draft-ietf-lamps-samples-00.txt   draft-ietf-lamps-samples-01.txt 
lamps D.K. Gillmor, Ed. lamps D.K. Gillmor, Ed.
Internet-Draft ACLU Internet-Draft ACLU
Intended status: Informational 3 May 2021 Intended status: Informational 8 May 2021
Expires: 4 November 2021 Expires: 9 November 2021
S/MIME Example Keys and Certificates S/MIME Example Keys and Certificates
draft-ietf-lamps-samples-00 draft-ietf-lamps-samples-01
Abstract Abstract
The S/MIME development community benefits from sharing samples of The S/MIME development community benefits from sharing samples of
signed or encrypted data. This document facilitates such signed or encrypted data. This document facilitates such
collaboration by defining a small set of X.509v3 certificates and collaboration by defining a small set of X.509v3 certificates and
keys for use when generating such samples. keys for use when generating such samples.
Status of This Memo Status of This Memo
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 4 November 2021. This Internet-Draft will expire on 9 November 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 4 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 4
2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 4 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5
2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 4 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5
2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 4 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 5
2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 5 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 5
2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 5 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 6
2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 5 2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 6
3. Example Certificate Authority . . . . . . . . . . . . . . . . 6 3. Example Certificate Authority . . . . . . . . . . . . . . . . 6
3.1. Certificate Authority Certificate . . . . . . . . . . . . 6 3.1. Certificate Authority Certificate . . . . . . . . . . . . 6
3.2. Certificate Authority Secret Key . . . . . . . . . . . . 6 3.2. Certificate Authority Secret Key . . . . . . . . . . . . 7
4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 7 4. Alice's Sample Certificates . . . . . . . . . . . . . . . . . 8
4.1. Alice's Signature Verification End-Entity Certificate . . 7 4.1. Alice's Signature Verification End-Entity Certificate . . 8
4.2. Alice's Signing Private Key Material . . . . . . . . . . 8 4.2. Alice's Signing Private Key Material . . . . . . . . . . 9
4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 9 4.3. Alice's Encryption End-Entity Certificate . . . . . . . . 10
4.4. Alice's Decryption Private Key Material . . . . . . . . . 10 4.4. Alice's Decryption Private Key Material . . . . . . . . . 11
4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 11 4.5. PKCS12 Object for Alice . . . . . . . . . . . . . . . . . 12
5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 14 5. Bob's Sample . . . . . . . . . . . . . . . . . . . . . . . . 15
5.1. Bob's Signature Verification End-Entity Certificate . . . 14 5.1. Bob's Signature Verification End-Entity Certificate . . . 15
5.2. Bob's Signing Private Key Material . . . . . . . . . . . 15 5.2. Bob's Signing Private Key Material . . . . . . . . . . . 16
5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 16 5.3. Bob's Encryption End-Entity Certificate . . . . . . . . . 17
5.4. Bob's Decryption Private Key Material . . . . . . . . . . 17 5.4. Bob's Decryption Private Key Material . . . . . . . . . . 18
5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 18 5.5. PKCS12 Object for Bob . . . . . . . . . . . . . . . . . . 19
6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 6. Example Ed25519 Certificate Authority . . . . . . . . . . . . 22
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 6.1. Certificate Authority Certificate . . . . . . . . . . . . 22
8. Document Considerations . . . . . . . . . . . . . . . . . . . 22 6.2. Ed25519 Certificate Authority Secret Key . . . . . . . . 23
8.1. Document History . . . . . . . . . . . . . . . . . . . . 22 7. Carlos's Sample Certificates . . . . . . . . . . . . . . . . 23
8.1.1. Substantive Changes from draft-dkg-*-05 to 7.1. Carlos's Signature Verification End-Entity Certificate . 23
draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 22 7.2. Carlos's Signing Private Key Material . . . . . . . . . . 24
8.1.2. Substantive Changes from draft-dkg-*-04 to 7.3. Carlos's Encryption End-Entity Certificate . . . . . . . 24
draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 22 7.4. Carlos's Decryption Private Key Material . . . . . . . . 24
8.1.3. Substantive Changes from draft-dkg-*-03 to 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 24
draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 22 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 26
8.1.4. Substantive Changes from draft-dkg-*-02 to 8.1. Dana's Signature Verification End-Entity Certificate . . 26
draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 22 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 26
8.1.5. Substantive Changes from draft-dkg-*-01 to 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 26
draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 22 8.4. Dana's Decryption Private Key Material . . . . . . . . . 27
8.1.6. Substantive Changes from draft-dkg-*-00 to 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 27
draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 22 9. Security Considerations . . . . . . . . . . . . . . . . . . . 28
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 11. Document Considerations . . . . . . . . . . . . . . . . . . . 29
10.1. Normative References . . . . . . . . . . . . . . . . . . 23 11.1. Outstanding Changes . . . . . . . . . . . . . . . . . . 29
10.2. Informative References . . . . . . . . . . . . . . . . . 23 11.2. Document History . . . . . . . . . . . . . . . . . . . . 29
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24 11.2.1. Substantive Changes from draft-ietf-*-00 to
draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 29
11.2.2. Substantive Changes from draft-dkg-*-05 to
draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 29
11.2.3. Substantive Changes from draft-dkg-*-04 to
draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 29
11.2.4. Substantive Changes from draft-dkg-*-03 to
draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 29
11.2.5. Substantive Changes from draft-dkg-*-02 to
draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 29
11.2.6. Substantive Changes from draft-dkg-*-01 to
draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 29
11.2.7. Substantive Changes from draft-dkg-*-00 to
draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 29
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 30
13.1. Normative References . . . . . . . . . . . . . . . . . . 30
13.2. Informative References . . . . . . . . . . . . . . . . . 31
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 32
1. Introduction 1. Introduction
The S/MIME ([RFC8551]) development community, in particular the The S/MIME ([RFC8551]) development community, in particular the
e-mail development community, benefits from sharing samples of signed e-mail development community, benefits from sharing samples of signed
and/or encrypted data. Often the exact key material used does not and/or encrypted data. Often the exact key material used does not
matter because the properties being tested pertain to implementation matter because the properties being tested pertain to implementation
correctness, completeness or interoperability of the overall system. correctness, completeness or interoperability of the overall system.
