for shared secret- The message authentication code is either used for shared secret-
based CMP message protection or together with the password-based key based CMP message protection or together with the password-based key
derivation function (PBKDF2). derivation function (PBKDF2).
The message authentication code algorithm is also referred to as The message authentication code algorithm is also referred to as
MSG_MAC_ALG in Section 7, RFC 4210 Appendix D and E [RFC4210], and MSG_MAC_ALG in Section 7, RFC 4210 Appendix D and E [RFC4210], and
the Lightweight CMP Profile [I-D.ietf-lamps-lightweight-cmp-profile]. the Lightweight CMP Profile [I-D.ietf-lamps-lightweight-cmp-profile].
6.1. Password-based MAC 6.1. Password-Based MAC
Password-based MAC algorithms combine the derivation of a symmetric Password-based MAC algorithms combine the derivation of a symmetric
key from a password or other shared secret information and a key from a password or other shared secret information and a
symmetric key-based MAC function as specified in Section 6.2 using symmetric key-based MAC function as specified in Section 6.2 using
this derived key. this derived key.
Message authentication code algorithm identifiers are located in: Message authentication code algorithm identifiers are located in:
* protectionAlg field of PKIHeader * protectionAlg field of PKIHeader
skipping to change at page 14, line 38 skipping to change at page 14, line 38
symmetric key-based message authentication scheme. symmetric key-based message authentication scheme.
PBMAC1 has the following OID: PBMAC1 has the following OID:
id-PBMAC1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) id-PBMAC1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-5(5) 14 } rsadsi(113549) pkcs(1) pkcs-5(5) 14 }
Specific conventions to be considered for PBMAC1 are specified in Specific conventions to be considered for PBMAC1 are specified in
RFC 8018 Section 7.1 and A.5 [RFC8018]. RFC 8018 Section 7.1 and A.5 [RFC8018].
6.2. Symmetric key-based MAC 6.2. Symmetric Key-Based MAC
Symmetric key-based MAC algorithms are used for deriving the Symmetric key-based MAC algorithms are used for deriving the
symmetric encryption key when using PBKDF2 as described in symmetric encryption key when using PBKDF2 as described in
Section 4.4.1 as well as with Password-based MAC as described in Section 4.4.1 as well as with Password-based MAC as described in
Section 6.1. Section 6.1.
Message authentication code algorithm identifiers are located in: Message authentication code algorithm identifiers are located in:
* protectionAlg field of PKIHeader * protectionAlg field of PKIHeader
* messageAuthScheme field of PBMAC1 * messageAuthScheme field of PBMAC1
* mac field of PBMParameter * mac field of PBMParameter
* prf field of PBKDF2-params * prf field of PBKDF2-params
Message authentication code values are located in: Message authentication code values are located in:
* PKIProtection field of PKIMessage * PKIProtection field of PKIMessage
6.2.1. SHA2-based HMAC 6.2.1. SHA2-Based HMAC
The HMAC algorithm is defined in RFC 2104 [RFC2104] and The HMAC algorithm is defined in RFC 2104 [RFC2104] and
FIPS Pub 198-1 [NIST.FIPS.198-1]. FIPS Pub 198-1 [NIST.FIPS.198-1].
The HMAC algorithm used with SHA2 message digest algorithms is The HMAC algorithm used with SHA2 message digest algorithms is
identified by the following OIDs: identified by the following OIDs:
id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) digestAlgorithm(2) 8 } us(840) rsadsi(113549) digestAlgorithm(2) 8 }
id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
skipping to change at page 16, line 5 skipping to change at page 16, line 5
id-aes192-GMAC OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-aes192-GMAC OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) gov(101) csor(3) country(16) us(840) organization(1) gov(101) csor(3)
nistAlgorithm(4) aes(1) 29 } nistAlgorithm(4) aes(1) 29 }
id-aes256-GMAC OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-aes256-GMAC OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) gov(101) csor(3) country(16) us(840) organization(1) gov(101) csor(3)
nistAlgorithm(4) aes(1) 49 } nistAlgorithm(4) aes(1) 49 }
Specific conventions to be considered for AES-GMAC are specified in Specific conventions to be considered for AES-GMAC are specified in
RFC 9044 [RFC9044]. RFC 9044 [RFC9044].
