draft-ietf-lamps-samples-07.txt   draft-ietf-lamps-samples-08.txt 
lamps D.K. Gillmor, Ed. lamps D.K. Gillmor, Ed.
Internet-Draft ACLU Internet-Draft ACLU
Intended status: Informational 14 December 2021 Intended status: Informational 2 February 2022
Expires: 17 June 2022 Expires: 6 August 2022
S/MIME Example Keys and Certificates S/MIME Example Keys and Certificates
draft-ietf-lamps-samples-07 draft-ietf-lamps-samples-08
Abstract Abstract
The S/MIME development community benefits from sharing samples of The S/MIME development community benefits from sharing samples of
signed or encrypted data. This document facilitates such signed or encrypted data. This document facilitates such
collaboration by defining a small set of X.509v3 certificates and collaboration by defining a small set of X.509v3 certificates and
keys for use when generating such samples. keys for use when generating such samples.
Status of This Memo Status of This Memo
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 17 June 2022. This Internet-Draft will expire on 6 August 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License. provided without warranty as described in the Revised BSD License.
skipping to change at page 3, line 7 skipping to change at page 3, line 7
8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29
8.1. Dana's Signature Verification End-Entity Certificate . . 29 8.1. Dana's Signature Verification End-Entity Certificate . . 29
8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30
8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30
8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30
8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31
9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32
11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32
11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32
11.1.1. Substantive Changes from draft-ietf-*-06 to 11.1.1. Substantive Changes from draft-ietf-*-07 to
draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 32 draft-ietf-*-08 . . . . . . . . . . . . . . . . . . . 32
11.1.2. Substantive Changes from draft-ietf-*-05 to 11.1.2. Substantive Changes from draft-ietf-*-06 to
draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 33
11.1.3. Substantive Changes from draft-ietf-*-05 to
draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33
11.1.3. Substantive Changes from draft-ietf-*-04 to 11.1.4. Substantive Changes from draft-ietf-*-04 to
draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33
11.1.4. Substantive Changes from draft-ietf-*-03 to 11.1.5. Substantive Changes from draft-ietf-*-03 to
draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33
11.1.5. Substantive Changes from draft-ietf-*-02 to 11.1.6. Substantive Changes from draft-ietf-*-02 to
draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33
11.1.6. Substantive Changes from draft-ietf-*-01 to 11.1.7. Substantive Changes from draft-ietf-*-01 to
draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33 draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33
11.1.7. Substantive Changes from draft-ietf-*-00 to 11.1.8. Substantive Changes from draft-ietf-*-00 to
draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34 draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34
11.1.8. Substantive Changes from draft-dkg-*-05 to 11.1.9. Substantive Changes from draft-dkg-*-05 to
draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34 draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34
11.1.9. Substantive Changes from draft-dkg-*-04 to 11.1.10. Substantive Changes from draft-dkg-*-04 to
draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34 draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34
11.1.10. Substantive Changes from draft-dkg-*-03 to 11.1.11. Substantive Changes from draft-dkg-*-03 to
draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34 draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34
11.1.11. Substantive Changes from draft-dkg-*-02 to 11.1.12. Substantive Changes from draft-dkg-*-02 to
draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34 draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34
11.1.12. Substantive Changes from draft-dkg-*-01 to 11.1.13. Substantive Changes from draft-dkg-*-01 to
draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34 draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34
11.1.13. Substantive Changes from draft-dkg-*-00 to 11.1.14. Substantive Changes from draft-dkg-*-00 to
draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34 draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
13.1. Normative References . . . . . . . . . . . . . . . . . . 35 13.1. Normative References . . . . . . . . . . . . . . . . . . 35
13.2. Informative References . . . . . . . . . . . . . . . . . 35 13.2. Informative References . . . . . . . . . . . . . . . . . 36
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
The S/MIME ([RFC8551]) development community, in particular the The S/MIME ([RFC8551]) development community, in particular the
e-mail development community, benefits from sharing samples of signed e-mail development community, benefits from sharing samples of signed
and/or encrypted data. Often the exact key material used does not and/or encrypted data. Often the exact key material used does not
matter because the properties being tested pertain to implementation matter because the properties being tested pertain to implementation
correctness, completeness or interoperability of the overall system. correctness, completeness or interoperability of the overall system.