However, without access to the relevant secret key material, a sample However, without access to the relevant secret key material, a sample
is useless. is useless.
This document defines a small set of X.509v3 certificates ([RFC5280]) This document defines a small set of X.509v3 certificates ([RFC5280])
and secret keys for use when generating or operating on such samples. and secret keys for use when generating or operating on such samples.
An example certificate authority is supplied, and samples are An example RSA certificate authority is supplied, and sample RSA
provided for two "personas", Alice and Bob. certificates are provided for two "personas", Alice and Bob.
Additionally, an Ed25519 ([RFC8032]) certificate authority is
supplied, along with sample Ed25519 certificates for two more
"personas", Carlos and Dana.
This document focuses narrowly on functional, well-formed identity
and key material. It is a starting point that other documents can
use to develop sample signed or encrypted messages, test vectors, or
other artifacts for improved interoperability.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
1.2. Terminology 1.2. Terminology
skipping to change at page 4, line 10 skipping to change at page 4, line 37
various S/MIME formats. That older work has unacceptably old various S/MIME formats. That older work has unacceptably old
algorithm choices that may introduce failures when testing modern algorithm choices that may introduce failures when testing modern
systems: in 2019, some tools explicitly mark 1024-bit RSA and systems: in 2019, some tools explicitly mark 1024-bit RSA and
1024-bit DSS as weak. 1024-bit DSS as weak.
This earlier document also does not use the now widely-accepted PEM This earlier document also does not use the now widely-accepted PEM
encoding for the objects, and instead embeds runnable perl code to encoding for the objects, and instead embeds runnable perl code to
extract them from the document. extract them from the document.
It also includes examples of messages and other structures which are It also includes examples of messages and other structures which are
greater in ambition than this document intends to be. This document greater in ambition than this document intends to be.
intends to focus specifically on identity and key material, as a
starting point for other documents that can develop examples or test [RFC8410] includes an example X25519 certificate that is certified
cases from them. with Ed25519, but it appears to be self-issued, and it is not
directly useful in testing an S/MIME-capable MUA.
2. Background 2. Background
2.1. Certificate Usage 2.1. Certificate Usage
These X.509 certificates ([RFC5280]) are designed for use with S/MIME These X.509 certificates ([RFC5280]) are designed for use with S/MIME
protections ([RFC8551]) for e-mail ([RFC5322]). protections ([RFC8551]) for e-mail ([RFC5322]).
In particular, they should be usable with signed and encrypted In particular, they should be usable with signed and encrypted
messages. messages.
skipping to change at page 5, line 46 skipping to change at page 6, line 27
As such, the secret key objects are not suitable for verifying As such, the secret key objects are not suitable for verifying
interoperable password protection schemes. interoperable password protection schemes.
However, the PKCS#12 [RFC7292] objects do have simple textual However, the PKCS#12 [RFC7292] objects do have simple textual
passwords, because tooling for dealing with passwordless PKCS#12 passwords, because tooling for dealing with passwordless PKCS#12
objects is underdeveloped at the time of this draft. objects is underdeveloped at the time of this draft.
2.7. Secret key origins 2.7. Secret key origins
The secret keys in this document are all deterministically derived The secret RSA keys in this document are all deterministically
using provable prime generation as found in [FIPS186-4], based on derived using provable prime generation as found in [FIPS186-4],
known seeds derived via [SHA256] from simple strings. The seeds and based on known seeds derived via [SHA256] from simple strings. The
their derivation are included in the document for informational secret Ed25519 and X25519 keys in this document are all derived by
purposes, and to allow re-creation of the objects from appropriate hashing a simple string. The seeds and their derivation are included
tooling. in the document for informational purposes, and to allow re-creation
of the objects from appropriate tooling.