6.2.3. SHAKE-based KMAC 6.2.3. SHAKE-Based KMAC
The KMAC algorithm is defined in RFC 8702 [RFC8702] and The KMAC algorithm is defined in RFC 8702 [RFC8702] and
FIPS SP 800-185 [NIST.SP.800-185]. FIPS SP 800-185 [NIST.SP.800-185].
The SHAKE-based KMAC algorithm is identified by the following OIDs: The SHAKE-based KMAC algorithm is identified by the following OIDs:
id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
country(16) us(840) organization(1) gov(101) csor(3) country(16) us(840) organization(1) gov(101) csor(3)
nistAlgorithm(4) 2 19 } nistAlgorithm(4) 2 19 }
id-KmacWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) id-KmacWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2)
skipping to change at page 17, line 21 skipping to change at page 17, line 21
The following table shows the algorithms listed in this document The following table shows the algorithms listed in this document
sorted by their bits of security. If an implementation intends to sorted by their bits of security. If an implementation intends to
enroll and manage certificate for keys of a specific security, it enroll and manage certificate for keys of a specific security, it
SHALL implement and use algorithms of at least that strength for the SHALL implement and use algorithms of at least that strength for the
respective PKI management operation. If one row does not provide a respective PKI management operation. If one row does not provide a
suitable algorithm, the implementer MUST choose one offering more suitable algorithm, the implementer MUST choose one offering more
bits of security. bits of security.
+=======+==========+================+==================+============+ +=======+==========+================+==================+============+
| Bits | RSA or | Elliptic | Hash function or | Symmetric | | Bits | RSA or | Elliptic | Hash Function or | Symmetric |
| of | DH | curve | XOF with | encryption | | of | DH | Curve | XOF with | Encryption |
| secu- | | | specified output | | | Secu- | | | Specified Output | |
| rity | | | length (d) | | | rity | | | Length (d) | |
+=======+==========+================+==================+============+ +=======+==========+================+==================+============+
| 112 | RSA2048, | ECDSA/ECDH | SHA224 | | | 112 | RSA2048, | ECDSA/ECDH | SHA224 | |
| | DH(2048) | (secp224r1) | | | | | DH(2048) | (secp224r1) | | |
+-------+----------+----------------+------------------+------------+ +-------+----------+----------------+------------------+------------+
| 128 | RSA3072, | ECDSA/ECDH | SHA256, | AES-128 | | 128 | RSA3072, | ECDSA/ECDH | SHA256, | AES-128 |
| | DH(3072) | (secp256r1), | SHAKE128(d=256) | | | | DH(3072) | (secp256r1), | SHAKE128(d=256) | |
| | | Ed25519/ | | | | | | Ed25519/ | | |
| | | X25519 | | | | | | X25519 | | |
| | | (Curve25519) | | | | | | (Curve25519) | | |
+-------+----------+----------------+------------------+------------+ +-------+----------+----------------+------------------+------------+
| 192 | | ECDSA/ECDH | SHA384 | AES-192 | | 192 | | ECDSA/ECDH | SHA384 | AES-192 |
| | | (secp384r1) | | | | | | (secp384r1) | | |
+-------+----------+----------------+------------------+------------+ +-------+----------+----------------+------------------+------------+
| 224 | | Ed448/X448 | | | | 224 | | Ed448/X448 | | |
| | | (Curve448) | | | | | | (Curve448) | | |
+-------+----------+----------------+------------------+------------+ +-------+----------+----------------+------------------+------------+
| 256 | | ECDSA/ECDH | SHA512, | AES-256 | | 256 | | ECDSA/ECDH | SHA512, | AES-256 |
| | | (secp521r1) | SHAKE256(d=512) | | | | | (secp521r1) | SHAKE256(d=512) | |
+-------+----------+----------------+------------------+------------+ +-------+----------+----------------+------------------+------------+
Table 1: Cryptographic algorithms sorted by their bits of security Table 1: Cryptographic Algorithms Sorted by their Bits of Security
The following table shows the cryptographic algorithms sorted by The following table shows the cryptographic algorithms sorted by
their usage in CMP and with more details. their usage in CMP and with more details.
