| draft-ietf-lamps-samples-04.txt | draft-ietf-lamps-samples-05.txt | |||
|---|---|---|---|---|
| lamps D.K. Gillmor, Ed. | lamps D.K. Gillmor, Ed. | |||
| Internet-Draft ACLU | Internet-Draft ACLU | |||
| Intended status: Informational 18 May 2021 | Intended status: Informational 5 August 2021 | |||
| Expires: 19 November 2021 | Expires: 6 February 2022 | |||
| S/MIME Example Keys and Certificates | S/MIME Example Keys and Certificates | |||
| draft-ietf-lamps-samples-04 | draft-ietf-lamps-samples-05 | |||
| Abstract | Abstract | |||
| The S/MIME development community benefits from sharing samples of | The S/MIME development community benefits from sharing samples of | |||
| signed or encrypted data. This document facilitates such | signed or encrypted data. This document facilitates such | |||
| collaboration by defining a small set of X.509v3 certificates and | collaboration by defining a small set of X.509v3 certificates and | |||
| keys for use when generating such samples. | keys for use when generating such samples. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 33 ¶ | skipping to change at page 1, line 33 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 19 November 2021. | This Internet-Draft will expire on 6 February 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 11 ¶ | skipping to change at page 2, line 11 ¶ | |||
| extracted from this document must include Simplified BSD License text | extracted from this document must include Simplified BSD License text | |||
| as described in Section 4.e of the Trust Legal Provisions and are | as described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Simplified BSD License. | provided without warranty as described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 | 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.3. Prior Work . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5 | 2.1. Certificate Usage . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5 | 2.2. Certificate Expiration . . . . . . . . . . . . . . . . . 5 | |||
| 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5 | 2.3. Certificate Revocation . . . . . . . . . . . . . . . . . 5 | |||
| 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 5 | 2.4. Using the CA in Test Suites . . . . . . . . . . . . . . . 5 | |||
| 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6 | 2.5. Certificate Chains . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 6 | 2.6. Passwords . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7 | 2.7. Secret key origins . . . . . . . . . . . . . . . . . . . 7 | |||
| 3. Example RSA Certification Authority . . . . . . . . . . . . . 7 | 3. Example RSA Certification Authority . . . . . . . . . . . . . 7 | |||
| 3.1. RSA Certification Authority Root Certificate . . . . . . 7 | 3.1. RSA Certification Authority Root Certificate . . . . . . 7 | |||
| 3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 | 3.2. RSA Certification Authority Secret Key . . . . . . . . . 8 | |||
| skipping to change at page 3, line 6 ¶ | skipping to change at page 3, line 6 ¶ | |||
| 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 | 7.5. PKCS12 Object for Carlos . . . . . . . . . . . . . . . . 28 | |||
| 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 | 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 | |||
| 8.1. Dana's Signature Verification End-Entity Certificate . . 29 | 8.1. Dana's Signature Verification End-Entity Certificate . . 29 | |||
| 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 | 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 | |||
| 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 | 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 | |||
| 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 | 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 | |||
| 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 | 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 | 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 | |||
| 11.1. Document History . . . . . . . . . . . . . . . . . . . . 33 | 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 | |||
| 11.1.1. Substantive Changes from draft-ietf-*-03 to | 11.1.1. Substantive Changes from draft-ietf-*-04 to | |||
| draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 32 | ||||
| 11.1.2. Substantive Changes from draft-ietf-*-03 to | ||||
| draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.2. Substantive Changes from draft-ietf-*-02 to | 11.1.3. Substantive Changes from draft-ietf-*-02 to | |||
| draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.3. Substantive Changes from draft-ietf-*-01 to | 11.1.4. Substantive Changes from draft-ietf-*-01 to | |||
| draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.4. Substantive Changes from draft-ietf-*-00 to | 11.1.5. Substantive Changes from draft-ietf-*-00 to | |||
| draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.5. Substantive Changes from draft-dkg-*-05 to | 11.1.6. Substantive Changes from draft-dkg-*-05 to | |||
| draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.6. Substantive Changes from draft-dkg-*-04 to | 11.1.7. Substantive Changes from draft-dkg-*-04 to | |||
| draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 33 | draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.7. Substantive Changes from draft-dkg-*-03 to | 11.1.8. Substantive Changes from draft-dkg-*-03 to | |||
| draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 33 | draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.8. Substantive Changes from draft-dkg-*-02 to | 11.1.9. Substantive Changes from draft-dkg-*-02 to | |||
| draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.9. Substantive Changes from draft-dkg-*-01 to | 11.1.10. Substantive Changes from draft-dkg-*-01 to | |||
| draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.10. Substantive Changes from draft-dkg-*-00 to | 11.1.11. Substantive Changes from draft-dkg-*-00 to | |||
| draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34 | |||
| 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 | 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 34 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 34 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 35 | 13.2. Informative References . . . . . . . . . . . . . . . . . 35 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 36 | |||
| 1. Introduction | 1. Introduction | |||
| The S/MIME ([RFC8551]) development community, in particular the | The S/MIME ([RFC8551]) development community, in particular the | |||
| skipping to change at page 15, line 6 ¶ | skipping to change at page 15, line 6 ¶ | |||
| 4.5. PKCS12 Object for Alice | 4.5. PKCS12 Object for Alice | |||
| This PKCS12 ([RFC7292]) object contains the same information as | This PKCS12 ([RFC7292]) object contains the same information as | |||
| presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and | presented in Section 4.1, Section 4.2, Section 4.3, Section 4.4, and | |||
| Section 3.3. | Section 3.3. | |||
| It is locked with the simple five-letter password "alice". | It is locked with the simple five-letter password "alice". | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIYKAIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH | MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH | |||
| BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs | BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs | |||
| PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ | PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ | |||
| 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 | 77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8 | |||
| x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW | x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW | |||
| +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI | +jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI | |||
| 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO | 6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO | |||
| Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl | Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl | |||
| 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF | 1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF | |||
| IVEP3V9Ebfn641CR0mIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3 | IVEP3V9Ebfn641CR0mIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3 | |||
| cq+f7Jce0IVCglRatN6rSyJBF8JlBQW5pZGco8AwTM1pK3RrdIDziheA8DIBB+KT | cq+f7Jce0IVCglRatN6rSyJBF8JlBQW5pZGco8AwTM1pK3RrdIDziheA8DIBB+KT | |||
| skipping to change at page 17, line 35 ¶ | skipping to change at page 17, line 35 ¶ | |||
| ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw | ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw | |||
| LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS | LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS | |||
| XzyN/twvfgPNIXgR0rw6c7VhhS+hNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R | XzyN/twvfgPNIXgR0rw6c7VhhS+hNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R | |||
| 5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs8OjXGBEOqmSudcS | 5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs8OjXGBEOqmSudcS | |||
| dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9LlNh7gHOyLL3azT | dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9LlNh7gHOyLL3azT | |||
| m12D0ZpZNaXyxLzdiRiAdwpWZmmegOOG70yi0D5eIxh6cbnbuU6Ygdp+pFFVYHfA | m12D0ZpZNaXyxLzdiRiAdwpWZmmegOOG70yi0D5eIxh6cbnbuU6Ygdp+pFFVYHfA | |||
| vc5Czpne2OPhXX2k0Okbwawr9AfrFjIfAEmBFx5GBGr/lSiUQSkbUC/s209YgaOg | vc5Czpne2OPhXX2k0Okbwawr9AfrFjIfAEmBFx5GBGr/lSiUQSkbUC/s209YgaOg | |||
| WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX35+Dxe/Lp3gXDdIJeWG6XVA8t3fsp | WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX35+Dxe/Lp3gXDdIJeWG6XVA8t3fsp | |||
| coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt | coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt | |||
| Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs | Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs | |||
| AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczBfME8w | AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w | |||
| CwYJYIZIAWUDBAIDBEC6rujtKFi2F7NJGihlmT4ptDGckray1zjr1/Hql/5Qw7iL | BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA= | |||
| BSuc4wEGnDSBEZuE9oFnyTbrzzEtebTsXluPRoV5BAj1OQCGvaJQwQICKAA= | ||||
| -----END PKCS12----- | -----END PKCS12----- | |||
| 5. Bob's Sample | 5. Bob's Sample | |||
| Bob has the following information: | Bob has the following information: | |||
| * Name: "Bob Babbage" | * Name: "Bob Babbage" | |||
| * E-mail Address: "bob@smime.example" | * E-mail Address: "bob@smime.example" | |||
| skipping to change at page 22, line 6 ¶ | skipping to change at page 22, line 6 ¶ | |||
| 5.5. PKCS12 Object for Bob | 5.5. PKCS12 Object for Bob | |||
| This PKCS12 ([RFC7292]) object contains the same information as | This PKCS12 ([RFC7292]) object contains the same information as | |||
| presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and | presented in Section 5.1, Section 5.2, Section 5.3, Section 5.4, and | |||
| Section 3.3. | Section 3.3. | |||
| It is locked with the simple three-letter password "bob". | It is locked with the simple three-letter password "bob". | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIYGAIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH | MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH | |||
| BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 | BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6 | |||
| qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u | qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u | |||
| FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX | FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX | |||
| qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1 | qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1 | |||
| p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD | p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD | |||
| +Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2 | +Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2 | |||
| TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK | TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK | |||
| wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/ | wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/ | |||
| nsaLg4MCWUO4Sh7nYJZl5Ijkk9LS7JhmwKvizHRRTXbLyRDH06e+jCRgLcU2WSUq | nsaLg4MCWUO4Sh7nYJZl5Ijkk9LS7JhmwKvizHRRTXbLyRDH06e+jCRgLcU2WSUq | |||
| 1bEr9Jy0ucK8zNPTf8HWBTS0ubvy4JfO3mVp4REX/8ozXlLztWGblFGbyaJ9Y4ga | 1bEr9Jy0ucK8zNPTf8HWBTS0ubvy4JfO3mVp4REX/8ozXlLztWGblFGbyaJ9Y4ga | |||
| skipping to change at page 24, line 35 ¶ | skipping to change at page 24, line 35 ¶ | |||
| 7vIUhAYUEA+J71IeifqqPDKYXnrCdUEajbfEdek30WiLR+ChEvEp48Mla6UVTLm/ | 7vIUhAYUEA+J71IeifqqPDKYXnrCdUEajbfEdek30WiLR+ChEvEp48Mla6UVTLm/ | |||
| mjziwbsxm5QlGccmz13e32RiyrfseB+RyllmzeJtydP2IHkWK7pww9yOlPK0QtZs | mjziwbsxm5QlGccmz13e32RiyrfseB+RyllmzeJtydP2IHkWK7pww9yOlPK0QtZs | |||
| 66IGZKqeXrWBk9QFYDX42gAy/xTfglco4KO7akhp3UzTIQyTXnt+OsOScc+ArVm/ | 66IGZKqeXrWBk9QFYDX42gAy/xTfglco4KO7akhp3UzTIQyTXnt+OsOScc+ArVm/ | |||
| dwClm+ZxybtOcVyadjpKWydyfAr3aTkGxX6RmHrEWr1R9BnMGPYesDs+yeVNs1Qd | dwClm+ZxybtOcVyadjpKWydyfAr3aTkGxX6RmHrEWr1R9BnMGPYesDs+yeVNs1Qd | |||
| Dhff/bQLwCLXdGLWwLe6kitUiyi8F3bdfPjR7R61lEUvJrBm7YLmgdxRCJ02LFLG | Dhff/bQLwCLXdGLWwLe6kitUiyi8F3bdfPjR7R61lEUvJrBm7YLmgdxRCJ02LFLG | |||
| n09iSMNe5vmiNaKiuzfb4Dp9dqEMhmJfdsTURagfJIyqULoe08EIIozahivbzoWV | n09iSMNe5vmiNaKiuzfb4Dp9dqEMhmJfdsTURagfJIyqULoe08EIIozahivbzoWV | |||
| A6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAeXO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVz | A6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAeXO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVz | |||
| POmXhN53pDhlxkw0btkKblYA9CvP+kzgwekzCy/Mlq/HbO38CV1NKzay3yg4nteh | POmXhN53pDhlxkw0btkKblYA9CvP+kzgwekzCy/Mlq/HbO38CV1NKzay3yg4nteh | |||
| J+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhmeNd14Y65D9TlypM/zrXSyGoOqZgSA6HlA | J+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhmeNd14Y65D9TlypM/zrXSyGoOqZgSA6HlA | |||
| gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN | gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN | |||
| AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMF8wTzALBglghkgBZQMEAgMEQEA7 | AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU | |||
| SD/WvuMDyvP1ipdXA2WUre12gbn4LB27Hc9hSCYJoGBNjjnqCgLnkrOGYn3c0JQa | n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA== | |||
| BlUu13AJnVU2Ep4R+DwECJ1vqXe6ro0FAgIoAA== | ||||
| -----END PKCS12----- | -----END PKCS12----- | |||
| 6. Example Ed25519 Certification Authority | 6. Example Ed25519 Certification Authority | |||