All seeds used are 224 bits long (the first 224 bits of the SHA-256 All RSA seeds used are 224 bits long (the first 224 bits of the
digest of the origin string), and are represented in hexadecimal. SHA-256 digest of the origin string), and are represented in
hexadecimal.
3. Example Certificate Authority 3. Example Certificate Authority
The example Certificate Authority has the following information: The example Certificate Authority has the following information:
* Name: "Sample LAMPS Certificate Authority" * Name: "Sample LAMPS Certificate Authority"
3.1. Certificate Authority Certificate 3.1. Certificate Authority Certificate
This cerificate is used to verify certificates issued by the example This cerificate is used to verify certificates issued by the example
skipping to change at page 21, line 38 skipping to change at page 22, line 38
dsTURagfJIyqULoe08EIIozahivbzoWVA6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAe dsTURagfJIyqULoe08EIIozahivbzoWVA6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAe
XO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVzPOmXhN53pDhlxkw0btkKblYA9CvP+kzg XO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVzPOmXhN53pDhlxkw0btkKblYA9CvP+kzg
wekzCy/Mlq/HbO38CV1NKzay3yg4ntehJ+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhme wekzCy/Mlq/HbO38CV1NKzay3yg4ntehJ+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhme
Nd14Y65D9TlypM/zrXSyGoOqZgSA6HlAgogzwwSaGwx9n/o6czE8MBUGCSqGSIb3 Nd14Y65D9TlypM/zrXSyGoOqZgSA6HlAgogzwwSaGwx9n/o6czE8MBUGCSqGSIb3
DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFBfFhHvQp+92kDi4s28IvJK1 DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcNAQkVMRYEFBfFhHvQp+92kDi4s28IvJK1
niuUMF8wTzALBglghkgBZQMEAgMEQESULk1nPh/xbTET83QqxpxbEpCxkvY1zrpc niuUMF8wTzALBglghkgBZQMEAgMEQESULk1nPh/xbTET83QqxpxbEpCxkvY1zrpc
aWzzbehThKle6bJRDM3zlpr0dHs8Qxs3ocSpAQ1XOXjuXlqFfKsECJ1vqXe6ro0F aWzzbehThKle6bJRDM3zlpr0dHs8Qxs3ocSpAQ1XOXjuXlqFfKsECJ1vqXe6ro0F
AgIoAA== AgIoAA==
-----END PKCS12----- -----END PKCS12-----
6. Security Considerations 6. Example Ed25519 Certificate Authority
The example Ed25519 Certificate Authority has the following
information:
* Name: "Sample LAMPS Ed25519 Certificate Authority"
6.1. Certificate Authority Certificate
This cerificate is used to verify certificates issued by the example
Ed25519 Certificate Authority.
-----BEGIN CERTIFICATE-----
MIIBcDCCASKgAwIBAgITGz6zL8fCL93bElmwkKaEVA49zzAFBgMrZXAwNTEzMDEG
A1UEAxMqU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MCAXDTIwMTIxNTIxMzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA1MTMwMQYDVQQDEypT
YW1wbGUgTEFNUFMgRWQyNTUxOSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwKjAFBgMr
ZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+RKE3URyp+eN2TxJDBKNDMEEwDwYDVR0T
AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRropV9uhSb5C0E
0Qek0YLkLmuMtTAFBgMrZXADQQCpSPkvILHd5nLh+YT34REF0VVphNaxdw1dnx/J
7BGYvgKOObND0sqpkpc1neTiIi9gdfs5zSIak6TnVDdiuccK
-----END CERTIFICATE-----
6.2. Ed25519 Certificate Authority Secret Key
This secret key material is used by the example Ed25519 Certificate
Authority to issue new certificates.
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp
-----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string "draft-
lamps-sample-certs-keygen.ca.25519.seed".
7. Carlos's Sample Certificates
Carlos has the following information:
* Name: "Carlos Turing"
* E-mail Address: "carlos@smime.example"
7.1. Carlos's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by
Carlos.
-----BEGIN CERTIFICATE-----
MIIBqTCCAVugAwIBAgITfTA2/ZV2DbKUTmbWgsuSzBMGCTAFBgMrZXAwNTEzMDEG
A1UEAxMqU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MCAXDTIwMTIxNTIxMzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjAYMRYwFAYDVQQDEw1D
YXJsb3MgVHVyaW5nMCowBQYDK2VwAyEAws6AMizeYchNhE1g75Gc552urn8e5Add
I/IAppL3yK2jgZgwgZUwDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWgRRjYXJsb3NA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAPBgNVHQ8BAf8EBQMD
B8AAMB0GA1UdDgQWBBRkheM7nB1azeYLuhp/CL7EnMyEPzAfBgNVHSMEGDAWgBRr
opV9uhSb5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDHbvRfqrivP1YFE1vR4s8IxQba
mPgWm+bh1bz0WQZEJx27+HXSwcQq1OaigzpNX5x/8fXy3Tdfyh/syZqkGwAD
-----END CERTIFICATE-----
7.2. Carlos's Signing Private Key Material
This private key material is used by Carlos to create signatures.