+========+==========+===============+===============+===============+ +========+==========+===============+===============+===============+
|Bits of |Key types |CMP protection |Key management | Key-wrap and | |Bits of |Key Types |CMP Protection |Key Management | Key-Wrap and |
|security|to be | |technique | symmetric | |Security|to Be | |Technique | Symmetric |
| |certified | | | encryption | | |Certified | | | Encryption |
+========+==========+===============+===============+===============+ +========+==========+===============+===============+===============+
| | |MSG_SIG_ALG, |PROT_ENC_ALG or| PROT_SYM_ALG, | | | |MSG_SIG_ALG, |PROT_ENC_ALG or| PROT_SYM_ALG, |
| | |MSG_MAC_ALG |KM_KA_ALG, | SYM_PENC_ALG | | | |MSG_MAC_ALG |KM_KA_ALG, | SYM_PENC_ALG |
| | | |KM_KT_ALG, | or | | | | |KM_KT_ALG, | or |
| | | |KM_KD_ALG | KM_KW_ALG | | | | |KM_KD_ALG | KM_KW_ALG |
+--------+----------+---------------+---------------+---------------+ +--------+----------+---------------+---------------+---------------+
|112 |RSA2048, |RSASSA-PSS |DH(2048), | | |112 |RSA2048, |RSASSA-PSS |DH(2048), | |
| |secp224r1 |(2048, SHA224 |RSAES-OAEP | | | |secp224r1 |(2048, SHA224 |RSAES-OAEP | |
| | |or SHAKE128 |(2048, SHA224),| | | | |or SHAKE128 |(2048, SHA224),| |
| | |(d=256)), |RSAEncryption | | | | |(d=256)), |RSAEncryption | |
skipping to change at page 19, line 14 skipping to change at page 19, line 14
+--------+----------+---------------+---------------+---------------+ +--------+----------+---------------+---------------+---------------+
|256 |secp521r1 |ECDSA |ECDH | AES-256 | |256 |secp521r1 |ECDSA |ECDH | AES-256 |
| | |(secp521r1, |(secp521r1, | | | | |(secp521r1, |(secp521r1, | |
| | |SHA512 or |SHA512), | | | | |SHA512 or |SHA512), | |
| | |SHAKE256 |PBKDF2 (HMAC- | | | | |SHAKE256 |PBKDF2 (HMAC- | |
| | |(d=512)), |SHA512) | | | | |(d=512)), |SHA512) | |
| | |PBMAC1 (HMAC- | | | | | |PBMAC1 (HMAC- | | |
| | |SHA512) | | | | | |SHA512) | | |
+--------+----------+---------------+---------------+---------------+ +--------+----------+---------------+---------------+---------------+
Table 2: Cryptographic algorithms sorted by their bits of Table 2: Cryptographic Algorithms Sorted by their Bits of
security and usage by CMP Security and Usage by CMP
To avoid consuming too much computational resources it is recommended To avoid consuming too much computational resources it is recommended
to choose a set of algorithms offering roughly the same level of to choose a set of algorithms offering roughly the same level of
security. Below are provided several algorithm profiles which are security. Below are provided several algorithm profiles which are
balanced, assuming the implementer chooses MAC secrets and/or balanced, assuming the implementer chooses MAC secrets and/or
certificate profiles of at least equivalent strength. certificate profiles of at least equivalent strength.
7.1. Algorithm Profile for RFC 4210 PKI Management Message Profiles 7.1. Algorithm Profile for RFC 4210 PKI Management Message Profiles
The following table updates the definitions of algorithms used within The following table updates the definitions of algorithms used within
skipping to change at page 20, line 44 skipping to change at page 20, line 44
| |used for | | |CAST-128 | | |used for | | |CAST-128 |
| |encryption of| | | | | |encryption of| | | |
| |private key | | | | | |private key | | | |
| |bits (a key | | | | | |bits (a key | | | |
| |of this type | | | | | |of this type | | | |
| |is encrypted | | | | | |is encrypted | | | |
| |using | | | | | |using | | | |
| |PROT_ENC_ALG)| | | | | |PROT_ENC_ALG)| | | |
+------------+-------------+---------+-----------------+------------+ +------------+-------------+---------+-----------------+------------+
Table 3: Algorithms used within RFC 4210 Appendix D.2 [RFC4210] Table 3: Algorithms Used Within RFC 4210 Appendix D.2
Mandatory Algorithm Identifiers and Specifications: Mandatory Algorithm Identifiers and Specifications:
RSA: sha256WithRSAEncryption with 2048 bit, see Section 3.1 RSA: sha256WithRSAEncryption with 2048 bit, see Section 3.1
PasswordBasedMac: id-PasswordBasedMac, see Section 6.1 (with id- PasswordBasedMac: id-PasswordBasedMac, see Section 6.1 (with id-