| The example Ed25519 Certification Authority has the following | The example Ed25519 Certification Authority has the following | |||
| information: | information: | |||
| * Name: "Sample LAMPS Ed25519 Certification Authority" | * Name: "Sample LAMPS Ed25519 Certification Authority" | |||
| 6.1. Ed25519 Certification Authority Root Certificate | 6.1. Ed25519 Certification Authority Root Certificate | |||
| skipping to change at page 28, line 14 ¶ | skipping to change at page 28, line 14 ¶ | |||
| 7.5. PKCS12 Object for Carlos | 7.5. PKCS12 Object for Carlos | |||
| This PKCS12 ([RFC7292]) object contains the same information as | This PKCS12 ([RFC7292]) object contains the same information as | |||
| presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and | presented in Section 7.1, Section 7.2, Section 7.3, Section 7.4, and | |||
| Section 6.3. | Section 6.3. | |||
| It is locked with the simple five-letter password "carlos". | It is locked with the simple five-letter password "carlos". | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIK/gIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH | MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH | |||
| BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R | BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R | |||
| pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF | pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF | |||
| a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W | a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W | |||
| 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F | 4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F | |||
| Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV | Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV | |||
| 3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8 | 3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8 | |||
| vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV | vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV | |||
| ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv | ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv | |||
| 4L+PAeJK4kVDREDQ6ch/6/hlqU8xHeNzdagEWYL6FxWDiHebASxIvZzqkLd7RV9m | 4L+PAeJK4kVDREDQ6ch/6/hlqU8xHeNzdagEWYL6FxWDiHebASxIvZzqkLd7RV9m | |||
| dL1FXst9R9G74jOs0WMMFmd9toyOhD0q6Gl9catOrolCVS/CKaC0CucsJfiKrlJ/ | dL1FXst9R9G74jOs0WMMFmd9toyOhD0q6Gl9catOrolCVS/CKaC0CucsJfiKrlJ/ | |||
| skipping to change at page 29, line 21 ¶ | skipping to change at page 29, line 21 ¶ | |||
| XQrUnkZ4m4g01sfgTOfDNurXx/oP0ym+B50q6nLUWv0tYZpmCVil358dIEGPPSMY | XQrUnkZ4m4g01sfgTOfDNurXx/oP0ym+B50q6nLUWv0tYZpmCVil358dIEGPPSMY | |||
| AMXh05tIPFdYSJ3WLs0cxy5X4sXZl5w16Pzeb9SF5topqRUb5PDTfVr2bQUMwTbp | AMXh05tIPFdYSJ3WLs0cxy5X4sXZl5w16Pzeb9SF5topqRUb5PDTfVr2bQUMwTbp | |||
| 99FcOQf6cg8HXyT+8b4qKp9WyjCBxAYJKoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsq | 99FcOQf6cg8HXyT+8b4qKp9WyjCBxAYJKoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsq | |||
| hkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAgNhfODEdzSrQICFF0EOCEq | hkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAgNhfODEdzSrQICFF0EOCEq | |||
| Fie1peicS9OSXNQjLwbN3kO8lYM2HqeSZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGM | Fie1peicS9OSXNQjLwbN3kO8lYM2HqeSZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGM | |||
| d8renRijMUIwGwYJKoZIhvcNAQkUMQ4eDABjAGEAcgBsAG8AczAjBgkqhkiG9w0B | d8renRijMUIwGwYJKoZIhvcNAQkUMQ4eDABjAGEAcgBsAG8AczAjBgkqhkiG9w0B | |||
| CRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCB | CRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCB | |||
| sDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwGCiqGSIb3DQEMAQMwDgQINFcqIEMfd9UC | sDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwGCiqGSIb3DQEMAQMwDgQINFcqIEMfd9UC | |||
| AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u | AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u | |||
| Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ | Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ | |||
| KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MF8wTzALBglghkgBZQME | KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU | |||
| AgMEQBHyJX3OKcho7aA/NqwHVbHwPGEYx1yP5T+GbVI3dnmpHWBqcN68OFozv+H9 | 8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA== | |||
| j3+ocgkzQE1+n7B9euUKdG8Xw/YECJDjaZkfy4FnAgIoAA== | ||||
| -----END PKCS12----- | -----END PKCS12----- | |||
| 8. Dana's Sample Certificates | 8. Dana's Sample Certificates | |||
| Dana has the following information: | Dana has the following information: | |||
| * Name: "Dana Hopper" | * Name: "Dana Hopper" | |||
| * E-mail Address: "dna@smime.example" | * E-mail Address: "dna@smime.example" | |||
| skipping to change at page 31, line 14 ¶ | skipping to change at page 31, line 14 ¶ | |||
| 8.5. PKCS12 Object for Dana | 8.5. PKCS12 Object for Dana | |||