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY
-----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string "draft-
lamps-sample-certs-keygen.carlos.sign.25519.seed".
7.3. Carlos's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Carlos.
-----BEGIN CERTIFICATE-----
MIIBqTCCAVugAwIBAgITqKfyfNYXEMyA0hgjaMFYQldVQzAFBgMrZXAwNTEzMDEG
A1UEAxMqU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MCAXDTIwMTIxNTIxMzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjAYMRYwFAYDVQQDEw1D
YXJsb3MgVHVyaW5nMCowBQYDK2VuAyEALmgxzNMgyJ11NRhNz9bKYSpfDyFmbVBs
jPbFfaAUPHSjgZgwgZUwDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWgRRjYXJsb3NA
c21pbWUuZXhhbXBsZTATBgNVHSUEDDAKBggrBgEFBQcDBDAPBgNVHQ8BAf8EBQMD
BwgAMB0GA1UdDgQWBBSBKaD6I6BLIIwNeADe7doWyzQluTAfBgNVHSMEGDAWgBRr
opV9uhSb5C0E0Qek0YLkLmuMtTAFBgMrZXADQQBAEptLosUVLmgSGgX/KBtx6end
0GlzlW+uz/tkIV0FlqKwrOXt3ixbQJ1dTWBnKdpxKxOwwJrfn5/01YgzUJ0E
-----END CERTIFICATE-----
7.4. Carlos's Decryption Private Key Material
This private key material is used by Carlos to decrypt messages.
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK
-----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string "draft-
lamps-sample-certs-keygen.carlos.encrypt.25519.seed".
7.5. PKCS12 Object for Carlos
This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and
Section 6.1.
It is locked with the simple five-letter password "carlos".
-----BEGIN PKCS12-----
MIIIxgIBAzCCCF4GCSqGSIb3DQEHAaCCCE8EgghLMIIIRzCCAm8GCSqGSIb3DQEH
BqCCAmAwggJcAgEAMIICVQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R
pT1mkyMCAhS7gIICKKwyttinvdBY3pNtMUJ4/G6tE8tBny4Xnh5vONwv0SU1nPzN
NKDPjaanMtw61VEFsQTJOTktIeNVV8uzT1a15/A9ax7U+70Mw3zwiXsyzMxEd7ry
Qmj7djYjx5xQ+UsnBgzrjapUSYmryDvYqEuig27O9Q8zaxdMd/wep3OGeaa4jrXo
dEW3iXBEkjH0wvCc9FV72z5AGMQzvz1dGC+cjSeJyvNvcfqkifhpPCmdM1Wltj1J
aejep+P21+yZRle9mDYSgiwWOzMcOD7hLYOEo81CvNmPtoYjctm3L7okSwS6lVoA
pDLoIumlHgvA7jMWOUM5VkW5ONrPREB3uSQnP2CoKJjmTYQ1VupJl9/Gfltj3O5c
eX5/gsU8q/G0Bti9hpEV5Cu83hnz6Zrb2LzIu0TpyYsjslUUs3vkG5fTBkCcjWkM
R40VTz5kxL16U1px1cDGQ50Fa1qISXMzBsXV38gSGIU/qcUVPtuTZzNckFrcQDLs
4IxjUO+ijnh5oHEHdeSBM9CWzMsq/agNihb0dO4uC/VLtwh+TxLiTOrMLrAhIpqx
NUDo8jyYhn0/GQNQJHBgSn2GIoUpC5CLOBGw37LxXqvJqNeuZ378mTO1xbc10MTo
TBW5aZkNZPJsx59msjJVXZjTr3qZ7AephyEWJEJIyJbzNVbvLP+qBWzie4avydlJ
fpYqjoWQxsJBcY5vjVDl7ofF5kgRLZkz++GWPMYACfgqf5ZcMDCCAk8GCSqGSIb3
DQEHBqCCAkAwggI8AgEAMIICNQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI
4zNcyy17/xoCAhSUgIICCO+ILkjMy7C90J/ATzaSEgL69GkwwyuZbTo/YwY2fq/E
NNrBt/RMcgRLgNAWw/QpFI9QhwjAicFscq9V7NXPpVCd9x/cX0qbx+EA9k3UdSBJ
NyF0rOX0ZkrXJAUuu8aO41DaSpbUshJhh5hx5MRqbANlaT+1Q7D+k9vz3zcpO3wx
zyHqNYxmZ+x1ExxiCxmLTxTwLHsJnFMamYuP7fBT5A34iYZdtVwotA/ussPx/HXP
n+KAXt1QQyvEb7kch9nJEWAmuCjdpIvf2AQCTSHp+WnDB/Tg7pEw8RT+HIcAwbXd
8AfhZmncDCOmNKe+4HPrp8R5CXwz7tpOqo/EqC5x36ak94RQXh7QM/r7thL68d1U