sha256 as the owf parameter, see Section 2.1 and id-hmacWithSHA256 as sha256 as the owf parameter, see Section 2.1 and id-hmacWithSHA256 as
the mac parameter, see Section 6.2.1) the mac parameter, see Section 6.2.1)
PBMAC1: id-PBMAC1, see Section 6.1.2 (with id-PBKDF2 as the key PBMAC1: id-PBMAC1, see Section 6.1.2 (with id-PBKDF2 as the key
derivation function, see Section 4.4.1 and id-hmacWithSHA256 as derivation function, see Section 4.4.1 and id-hmacWithSHA256 as
skipping to change at page 22, line 43 skipping to change at page 22, line 43
| KM_KW_ALG | algorithm to wrap a symmetric | AES-wrap | | KM_KW_ALG | algorithm to wrap a symmetric | AES-wrap |
| | key for PROT_SYM_ALG | | | | key for PROT_SYM_ALG | |
+--------------+--------------------------------+------------------+ +--------------+--------------------------------+------------------+
| PROT_SYM_ALG | symmetric content encryption | AES-CBC | | PROT_SYM_ALG | symmetric content encryption | AES-CBC |
| | algorithm used for encryption | | | | algorithm used for encryption | |
| | of EnvelopedData, e.g., a | | | | of EnvelopedData, e.g., a | |
| | private key transported in | | | | private key transported in | |
| | PKIMessages | | | | PKIMessages | |
+--------------+--------------------------------+------------------+ +--------------+--------------------------------+------------------+
Table 4: Algorithms used within Lightweight CMP Profile Table 4: Algorithms Used Within Lightweight CMP Profile
[I-D.ietf-lamps-lightweight-cmp-profile]
8. IANA Considerations 8. IANA Considerations
This document does not request changes to the IANA registry. This document does not request changes to the IANA registry.
9. Security Considerations 9. Security Considerations
RFC 4210 Appendix D.2 [RFC4210] contains a set of algorithms, RFC 4210 Appendix D.2 [RFC4210] contains a set of algorithms,
mandatory to be supported by conforming implementations. Theses mandatory to be supported by conforming implementations. Theses
algorithms were appropriate at the time CMP was released, but as algorithms were appropriate at the time CMP was released, but as
skipping to change at page 29, line 16 skipping to change at page 29, line 16
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551, Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>. April 2019, <https://www.rfc-editor.org/info/rfc8551>.
[RFC8692] Kampanakis, P. and Q. Dang, "Internet X.509 Public Key [RFC8692] Kampanakis, P. and Q. Dang, "Internet X.509 Public Key
Infrastructure: Additional Algorithm Identifiers for Infrastructure: Additional Algorithm Identifiers for
RSASSA-PSS and ECDSA Using SHAKEs", RFC 8692, RSASSA-PSS and ECDSA Using SHAKEs", RFC 8692,
DOI 10.17487/RFC8692, December 2019, DOI 10.17487/RFC8692, December 2019,
<https://www.rfc-editor.org/info/rfc8692>. <https://www.rfc-editor.org/info/rfc8692>.
Appendix A. History of changes Appendix A. History of Changes
Note: This appendix will be deleted in the final version of the Note: This appendix will be deleted in the final version of the
document. document.
From version 11 -> 12:
* Capitalized all headlines
From version 10 -> 11: From version 10 -> 11:
* Changes on the tables in Section 7 after direct exchange with * Changes on the tables in Section 7 after direct exchange with
Quynh Quynh
From version 09 -> 10:
* Removed the pre-RFC5378 work disclaimer after the RFC 4210 authors * Removed the pre-RFC5378 work disclaimer after the RFC 4210 authors
granted BCP78 rights to the IETF Trust granted BCP78 rights to the IETF Trust
* Implemented the changes proposed by Quynh, (see thread "Quynh * Implemented the changes proposed by Quynh, (see thread "Quynh
Action: draft-ietf-lamps-cmp-algorithms-08.txt") and removed Action: draft-ietf-lamps-cmp-algorithms-08.txt") and removed
markers for ToDos regarding this review of SHAKE and KMAC usage as markers for ToDos regarding this review of SHAKE and KMAC usage as
well as on the tables in Section 7 well as on the tables in Section 7
From version 08 -> 09: From version 08 -> 09:
* Updated IPR disclaimer * Updated IPR disclaimer
 End of changes. 21 change blocks. 
28 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/