However, without access to the relevant secret key material, a sample However, without access to the relevant secret key material, a sample
skipping to change at page 5, line 47 skipping to change at page 5, line 47
2.3. Certificate Revocation 2.3. Certificate Revocation
Because these are expected to be used in test suites or examples, and Because these are expected to be used in test suites or examples, and
we do not expect there to be online network services in these use we do not expect there to be online network services in these use
cases, we do not expect these certificates to produce any revocation cases, we do not expect these certificates to produce any revocation
artifacts. artifacts.
As a result, none of the certificates include either an OCSP As a result, none of the certificates include either an OCSP
indicator (see id-ad-ocsp as defined in the Authority Information indicator (see id-ad-ocsp as defined in the Authority Information
Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator
(see the CRL Disttribution Points X.509 extension as defined in (see the CRL Distribution Points X.509 extension as defined in
S.4.2.1.13 of [RFC5280]). S.4.2.1.13 of [RFC5280]).
2.4. Using the CA in Test Suites 2.4. Using the CA in Test Suites
To use these end-entity certificates in a piece of software (for To use these end-entity certificates in a piece of software (for
example, in a test suite or an interoperability matrix), most tools example, in a test suite or an interoperability matrix), most tools
will need to accept either the Example RSA CA (Section 3) or the will need to accept either the Example RSA CA (Section 3) or the
Example Ed25519 CA (Section 6) as a legitimate root authority. Example Ed25519 CA (Section 6) as a legitimate root authority.
Note that some tooling behaves differently for certificates validated Note that some tooling behaves differently for certificates validated
skipping to change at page 7, line 11 skipping to change at page 7, line 11
╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐
║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │
╚══════════════╝ └──────────────────┘ └───────────────────┘ ╚══════════════╝ └──────────────────┘ └───────────────────┘
By omitting the cross-signed CA certs, it should be possible to test By omitting the cross-signed CA certs, it should be possible to test
a "transvalid" certificate (an end-entity certificate that is a "transvalid" certificate (an end-entity certificate that is
supplied without its intermediate certificate) in some supplied without its intermediate certificate) in some
configurations. configurations.
2.6. Passwords 2.6. Passwords
Each secret key presented in this draft is unprotected (it has no Each secret key presented in this draft is represented as a PEM-
encoded PKCS#8 [RFC5958] object in cleartext form (it has no
password). password).
As such, the secret key objects are not suitable for verifying As such, the secret key objects are not suitable for verifying
interoperable password protection schemes. interoperable password protection schemes.
However, the PKCS#12 [RFC7292] objects do have simple textual However, the PKCS#12 [RFC7292] objects do have simple textual
passwords, because tooling for dealing with passwordless PKCS#12 passwords, because tooling for dealing with passwordless PKCS#12
objects is underdeveloped at the time of this draft. objects is underdeveloped at the time of this draft.
2.7. Secret key origins 2.7. Secret key origins
The secret RSA keys in this document are all deterministically The secret RSA keys in this document are all deterministically
derived using provable prime generation as found in [FIPS186-4], derived using provable prime generation as found in [FIPS186-4],
based on known seeds derived via [SHA256] from simple strings. The based on known seeds derived via [SHA256] from simple strings. The
secret Ed25519 and X25519 keys in this document are all derived by validation parameters for these derivations are stored in the objects
hashing a simple string. The seeds and their derivation are included themselves as specified in [RFC8479].
in the document for informational purposes, and to allow re-creation
of the objects from appropriate tooling. The secret Ed25519 and X25519 keys in this document are all derived
by hashing a simple string. The seeds and their derivation are
included in the document for informational purposes, and to allow re-
creation of the objects from appropriate tooling.
All RSA seeds used are 224 bits long (the first 224 bits of the All RSA seeds used are 224 bits long (the first 224 bits of the
SHA-256 digest of the origin string), and are represented in SHA-256 digest of the origin string), and are represented in
hexadecimal. hexadecimal.