VL9Vx7LnRLjsQAedSHXrKyYShluzTLbJNHLDVnYBT1m1WyO0mDRm4Y0SLUiJ+Lud
AeKlVMJV6H+BeyxsXBSRQu5BHI8XhO/gQh00dmXTT9plqZ7V44qRHpYqeeoHYzZO
G8gPoCQ+AXCWmrctugcDu09tgbpGkDOFI+J0mAJz/E3vkHJ7T92TXj98Bf/zlKEX
AQGvaxCI5FpT224x0DBF/z6ZxWKZortuaxPhChBqrZ14qdBVdnXpgdoFUY9SLAn8
hthwn93in0IFHHdjRgaxR3c0TE0a28xwQpvI17w5t/Vl+WGQ8GHmPAzFUDLO33oE
mn2FmWVjMWswggHvBgkqhkiG9w0BBwagggHgMIIB3AIBADCCAdUGCSqGSIb3DQEH
ATAcBgoqhkiG9w0BDAEDMA4ECGj2DS1DJhO/AgIUgYCCAaiPztSEqZVM6ghfLfK9
UFKypTE38W/ozxw1QDOKxETQplu8iDrsYI54EbU1w6g6vWxrhHvIcJEMPbnUX7V2
DQwyi/Hd3ad0EdQ45kGb7mNciltIuDGPrFrBqsPEx4hDJGjePIvgEXDpj8szxJwQ
wq9WbdPq2pH7uD4Va9+HbeJjRTP7CP8ceGAO77zfAU1MZl7n+ydptAwVN3Ex9GGc
jbs0yocOXheRDYK8U1Hl22UjQ5OtXA83DID8QeLr+NNFIlwcYJEPM5kxKnBIcngP
utB3SLz16w8eap9yfHuVwdr1dI6rn93dcFix2ympTJnQLNSVEPZS62cydmWOYKUo
LyhuYfM7ZnuI1vOWl932pgkIHdplfkmygB+OE5w9NXhv5En6tqtISNdJcpfB65as
E8orGVDrQeao9E2mVTAFgiHHLCKcsbL4n3OwG83I0fzEja6yLyDzu/hGyMh/Jyuf
rcJGgMWrn2/+2TVzTVUcvcTFsypfaPAb6UkEvt5h+2xatZMnJC5CkBY+yzc3ahqN
GtgFtEf7RdDZK12+IA1qxrRkNSH+DE57xFLGMIHEBgkqhkiG9w0BBwGggbYEgbMw
gbAwga0GCyqGSIb3DQEMCgECoFowWDAcBgoqhkiG9w0BDAEDMA4ECA2F84MR3NKt
AgIUXQQ4ISoWJ7Wl6JxL05Jc1CMvBs3eQ7yVgzYep5JmgQonglIWVXWRZbfHB+7l
pkqsYRgF8Yx3yt6dGKMxQjAbBgkqhkiG9w0BCRQxDh4MAGMAYQByAGwAbwBzMCMG
CSqGSIb3DQEJFTEWBBSBKaD6I6BLIIwNeADe7doWyzQluTCBxAYJKoZIhvcNAQcB
oIG2BIGzMIGwMIGtBgsqhkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAg0
VyogQx931QICFLUEOBmu4SxJoFj4Kb1YpHweEfcleH4CgxKvCQMIrK1a34w0hcHS
NjZBkcNs3e4WfuofDTowO2GcqeJrMUIwGwYJKoZIhvcNAQkUMQ4eDABjAGEAcgBs
AG8AczAjBgkqhkiG9w0BCRUxFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wXzBPMAsG
CWCGSAFlAwQCAwRAit56S2r7yFrpjMaCK3ybG63nQrjdqKEIHQZSMvr4UmbA6u1n
tadRca4edJMDRdUIRFckfpa1qHI9YWBWGP4TFAQIkONpmR/LgWcCAigA
-----END PKCS12-----
8. Dana's Sample Certificates
Dana has the following information:
* Name: "Dana Hopper"
* E-mail Address: "dna@smime.example"
8.1. Dana's Signature Verification End-Entity Certificate
This certificate is used for verification of signatures made by Dana.
-----BEGIN CERTIFICATE-----
MIIBpTCCAVegAwIBAgITpJvJ/RfYIwaHOq+JHuYw2w0HKzAFBgMrZXAwNTEzMDEG
A1UEAxMqU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MCAXDTIwMTIxNTIxMzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjAWMRQwEgYDVQQDEwtE
YW5hIEhvcHBlcjAqMAUGAytlcAMhALLaHeGGRooNjrs+4K40ueetCId1JZik+WAW
w6J/zm+uo4GWMIGTMAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIESZGFuYUBzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA8GA1UdDwEB/wQFAwMHwAAw
HQYDVR0OBBYEFEgDhsFpuHhtrt7zzAawM6xXMt2WMB8GA1UdIwQYMBaAFGuilX26
FJvkLQTRB6TRguQua4y1MAUGAytlcANBAO1JTk7QtXn5yCwgjVRYMzwY6vCaxR0v
yNVq04iiXCADZWNyeBt2rvpTwJ0j5ky5/OzJygrhSmkxoi1ySsvypgw=
-----END CERTIFICATE-----
8.2. Dana's Signing Private Key Material
This private key material is used by Dana to create signatures.