| This PKCS12 ([RFC7292]) object contains the same information as | This PKCS12 ([RFC7292]) object contains the same information as | |||
| presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and | presented in Section 8.1, Section 8.2, Section 8.3, Section 8.4, and | |||
| Section 6.3. | Section 6.3. | |||
| It is locked with the simple four-letter password "dana". | It is locked with the simple four-letter password "dana". | |||
| -----BEGIN PKCS12----- | -----BEGIN PKCS12----- | |||
| MIIK5gIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH | MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH | |||
| BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH | BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH | |||
| TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM | TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM | |||
| TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k | TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k | |||
| WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO | WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO | |||
| aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ | aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+ | |||
| 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi | 8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi | |||
| PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B | PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B | |||
| OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81 | OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81 | |||
| H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG+yUmRUbHYHGnkjn9fOGLasI | H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG+yUmRUbHYHGnkjn9fOGLasI | |||
| ZUV0aowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA+1/WPWy1mCJeljGOgYqSV | ZUV0aowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA+1/WPWy1mCJeljGOgYqSV | |||
| skipping to change at page 32, line 21 ¶ | skipping to change at page 32, line 21 ¶ | |||
| nsNNL9nqQlNHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cX0RiDLxomFfflj2Yh | nsNNL9nqQlNHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cX0RiDLxomFfflj2Yh | |||
| uRoyX+8WzESt98I/KmAraWKXnxOP1FEWajtNCrnGCezDKO3xEHTQhECpg+z7O4mj | uRoyX+8WzESt98I/KmAraWKXnxOP1FEWajtNCrnGCezDKO3xEHTQhECpg+z7O4mj | |||
| MjN6MIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc | MjN6MIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc | |||
| BgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZkAgIUugQ4YOyEjke53NDvCFR0ciUHZ7re | BgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZkAgIUugQ4YOyEjke53NDvCFR0ciUHZ7re | |||
| f9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHVK5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG | f9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHVK5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG | |||
| 9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E | 9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E | |||
| 6c5a3I+kMIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow | 6c5a3I+kMIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow | |||
| WDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+ | WDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+ | |||
| YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4af7KY+MT6xus6oNEQeJAE5wxPjAXBgkq | YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4af7KY+MT6xus6oNEQeJAE5wxPjAXBgkq | |||
| hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z | hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z | |||
| zAawM6xXMt2WMF8wTzALBglghkgBZQMEAgMEQEyKU+C+RuVmgTZpGN9FEY/LofSz | zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D | |||
| 3TZAOx0TJ3EN12kuTzjcGNxJ+7e4w4xI6CZxP9RqrBM/N6N2fThoArRC6uIECC5D | ||||
| kkzl2MltAgIoAA== | kkzl2MltAgIoAA== | |||
| -----END PKCS12----- | -----END PKCS12----- | |||
| 9. Security Considerations | 9. Security Considerations | |||
| The keys presented in this document should be considered compromised | The keys presented in this document should be considered compromised | |||
| and insecure, because the secret key material is published and | and insecure, because the secret key material is published and | |||
| therefore not secret. | therefore not secret. | |||
| Applications which maintain blacklists of invalid key material SHOULD | Applications which maintain blacklists of invalid key material SHOULD | |||
| skipping to change at page 33, line 7 ¶ | skipping to change at page 32, line 50 ¶ | |||
| [ RFC Editor: please remove this section before publication ] | [ RFC Editor: please remove this section before publication ] | |||
| This document is currently edited as markdown. Minor editorial | This document is currently edited as markdown. Minor editorial | |||
| changes can be suggested via merge requests at | changes can be suggested via merge requests at | |||
| https://gitlab.com/dkg/lamps-samples or by e-mail to the author. | https://gitlab.com/dkg/lamps-samples or by e-mail to the author. | |||