3. Example RSA Certification Authority 3. Example RSA Certification Authority
The example RSA Certification Authority has the following The example RSA Certification Authority has the following
information: information:
skipping to change at page 32, line 32 skipping to change at page 32, line 32
kkzl2MltAgIoAA== kkzl2MltAgIoAA==
-----END PKCS12----- -----END PKCS12-----
9. Security Considerations 9. Security Considerations
The keys presented in this document should be considered compromised The keys presented in this document should be considered compromised
and insecure, because the secret key material is published and and insecure, because the secret key material is published and
therefore not secret. therefore not secret.
Any application which maintains a denylist of invalid key material Any application which maintains a denylist of invalid key material
SHOULD include these keys in its list. should include these keys in its list.
10. IANA Considerations 10. IANA Considerations
IANA has nothing to do for this document. IANA has nothing to do for this document.
11. Document Considerations 11. Document Considerations
[ RFC Editor: please remove this section before publication ] [ RFC Editor: please remove this section before publication ]
This document is currently edited as markdown. Minor editorial This document is currently edited as markdown. Minor editorial
changes can be suggested via merge requests at changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the author. https://gitlab.com/dkg/lamps-samples or by e-mail to the author.
Please direct all significant commentary to the public IETF LAMPS Please direct all significant commentary to the public IETF LAMPS
mailing list: spasm@ietf.org mailing list: spasm@ietf.org
11.1. Document History 11.1. Document History
11.1.1. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07 11.1.1. Substantive Changes from draft-ietf-*-07 to draft-ietf-*-08
* Apply editorial cleanup suggested during review
11.1.2. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07
* Correct document history * Correct document history
* Restore PKCS12 for dana and bob from -05 * Restore PKCS12 for dana and bob from -05
11.1.2. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06 11.1.3. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06
* Added outbound references for acronyms PEM, CRL, and OCSP, thanks * Added outbound references for acronyms PEM, CRL, and OCSP, thanks
Stewart Brant. Stewart Brant.
* Accidentally modified PKCS12 for dana and bob * Accidentally modified PKCS12 for dana and bob
11.1.3. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 11.1.4. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05
* Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for
interop with Keychain Access on macOS. interop with Keychain Access on macOS.
11.1.4. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 11.1.5. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04
* Order subject/issuer DN components by scope. * Order subject/issuer DN components by scope.
* Put cross-signed intermediate CA certificates into PKCS#12 instead * Put cross-signed intermediate CA certificates into PKCS#12 instead
of self-signed root CA certificates. of self-signed root CA certificates.
11.1.5. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 11.1.6. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03
* Correct encoding of S/MIME Capabilities extension. * Correct encoding of S/MIME Capabilities extension.
* Change "Certificate Authority" to "Certification Authority". * Change "Certificate Authority" to "Certification Authority".
* Add CertificatePolicies to all intermediate and end-entity * Add CertificatePolicies to all intermediate and end-entity
certificates. certificates.
* Add organization and organizational unit to all certificates. * Add organization and organizational unit to all certificates.
11.1.6. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 11.1.7. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02
* Added cross-signed certificates for both CAs * Added cross-signed certificates for both CAs
* Added S/MIME Capabilities extension for Carlos and Dana's * Added S/MIME Capabilities extension for Carlos and Dana's
encryption keys, indicating preferred ECDH parameters. encryption keys, indicating preferred ECDH parameters.
* Ensure no serial numbers are negative. * Ensure no serial numbers are negative.
* Encode keyUsage extensions in minimum-length BIT STRINGs. * Encode keyUsage extensions in minimum-length BIT STRINGs.
11.1.7. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 11.1.8. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01
* Added Curve25519 sample certificates (new CA, Carlos, and Dana) * Added Curve25519 sample certificates (new CA, Carlos, and Dana)
11.1.8. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 11.1.9. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00
* WG adoption (dkg moves from Author to Editor) * WG adoption (dkg moves from Author to Editor)
11.1.9. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 11.1.10. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05
* PEM blobs are now sourcecode, not artwork * PEM blobs are now sourcecode, not artwork
11.1.10. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 11.1.11. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04
* Describe deterministic key generation * Describe deterministic key generation
* label PEM blobs with filenames in XML * label PEM blobs with filenames in XML
11.1.11. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 11.1.12. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03
* Alice and Bob now each have two distinct certificates: one for * Alice and Bob now each have two distinct certificates: one for
signing, one for encryption, and public keys to match. signing, one for encryption, and public keys to match.