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N
-----END PRIVATE KEY-----
This secret key is the [SHA256] digest of the ASCII string "draft-
lamps-sample-certs-keygen.dana.sign.25519.seed".
8.3. Dana's Encryption End-Entity Certificate
This certificate is used to encrypt messages to Dana.
-----BEGIN CERTIFICATE-----
MIIBpTCCAVegAwIBAgITC+vfipqj1grZL8ViMpnNj1gd6zAFBgMrZXAwNTEzMDEG
A1UEAxMqU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MCAXDTIwMTIxNTIxMzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjAWMRQwEgYDVQQDEwtE
YW5hIEhvcHBlcjAqMAUGAytlbgMhAOAxojYBaRT0sbwK9pEeANIRj13vZjwQ1l4z
CJs+6CRUo4GWMIGTMAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIESZGFuYUBzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA8GA1UdDwEB/wQFAwMHCAAw
HQYDVR0OBBYEFJ3fTdQF75rsYIa8J20E6c5a3I+kMB8GA1UdIwQYMBaAFGuilX26
FJvkLQTRB6TRguQua4y1MAUGAytlcANBAD5H9BEI9UMNr17ZTPgcUqP7Lj4LYpmm
AMjqTuul+fQWupaq81D3eqKH/+I0xBgU7tOm5daFOcylUECUppIxIgk=
-----END CERTIFICATE-----
8.4. Dana's Decryption Private Key Material
This private key material is used by Dana to decrypt messages.
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3
-----END PRIVATE KEY-----
This seed is the [SHA256] digest of the ASCII string "draft-lamps-
sample-certs-keygen.dana.encrypt.25519.seed".
8.5. PKCS12 Object for Dana
This PKCS12 ([RFC7292]) object contains the same information as
presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and
Section 6.1.
It is locked with the simple four-letter password "dana".
-----BEGIN PKCS12-----
MIIItgIBAzCCCE4GCSqGSIb3DQEHAaCCCD8Eggg7MIIINzCCAmcGCSqGSIb3DQEH
BqCCAlgwggJUAgEAMIICTQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH
TA2APx0CAhQXgIICII41QoooyUFqZ/fDWmgn1xEzYA0oJmBoFCl8uyXfZ/0yP63q
EYmGtmplf0qtFoI9tG1k0yKnmYY4xACo8Vy12BxSY62YfDv/2Uk+R4vNsyO9IwDR
rR4LF1rvYOlj8VNbIovXp2c1RUZW7QZKL/qVb5V9hNL80mKk77TteeFFKvDBYPyw
DYUBr+CP5gbMi71DwePoXHN+Rd6hHFFrUBhFVEUlXgCTs/rgsN+WJ3Wx1SK44xel
MyP9PzrMO5rnZDnP1pPsanIB/Zl5xDKbg/lg19St+dnnaHr3Le5knMRcc48PZ/r8
0bSaEQ2TxxUbdVQoshPtpoJ20EMgD0omRYZNYBB3ukj2j5c2gHCAsv+3cRKYZbpn
37N0MreFTdVyx7KKXKUz9pyVk7TDxtseq4uF/tZzo2QTe0aWoVAsapcu9Ypc4OW+
r/EehKR5MxPoNxa9eKIZEmDPU6ZnNRhnJG3QB63zAZ9ojY72PgvNOMrrKipCI4Jc
irJ7KK5hOLh7ScsFaYnZnVwfdN5Vw6os4VxY51uW6JOQuCaCZtB6ypEe40DCPevd
ej+YYm4qCxGnbiS7lf2yBkoYsmmz9yGCePvkHLpdYL3yql12Ti8cEV1hyQP9manq
ye4OvnlHKczGOIeE3sHipkjTyAqo+uSDy2/TMZU6U9Wpq5FcrmOIs3HHFaEKWq7N
oIVLEGgVcvgyL9hGrb5WsU71e6JgeZsZ9jL2QigwggJPBgkqhkiG9w0BBwagggJA
MIICPAIBADCCAjUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECPG6iJpJkNuf
AgIUf4CCAgj/MCKXWbtp1qlHufYRzMhWeV3BaYoisKS4N0I+MYEv0VpHKLGp8e5v
CtkuWnuY3WJ6Mqn5F27MIGyjoimcoeQboApOgVYu+QZbwWX4HV7jPfByE3DX1Ll5
7irBYXUaoGzqBspDsmancqL7LHr/HJszKpv7kSTKiRpHvqdcg3RtD+AetoZxrYci
zmfcBONW4XDyTDKM4sSyypMrSjiO/huGjg4TXQQYLbxOxUo+RH7JWzTH3RLHhH/w
/+RHKXvym7uRm+oSlXkffz47VyA348w7+YADMCxeujG+NlBikGJEc53R1xGuiVjI
8aButCifePwyQ65/m+jklMOqIrq2M12mh9z6mtT6kYqZjcKxwV+rEib4TX48+HOt
2vp9r6o41+ulLu9f2P/EJka86biQU0MbWA+cd0JXpDm7CgVT/c7opob3Fs3fM1BH
Sh8g8moOIAI7EBfkxkymrgrCBptm74W6AxQGAgYFrNWBHunFer4DnE2rhDLxFvZg
X2c1VJPfhKDM9lt7vksoAttmXNWY1UuCBqGipH11qe7txE/tgAZJF51owRvFGOLQ
