| draft-ietf-lamps-pkix-shake-09.txt | draft-ietf-lamps-pkix-shake-10.txt | |||
|---|---|---|---|---|
| LAMPS WG P. Kampanakis | LAMPS WG P. Kampanakis | |||
| Internet-Draft Cisco Systems | Internet-Draft Cisco Systems | |||
| Updates: RFC3279 (if approved) Q. Dang | Updates: RFC3279 (if approved) Q. Dang | |||
| Intended status: Standards Track NIST | Intended status: Standards Track NIST | |||
| Expires: October 13, 2019 April 11, 2019 | Expires: October 27, 2019 April 25, 2019 | |||
| Internet X.509 Public Key Infrastructure: Additional Algorithm | Internet X.509 Public Key Infrastructure: Additional Algorithm | |||
| Identifiers for RSASSA-PSS and ECDSA using SHAKEs | Identifiers for RSASSA-PSS and ECDSA using SHAKEs | |||
| draft-ietf-lamps-pkix-shake-09 | draft-ietf-lamps-pkix-shake-10 | |||
| Abstract | Abstract | |||
| Digital signatures are used to sign messages, X.509 certificates and | Digital signatures are used to sign messages, X.509 certificates and | |||
| CRLs (Certificate Revocation Lists). This document describes the | CRLs (Certificate Revocation Lists). This document describes the | |||
| conventions for using the SHAKE function family in Internet X.509 | conventions for using the SHAKE function family in Internet X.509 | |||
| certificates and CRLs as one-way hash functions with the RSA | certificates and CRLs as one-way hash functions with the RSA | |||
| Probabilistic signature and ECDSA signature algorithms. The | Probabilistic signature and ECDSA signature algorithms. The | |||
| conventions for the associated subject public keys are also | conventions for the associated subject public keys are also | |||
| described. | described. | |||
| skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 13, 2019. | This Internet-Draft will expire on October 27, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Use in PKIX . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 5. Use in PKIX . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6 | 5.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 | 5.1.1. RSASSA-PSS Signatures . . . . . . . . . . . . . . . . 6 | |||
| 5.1.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 7 | 5.1.2. ECDSA Signatures . . . . . . . . . . . . . . . . . . 7 | |||
| 5.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8 | 5.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 10 | 9.2. Informative References . . . . . . . . . . . . . . . . . 11 | |||
| Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 11 | Appendix A. ASN.1 module . . . . . . . . . . . . . . . . . . . . 12 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 1. Change Log | 1. Change Log | |||
| [ EDNOTE: Remove this section before publication. ] | [ EDNOTE: Remove this section before publication. ] | |||
| o draft-ietf-lamps-cms-shake-09: | o draft-ietf-lamps-pkix-shake-10: | |||
| * Updated IANA considerations section to request for OID | ||||
| assignments. | ||||
| o draft-ietf-lamps-pkix-shake-09: | ||||
| * Fixed minor text nits. | * Fixed minor text nits. | |||
| * Added text name allocation for SHAKEs in IANA considerations. | * Added text name allocation for SHAKEs in IANA considerations. | |||
| * Updates in Sec Considerations section. | * Updates in Sec Considerations section. | |||
| o draft-ietf-lamps-pkix-shake-08: | o draft-ietf-lamps-pkix-shake-08: | |||
| * Small nits from Russ while in WGLC. | * Small nits from Russ while in WGLC. | |||
| skipping to change at page 5, line 13 ¶ | skipping to change at page 5, line 21 ¶ | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 4. Identifiers | 4. Identifiers | |||
| This section defines four new object identifiers (OIDs), for RSASSA- | This section defines four new object identifiers (OIDs), for RSASSA- | |||
| PSS and ECDSA with each of SHAKE128 and SHAKE256. The same algorithm | PSS and ECDSA with each of SHAKE128 and SHAKE256. The same algorithm | |||
| identifiers can be used for identifying a public key in RSASSA-PSS. | identifiers can be used for identifying a public key in RSASSA-PSS. | |||
| The new identifiers for RSASSA-PSS signatures using SHAKEs are below. | The new identifiers for RSASSA-PSS signatures using SHAKEs are below. | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD1 } | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD2 } | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| TBD1 } | ||||