| Please direct all significant commentary to the public IETF LAMPS | Please direct all significant commentary to the public IETF LAMPS | |||
| mailing list: "spasm@ietf.org" | mailing list: "spasm@ietf.org" | |||
| 11.1. Document History | 11.1. Document History | |||
| 11.1.1. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 | 11.1.1. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 | |||
| * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for | ||||
| interop with Keychain Access on macOS. | ||||
| 11.1.2. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 | ||||
| * Order subject/issuer DN components by scope. | * Order subject/issuer DN components by scope. | |||
| * Put cross-signed intermediate CA certificates into PKCS#12 instead | * Put cross-signed intermediate CA certificates into PKCS#12 instead | |||
| of self-signed root CA certificates. | of self-signed root CA certificates. | |||
| 11.1.2. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 | 11.1.3. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 | |||
| * Correct encoding of S/MIME Capabilities extension. | * Correct encoding of S/MIME Capabilities extension. | |||
| * Change "Certificate Authority" to "Certification Authority". | * Change "Certificate Authority" to "Certification Authority". | |||
| * Add CertificatePolicies to all intermediate and end-entity | * Add CertificatePolicies to all intermediate and end-entity | |||
| certificates. | certificates. | |||
| * Add organization and organizational unit to all certificates. | * Add organization and organizational unit to all certificates. | |||
| 11.1.3. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 | 11.1.4. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 | |||
| * Added cross-signed certificates for both CAs | * Added cross-signed certificates for both CAs | |||
| * Added S/MIME Capabilities extension for Carlos and Dana's | * Added S/MIME Capabilities extension for Carlos and Dana's | |||
| encryption keys, indicating preferred ECDH parameters. | encryption keys, indicating preferred ECDH parameters. | |||
| * Ensure no serial numbers are negative. | * Ensure no serial numbers are negative. | |||
| * Encode keyUsage extensions in minimum-length BIT STRINGs. | * Encode keyUsage extensions in minimum-length BIT STRINGs. | |||
| 11.1.4. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 | 11.1.5. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 | |||
| * Added Curve25519 sample certificates (new CA, Carlos, and Dana) | * Added Curve25519 sample certificates (new CA, Carlos, and Dana) | |||
| 11.1.5. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 | 11.1.6. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 | |||
| * WG adoption (dkg moves from Author to Editor) | * WG adoption (dkg moves from Author to Editor) | |||
| 11.1.6. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 | 11.1.7. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 | |||
| * PEM blobs are now "sourcecode", not "artwork" | * PEM blobs are now "sourcecode", not "artwork" | |||
| 11.1.7. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 | 11.1.8. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 | |||
| * Describe deterministic key generation | * Describe deterministic key generation | |||
| * label PEM blobs with filenames in XML | * label PEM blobs with filenames in XML | |||
| 11.1.8. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 | 11.1.9. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 | |||
| * Alice and Bob now each have two distinct certificates: one for | * Alice and Bob now each have two distinct certificates: one for | |||
| signing, one for encryption, and public keys to match. | signing, one for encryption, and public keys to match. | |||
| 11.1.9. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 | 11.1.10. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 | |||
| * PKCS#12 objects are deliberately locked with simple passphrases | * PKCS#12 objects are deliberately locked with simple passphrases | |||
| 11.1.10. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 | 11.1.11. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 | |||
| * changed all three keys to use RSA instead of RSA-PSS | * changed all three keys to use RSA instead of RSA-PSS | |||
| * set keyEncipherment keyUsage flag instead of dataEncipherment in | * set keyEncipherment keyUsage flag instead of dataEncipherment in | |||
| EE certs | EE certs | |||
| 12. Acknowledgements | 12. Acknowledgements | |||
| This draft was inspired by similar work in the OpenPGP space by | This draft was inspired by similar work in the OpenPGP space by | |||
| Bjarni Runar and juga at [I-D.bre-openpgp-samples]. | Bjarni Runar and juga at [I-D.bre-openpgp-samples]. | |||
| End of changes. 33 change blocks. | ||||
| 42 lines changed or deleted | 43 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||