7dCFH+cyS55UIJPhuFgUR7qskzrrh5SyWuBdMDSgyf7z+Jo86mBQEtwIsT2erqGf
z7fqo1TFyK2HpTr1FsTFjhNq4cXBQB2Red7f6IuK9/b6A6soKwpApjE3Uoymc3MK
MIIB7wYJKoZIhvcNAQcGoIIB4DCCAdwCAQAwggHVBgkqhkiG9w0BBwEwHAYKKoZI
hvcNAQwBAzAOBAjnyf7N2H+W4AICFJ2AggGoGREGUW0ANjBShA7junSDi0+1a3uu
PVz1O2L0eWnKISTivDOBDjmhkAwoMF+RSaTqc0eFz4yCEiMdBEkO/Uk3+R5HCOGr
tKh0sMh1Ti8dPEPbXcwVvs7vUuXx5iAMAMN2BP2/4DTB32XMCHwFwTHyTFkQcsdI
4GtpnP9YsusabQWaD2YjHKZnNTP1LBKrllhxEyUK1zB39rfQkRtM6X/2cpO/rKjH
NEKW0QQIzx4jrrf93cbXGMZy7ZZWygkbS8SNfe6ztvR3/AAU03PD7b9GfMSHW0gN
6HAHuRX3U6STB3kGUB0u80+Ff4OHIRf0gTwfXjj0RW1cJ+T+mpJfsmgycVFSNn4r
ThuIwSSHWB/dJguhj1pd2kldHS90T3xbcxxQPru41HIRpc69BVPmdgsywt285Q1A
IkR0laF7yTn7j0mNCkFjgiUPyUh0B6oziqa6bPFX33v9vbIkvGEH/xiyH5KL8NVn
e+SJqOqo5Ldz+VwuVjRVaJKYRiEIwG/igukbZELynt+n2ab7MQBwaF7szah6rgoJ
9siHtn2qqcLH/yFSpa31l+zmrzCBwAYJKoZIhvcNAQcBoIGyBIGvMIGsMIGpBgsq
hkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAi9gc9b1vmGZAICFLoEOGDs
hI5HudzQ7whUdHIlB2e63n/f8D8eU4Fd6sxoX0eGz9q3aYjrfYQB1SuXJlAEe/sI
wCYmHS1EMT4wFwYJKoZIhvcNAQkUMQoeCABkAGEAbgBhMCMGCSqGSIb3DQEJFTEW
BBSd303UBe+a7GCGvCdtBOnOWtyPpDCBwAYJKoZIhvcNAQcBoIGyBIGvMIGsMIGp
BgsqhkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAhcO/FJPCuuLgICFPoE
OIndI0W9ychDOX3aWnkEfmBHjJ/mOSmr6ZVQ+R7YEEGPYYaaW0KhuGn+ymPjE+sb
rOqDREHiQBOcMT4wFwYJKoZIhvcNAQkUMQoeCABkAGEAbgBhMCMGCSqGSIb3DQEJ
FTEWBBRIA4bBabh4ba7e88wGsDOsVzLdljBfME8wCwYJYIZIAWUDBAIDBEBIhL6p
HFTK0hwRZDyE3YSCZQkqqfjtQ5Af5bMNXzoKrBwKyiIFjaLjzqOHsXjZfvpYFn9l
SfA4Br7bcbT0GhQEBAguQ5JM5djJbQICKAA=
-----END PKCS12-----
9. Security Considerations
The keys presented in this document should be considered compromised The keys presented in this document should be considered compromised
and insecure, because the secret key material is published and and insecure, because the secret key material is published and
therefore not secret. therefore not secret.
Applications which maintain blacklists of invalid key material SHOULD Applications which maintain blacklists of invalid key material SHOULD
include these keys in their lists. include these keys in their lists.
7. IANA Considerations 10. IANA Considerations
IANA has nothing to do for this document. IANA has nothing to do for this document.
8. Document Considerations 11. Document Considerations
[ RFC Editor: please remove this section before publication ] [ RFC Editor: please remove this section before publication ]
This document is currently edited as markdown. Minor editorial This document is currently edited as markdown. Minor editorial
changes can be suggested via merge requests at changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the author. https://gitlab.com/dkg/lamps-samples or by e-mail to the author.
Please direct all significant commentary to the public IETF LAMPS Please direct all significant commentary to the public IETF LAMPS
mailing list: "spasm@ietf.org" mailing list: "spasm@ietf.org"
8.1. Document History 11.1. Outstanding Changes
8.1.1. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 * Cross-sign between two sample CAs ?
* Add SMIMECapabilities (RFC 4262) for X25519 certificates
indicating supported ECDH schemes, as in section 8 of RFC 8418?