| [ EDNOTE: "TBD1", "TBD2" will be specified by NIST later. ] | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD2 } | ||||
| The new algorithm identifiers of ECDSA signatures using SHAKEs are | The new algorithm identifiers of ECDSA signatures using SHAKEs are | |||
| below. | below. | |||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) gov(101) | identified-organization(3) dod(6) internet(1) | |||
| csor(3) algorithms(4) id-ecdsa-with-shake(3) | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| TBD3 } | TBD3 } | |||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) gov(101) | identified-organization(3) dod(6) internet(1) | |||
| csor(3) algorithms(4) id-ecdsa-with-shake(3) | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| TBD4 } | TBD4 } | |||
| [ EDNOTE: "TBD3", "TBD4" will be specified by NIST later. ] | ||||
| The parameters for the four identifiers above MUST be absent. That | The parameters for the four identifiers above MUST be absent. That | |||
| is, the identifier SHALL be a SEQUENCE of one component, the OID. | is, the identifier SHALL be a SEQUENCE of one component, the OID. | |||
| Section 5.1.1 and Section 5.1.2 specify the required output length | Section 5.1.1 and Section 5.1.2 specify the required output length | |||
| for each use of SHAKE128 or SHAKE256 in RSASSA-PSS and ECDSA. In | for each use of SHAKE128 or SHAKE256 in RSASSA-PSS and ECDSA. In | |||
| summary, when hashing messages to be signed, output lengths of | summary, when hashing messages to be signed, output lengths of | |||
| SHAKE128 and SHAKE256 are 256 and 512 bits respectively. When the | SHAKE128 and SHAKE256 are 256 and 512 bits respectively. When the | |||
| SHAKEs are used as mask generation functions RSASSA-PSS, their output | SHAKEs are used as mask generation functions RSASSA-PSS, their output | |||
| length is (n - 264) or (n - 520) bits respectively, where n is the | length is (n - 264) or (n - 520) bits respectively, where n is the | |||
| RSA modulus size in bits. | RSA modulus size in bits. | |||
| skipping to change at page 8, line 46 ¶ | skipping to change at page 9, line 7 ¶ | |||
| encoding ECDSA with SHAKE public keys in certificates and CRLs. | encoding ECDSA with SHAKE public keys in certificates and CRLs. | |||
| Conforming client implementations that process ECDSA with SHAKE | Conforming client implementations that process ECDSA with SHAKE | |||
| public keys when processing certificates and CRLs MUST recognize the | public keys when processing certificates and CRLs MUST recognize the | |||
| corresponding OIDs. | corresponding OIDs. | |||
| The identifier parameters, as explained in section Section 4, MUST be | The identifier parameters, as explained in section Section 4, MUST be | |||
| absent. | absent. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| One object identifier for the ASN.1 module in Appendix A was assigned | One object identifier for the ASN.1 module in Appendix A is requested | |||
| in the SMI Security for PKIX Module Identifiers (1.3.6.1.5.5.7.0) | for the SMI Security for PKIX Module Identifiers (1.3.6.1.5.5.7.0) | |||
| registry: | registry: | |||
| PKIXAlgsForSHAKE-2019 { iso(1) identified-organization(3) dod(6) | +---------+--------------------------+--------------------+ | |||
| internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) | | Decimal | Description | References | | |||
| id-mod-pkix1-shakes-2019(TBD) } | +---------+--------------------------+--------------------+ | |||
| | TBD | id-mod-pkix1-shakes-2019 | [EDNOTE: THIS RFC] | | ||||
| +---------+--------------------------+--------------------+ | ||||
| IANA is requested to update the SMI Security for PKIX Algorithms | ||||
| [SMI-PKIX] (1.3.6.1.5.5.7.6) registry with four additional entries: | ||||
| +---------+------------------------+--------------------+ | ||||
| | Decimal | Description | References | | ||||
| +---------+------------------------+--------------------+ | ||||
| | TBD1 | id-RSASSA-PSS-SHAKE128 | [EDNOTE: THIS RFC] | | ||||
| | TBD2 | id-RSASSA-PSS-SHAKE256 | [EDNOTE: THIS RFC] | | ||||
| | TBD3 | id-ecdsa-with-shake128 | [EDNOTE: THIS RFC] | | ||||
| | TBD4 | id-ecdsa-with-shake256 | [EDNOTE: THIS RFC] | | ||||