11.1.12. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 11.1.13. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02
* PKCS#12 objects are deliberately locked with simple passphrases * PKCS#12 objects are deliberately locked with simple passphrases
11.1.13. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 11.1.14. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01
* changed all three keys to use RSA instead of RSA-PSS * changed all three keys to use RSA instead of RSA-PSS
* set keyEncipherment keyUsage flag instead of dataEncipherment in * set keyEncipherment keyUsage flag instead of dataEncipherment in
EE certs EE certs
12. Acknowledgements 12. Acknowledgements
This draft was inspired by similar work in the OpenPGP space by This draft was inspired by similar work in the OpenPGP space by
Bjarni Runar and juga at [I-D.bre-openpgp-samples]. Bjarni Runar and juga at [I-D.bre-openpgp-samples].
skipping to change at page 35, line 29 skipping to change at page 35, line 29
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>. <https://www.rfc-editor.org/info/rfc5280>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958,
DOI 10.17487/RFC5322, October 2008, DOI 10.17487/RFC5958, August 2010,
<https://www.rfc-editor.org/info/rfc5322>. <https://www.rfc-editor.org/info/rfc5958>.
[RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A.,
and M. Scott, "PKCS #12: Personal Information Exchange and M. Scott, "PKCS #12: Personal Information Exchange
Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014,
<https://www.rfc-editor.org/info/rfc7292>. <https://www.rfc-editor.org/info/rfc7292>.
[RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
April 2015, <https://www.rfc-editor.org/info/rfc7468>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032, Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017, DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>. <https://www.rfc-editor.org/info/rfc8032>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8479] Mavrogiannopoulos, N., "Storing Validation Parameters in
PKCS#8", RFC 8479, DOI 10.17487/RFC8479, September 2018,
<https://www.rfc-editor.org/info/rfc8479>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551, Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>. April 2019, <https://www.rfc-editor.org/info/rfc8551>.
13.2. Informative References 13.2. Informative References
[FIPS186-4] [FIPS186-4]
"Digital Signature Standard (DSS)", National Institute of "Digital Signature Standard (DSS)", National Institute of
Standards and Technology report, Standards and Technology report,
skipping to change at page 36, line 22 skipping to change at page 36, line 33
Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP
Example Keys and Certificates", Work in Progress, Example Keys and Certificates", Work in Progress,
Internet-Draft, draft-bre-openpgp-samples-01, 20 December Internet-Draft, draft-bre-openpgp-samples-01, 20 December
2019, <https://www.ietf.org/archive/id/draft-bre-openpgp- 2019, <https://www.ietf.org/archive/id/draft-bre-openpgp-
samples-01.txt>. samples-01.txt>.
[RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134,
DOI 10.17487/RFC4134, July 2005, DOI 10.17487/RFC4134, July 2005,
<https://www.rfc-editor.org/info/rfc4134>. <https://www.rfc-editor.org/info/rfc4134>.
[RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, DOI 10.17487/RFC5322, October 2008,
April 2015, <https://www.rfc-editor.org/info/rfc7468>. <https://www.rfc-editor.org/info/rfc5322>.
[RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning
Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April
2015, <https://www.rfc-editor.org/info/rfc7469>. 2015, <https://www.rfc-editor.org/info/rfc7469>.
[RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for [RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for
Ed25519, Ed448, X25519, and X448 for Use in the Internet Ed25519, Ed448, X25519, and X448 for Use in the Internet
X.509 Public Key Infrastructure", RFC 8410, X.509 Public Key Infrastructure", RFC 8410,
DOI 10.17487/RFC8410, August 2018, DOI 10.17487/RFC8410, August 2018,
<https://www.rfc-editor.org/info/rfc8410>. <https://www.rfc-editor.org/info/rfc8410>.
 End of changes. 38 change blocks. 
46 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/