11.2. Document History
11.2.1. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01
* Added Curve25519 sample certificates (new CA, Carlos, and Dana)
11.2.2. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00
* WG adoption (dkg moves from Author to Editor) * WG adoption (dkg moves from Author to Editor)
8.1.2. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 11.2.3. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05
* PEM blobs are now "sourcecode", not "artwork" * PEM blobs are now "sourcecode", not "artwork"
8.1.3. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 11.2.4. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04
* Describe deterministic key generation * Describe deterministic key generation
* label PEM blobs with filenames in XML * label PEM blobs with filenames in XML
8.1.4. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 11.2.5. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03
* Alice and Bob now each have two distinct certificates: one for * Alice and Bob now each have two distinct certificates: one for
signing, one for encryption, and public keys to match. signing, one for encryption, and public keys to match.
8.1.5. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 11.2.6. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02
* PKCS#12 objects are deliberately locked with simple passphrases * PKCS#12 objects are deliberately locked with simple passphrases
8.1.6. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 11.2.7. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01
* changed all three keys to use RSA instead of RSA-PSS * changed all three keys to use RSA instead of RSA-PSS
* set keyEncipherment keyUsage flag instead of dataEncipherment in * set keyEncipherment keyUsage flag instead of dataEncipherment in
EE certs EE certs
9. Acknowledgements 12. Acknowledgements
This draft was inspired by similar work in the OpenPGP space by This draft was inspired by similar work in the OpenPGP space by
Bjarni Runar and juga at [I-D.bre-openpgp-samples]. Bjarni Runar and juga at [I-D.bre-openpgp-samples].
Eric Rescorla helped spot issues with certificate formats. Eric Rescorla helped spot issues with certificate formats.
Sean Turner pointed to [RFC4134] as prior work. Sean Turner pointed to [RFC4134] as prior work.
Deb Cooley suggested that Alice and Bob should have separate Deb Cooley suggested that Alice and Bob should have separate
certificates for signing and encryption. certificates for signing and encryption.
Wolfgang Hommel helped to build reproducible encrypted PKCS#12 Wolfgang Hommel helped to build reproducible encrypted PKCS#12
objects. objects.
Carsten Bormann got the XML "sourcecode" markup working for this Carsten Bormann got the XML "sourcecode" markup working for this
draft. draft.
10. References 13. References
10.1. Normative References 13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
skipping to change at page 23, line 40 skipping to change at page 31, line 5
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008, DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>. <https://www.rfc-editor.org/info/rfc5322>.
[RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A.,
and M. Scott, "PKCS #12: Personal Information Exchange and M. Scott, "PKCS #12: Personal Information Exchange
Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014,
<https://www.rfc-editor.org/info/rfc7292>. <https://www.rfc-editor.org/info/rfc7292>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551, Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>. April 2019, <https://www.rfc-editor.org/info/rfc8551>.
10.2. Informative References 13.2. Informative References
[FIPS186-4] [FIPS186-4]
"Digital Signature Standard (DSS)", National Institute of "Digital Signature Standard (DSS)", National Institute of
Standards and Technology report, Standards and Technology report,
DOI 10.6028/nist.fips.186-4, July 2013, DOI 10.6028/nist.fips.186-4, July 2013,
<https://doi.org/10.6028/nist.fips.186-4>. <https://doi.org/10.6028/nist.fips.186-4>.
[I-D.bre-openpgp-samples] [I-D.bre-openpgp-samples]
Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP
Example Keys and Certificates", Work in Progress, Example Keys and Certificates", Work in Progress,
skipping to change at page 24, line 26 skipping to change at page 31, line 42
samples-01.txt>. samples-01.txt>.
[RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134,
DOI 10.17487/RFC4134, July 2005, DOI 10.17487/RFC4134, July 2005,
<https://www.rfc-editor.org/info/rfc4134>. <https://www.rfc-editor.org/info/rfc4134>.
[RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning
Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April
2015, <https://www.rfc-editor.org/info/rfc7469>. 2015, <https://www.rfc-editor.org/info/rfc7469>.
[RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for
Ed25519, Ed448, X25519, and X448 for Use in the Internet
X.509 Public Key Infrastructure", RFC 8410,
DOI 10.17487/RFC8410, August 2018,
<https://www.rfc-editor.org/info/rfc8410>.
[SHA256] Dang, Q., "Secure Hash Standard", National Institute of [SHA256] Dang, Q., "Secure Hash Standard", National Institute of
Standards and Technology report, Standards and Technology report,
DOI 10.6028/nist.fips.180-4, July 2015, DOI 10.6028/nist.fips.180-4, July 2015,
<https://doi.org/10.6028/nist.fips.180-4>. <https://doi.org/10.6028/nist.fips.180-4>.
Author's Address Author's Address
Daniel Kahn Gillmor (editor) Daniel Kahn Gillmor (editor)
American Civil Liberties Union American Civil Liberties Union
125 Broad St. 125 Broad St.
 End of changes. 27 change blocks. 
75 lines changed or deleted 402 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/