| +---------+------------------------+--------------------+ | ||||
| IANA is also requested to update the Hash Function Textual Names | IANA is also requested to update the Hash Function Textual Names | |||
| Registry [Hash-Texts] with two additional entries for SHAKE128 and | Registry [Hash-Texts] with two additional entries for SHAKE128 and | |||
| SHAKE256: | SHAKE256: | |||
| +--------------------+-------------------------+--------------+ | +--------------------+-------------------------+--------------------+ | |||
| | Hash Function Name | OID | Reference | | | Hash Function Name | OID | Reference | | |||
| +--------------------+-------------------------+--------------+ | +--------------------+-------------------------+--------------------+ | |||
| | shake128 | 2.16.840.1.101.3.4.2.11 | [ THIS RFC ] | | | shake128 | 2.16.840.1.101.3.4.2.11 | [EDNOTE: THIS RFC] | | |||
| | shake256 | 2.16.840.1.101.3.4.2.12 | [ THIS RFC ] | | | shake256 | 2.16.840.1.101.3.4.2.12 | [EDNOTE: THIS RFC] | | |||
| +--------------------+-------------------------+--------------+ | +--------------------+-------------------------+--------------------+ | |||
| 7. Security Considerations | 7. Security Considerations | |||
| This document updates [RFC3279]. The security considerations section | This document updates [RFC3279]. The security considerations section | |||
| of that document applies to this specification as well. | of that document applies to this specification as well. | |||
| NIST has defined appropriate use of the hash functions in terms of | NIST has defined appropriate use of the hash functions in terms of | |||
| the algorithm strengths and expected time frames for secure use in | the algorithm strengths and expected time frames for secure use in | |||
| Special Publications (SPs) [SP800-78-4] and [SP800-107]. These | Special Publications (SPs) [SP800-78-4] and [SP800-107]. These | |||
| documents can be used as guides to choose appropriate key sizes for | documents can be used as guides to choose appropriate key sizes for | |||
| skipping to change at page 11, line 14 ¶ | skipping to change at page 11, line 36 ¶ | |||
| [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature | [RFC6979] Pornin, T., "Deterministic Usage of the Digital Signature | |||
| Algorithm (DSA) and Elliptic Curve Digital Signature | Algorithm (DSA) and Elliptic Curve Digital Signature | |||
| Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August | Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, August | |||
| 2013, <https://www.rfc-editor.org/info/rfc6979>. | 2013, <https://www.rfc-editor.org/info/rfc6979>. | |||
| [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | [SEC1] Standards for Efficient Cryptography Group, "SEC 1: | |||
| Elliptic Curve Cryptography", May 2009, | Elliptic Curve Cryptography", May 2009, | |||
| <http://www.secg.org/sec1-v2.pdf>. | <http://www.secg.org/sec1-v2.pdf>. | |||
| [SMI-PKIX] | ||||
| IANA, "SMI Security for PKIX Algorithms", March 2019, | ||||
| <https://www.iana.org/assignments/smi-numbers/ | ||||
| smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.6>. | ||||
| [SP800-107] | [SP800-107] | |||
| National Institute of Standards and Technology (NIST), | National Institute of Standards and Technology (NIST), | |||
| "SP800-107: Recommendation for Applications Using Approved | "SP800-107: Recommendation for Applications Using Approved | |||
| Hash Algorithms", May 2014, | Hash Algorithms", May 2014, | |||
| <https://csrc.nist.gov/csrc/media/publications/sp/800-107/ | <https://csrc.nist.gov/csrc/media/publications/sp/800-107/ | |||
| rev-1/final/documents/draft_revised_sp800-107.pdf>. | rev-1/final/documents/draft_revised_sp800-107.pdf>. | |||
| [SP800-78-4] | [SP800-78-4] | |||
| National Institute of Standards and Technology (NIST), | National Institute of Standards and Technology (NIST), | |||
| "SP800-78-4: Cryptographic Algorithms and Key Sizes for | "SP800-78-4: Cryptographic Algorithms and Key Sizes for | |||
| skipping to change at page 14, line 33 ¶ | skipping to change at page 15, line 16 ¶ | |||
| -- The hashAlgorithm is mda-shake128 | -- The hashAlgorithm is mda-shake128 | |||
| -- The maskGenAlgorithm is id-shake128 | -- The maskGenAlgorithm is id-shake128 | |||
| -- Mask Gen Algorithm is SHAKE128 with output length | -- Mask Gen Algorithm is SHAKE128 with output length | |||
| -- (n - 264) bits, where n is the RSA modulus in bits. | -- (n - 264) bits, where n is the RSA modulus in bits. | |||
| -- the saltLength is 32 | -- the saltLength is 32 | |||
| -- the trailerField is 1 | -- the trailerField is 1 | |||
| HASHES { mda-shake128 } | HASHES { mda-shake128 } | |||
| PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE128 } | PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE128 } | |||
| SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE128 } | SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE128 } | |||
| } | } | |||
| id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { TBD1 } | id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD1 } | ||||
| -- RSASSA-PSS with SHAKE256 | -- RSASSA-PSS with SHAKE256 | |||
| sa-rsassapssWithSHAKE256 SIGNATURE-ALGORITHM ::= { | sa-rsassapssWithSHAKE256 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-RSASSA-PSS-SHAKE256 | IDENTIFIER id-RSASSA-PSS-SHAKE256 | |||
| PARAMS ARE absent | PARAMS ARE absent | |||
| -- The hashAlgorithm is mda-shake256 | -- The hashAlgorithm is mda-shake256 | |||
| -- The maskGenAlgorithm is id-shake256 | -- The maskGenAlgorithm is id-shake256 | |||
| -- Mask Gen Algorithm is SHAKE256 with output length | -- Mask Gen Algorithm is SHAKE256 with output length | |||
| -- (n - 520)-bits, where n is the RSA modulus in bits. | -- (n - 520)-bits, where n is the RSA modulus in bits. | |||
| -- the saltLength is 64 | -- the saltLength is 64 | |||
| -- the trailerField is 1 | -- the trailerField is 1 | |||
| HASHES { mda-shake256 } | HASHES { mda-shake256 } | |||
| PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE256 } | PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS-SHAKE256 } | |||
| SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE256 } | SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS-SHAKE256 } | |||
| } | } | |||
| id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { TBD2 } | id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) | |||
| identified-organization(3) dod(6) internet(1) | ||||
| security(5) mechanisms(5) pkix(7) algorithms(6) | ||||
| TBD2 } | ||||
| -- Deterministic ECDSA with SHAKE128 | -- Deterministic ECDSA with SHAKE128 | |||
| sa-ecdsaWithSHAKE128 SIGNATURE-ALGORITHM ::= { | sa-ecdsaWithSHAKE128 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-ecdsa-with-shake128 | IDENTIFIER id-ecdsa-with-shake128 | |||
| VALUE ECDSA-Sig-Value | VALUE ECDSA-Sig-Value | |||
| PARAMS ARE absent | PARAMS ARE absent | |||
| HASHES { mda-shake128 } | HASHES { mda-shake128 } | |||
| PUBLIC-KEYS { pk-ec } | PUBLIC-KEYS { pk-ec } | |||
| SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake128 } | SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake128 } | |||
| } | } | |||
| id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) | identified-organization(3) dod(6) internet(1) | |||
| gov(101) csor(3) nistAlgorithm(4) | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| sigAlgs(3) TBD3 } | TBD3 } | |||
| -- Deterministic ECDSA with SHAKE256 | -- Deterministic ECDSA with SHAKE256 | |||
| sa-ecdsaWithSHAKE256 SIGNATURE-ALGORITHM ::= { | sa-ecdsaWithSHAKE256 SIGNATURE-ALGORITHM ::= { | |||
| IDENTIFIER id-ecdsa-with-shake256 | IDENTIFIER id-ecdsa-with-shake256 | |||
| VALUE ECDSA-Sig-Value | VALUE ECDSA-Sig-Value | |||
| PARAMS ARE absent | PARAMS ARE absent | |||
| HASHES { mda-shake256 } | HASHES { mda-shake256 } | |||
| PUBLIC-KEYS { pk-ec } | PUBLIC-KEYS { pk-ec } | |||
| SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake256 } | SMIME-CAPS { IDENTIFIED BY id-ecdsa-with-shake256 } | |||
| } | } | |||
| id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) | |||
| country(16) us(840) organization(1) | identified-organization(3) dod(6) internet(1) | |||
| gov(101) csor(3) nistAlgorithm(4) | security(5) mechanisms(5) pkix(7) algorithms(6) | |||
| sigAlgs(3) TBD4 } | TBD4 } | |||
| END | END | |||
| Authors' Addresses | Authors' Addresses | |||
| Panos Kampanakis | Panos Kampanakis | |||
| Cisco Systems | Cisco Systems | |||
| Email: pkampana@cisco.com | Email: pkampana@cisco.com | |||
| End of changes. 20 change blocks. | ||||
| 45 lines changed or deleted | 77 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||