| draft-ietf-lamps-samples-07.txt | draft-ietf-lamps-samples-08.txt | |||
|---|---|---|---|---|
| lamps D.K. Gillmor, Ed. | lamps D.K. Gillmor, Ed. | |||
| Internet-Draft ACLU | Internet-Draft ACLU | |||
| Intended status: Informational 14 December 2021 | Intended status: Informational 2 February 2022 | |||
| Expires: 17 June 2022 | Expires: 6 August 2022 | |||
| S/MIME Example Keys and Certificates | S/MIME Example Keys and Certificates | |||
| draft-ietf-lamps-samples-07 | draft-ietf-lamps-samples-08 | |||
| Abstract | Abstract | |||
| The S/MIME development community benefits from sharing samples of | The S/MIME development community benefits from sharing samples of | |||
| signed or encrypted data. This document facilitates such | signed or encrypted data. This document facilitates such | |||
| collaboration by defining a small set of X.509v3 certificates and | collaboration by defining a small set of X.509v3 certificates and | |||
| keys for use when generating such samples. | keys for use when generating such samples. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 33 ¶ | skipping to change at page 1, line 33 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 17 June 2022. | This Internet-Draft will expire on 6 August 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| and restrictions with respect to this document. Code Components | and restrictions with respect to this document. Code Components | |||
| extracted from this document must include Revised BSD License text as | extracted from this document must include Revised BSD License text as | |||
| described in Section 4.e of the Trust Legal Provisions and are | described in Section 4.e of the Trust Legal Provisions and are | |||
| provided without warranty as described in the Revised BSD License. | provided without warranty as described in the Revised BSD License. | |||
| skipping to change at page 3, line 7 ¶ | skipping to change at page 3, line 7 ¶ | |||
| 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 | 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 | |||
| 8.1. Dana's Signature Verification End-Entity Certificate . . 29 | 8.1. Dana's Signature Verification End-Entity Certificate . . 29 | |||
| 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 | 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 | |||
| 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 | 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 | |||
| 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 | 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 | |||
| 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 | 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 | 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 | |||
| 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 | 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 | |||
| 11.1.1. Substantive Changes from draft-ietf-*-06 to | 11.1.1. Substantive Changes from draft-ietf-*-07 to | |||
| draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 32 | draft-ietf-*-08 . . . . . . . . . . . . . . . . . . . 32 | |||
| 11.1.2. Substantive Changes from draft-ietf-*-05 to | 11.1.2. Substantive Changes from draft-ietf-*-06 to | |||
| draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 33 | ||||
| 11.1.3. Substantive Changes from draft-ietf-*-05 to | ||||
| draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.3. Substantive Changes from draft-ietf-*-04 to | 11.1.4. Substantive Changes from draft-ietf-*-04 to | |||
| draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.4. Substantive Changes from draft-ietf-*-03 to | 11.1.5. Substantive Changes from draft-ietf-*-03 to | |||
| draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.5. Substantive Changes from draft-ietf-*-02 to | 11.1.6. Substantive Changes from draft-ietf-*-02 to | |||
| draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.6. Substantive Changes from draft-ietf-*-01 to | 11.1.7. Substantive Changes from draft-ietf-*-01 to | |||
| draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33 | draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33 | |||
| 11.1.7. Substantive Changes from draft-ietf-*-00 to | 11.1.8. Substantive Changes from draft-ietf-*-00 to | |||
| draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34 | draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.8. Substantive Changes from draft-dkg-*-05 to | 11.1.9. Substantive Changes from draft-dkg-*-05 to | |||
| draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34 | draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.9. Substantive Changes from draft-dkg-*-04 to | 11.1.10. Substantive Changes from draft-dkg-*-04 to | |||
| draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.10. Substantive Changes from draft-dkg-*-03 to | 11.1.11. Substantive Changes from draft-dkg-*-03 to | |||
| draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.11. Substantive Changes from draft-dkg-*-02 to | 11.1.12. Substantive Changes from draft-dkg-*-02 to | |||
| draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.12. Substantive Changes from draft-dkg-*-01 to | 11.1.13. Substantive Changes from draft-dkg-*-01 to | |||
| draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34 | |||
| 11.1.13. Substantive Changes from draft-dkg-*-00 to | 11.1.14. Substantive Changes from draft-dkg-*-00 to | |||
| draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34 | draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34 | |||
| 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 | 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 35 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 35 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 35 | 13.2. Informative References . . . . . . . . . . . . . . . . . 36 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37 | |||
| 1. Introduction | 1. Introduction | |||
| The S/MIME ([RFC8551]) development community, in particular the | The S/MIME ([RFC8551]) development community, in particular the | |||
| e-mail development community, benefits from sharing samples of signed | e-mail development community, benefits from sharing samples of signed | |||
| and/or encrypted data. Often the exact key material used does not | and/or encrypted data. Often the exact key material used does not | |||
| matter because the properties being tested pertain to implementation | matter because the properties being tested pertain to implementation | |||
| correctness, completeness or interoperability of the overall system. | correctness, completeness or interoperability of the overall system. | |||
| However, without access to the relevant secret key material, a sample | However, without access to the relevant secret key material, a sample | |||
| skipping to change at page 5, line 47 ¶ | skipping to change at page 5, line 47 ¶ | |||
| 2.3. Certificate Revocation | 2.3. Certificate Revocation | |||
| Because these are expected to be used in test suites or examples, and | Because these are expected to be used in test suites or examples, and | |||
| we do not expect there to be online network services in these use | we do not expect there to be online network services in these use | |||
| cases, we do not expect these certificates to produce any revocation | cases, we do not expect these certificates to produce any revocation | |||
| artifacts. | artifacts. | |||
| As a result, none of the certificates include either an OCSP | As a result, none of the certificates include either an OCSP | |||
| indicator (see id-ad-ocsp as defined in the Authority Information | indicator (see id-ad-ocsp as defined in the Authority Information | |||
| Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator | Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator | |||
| (see the CRL Disttribution Points X.509 extension as defined in | (see the CRL Distribution Points X.509 extension as defined in | |||
| S.4.2.1.13 of [RFC5280]). | S.4.2.1.13 of [RFC5280]). | |||
| 2.4. Using the CA in Test Suites | 2.4. Using the CA in Test Suites | |||
| To use these end-entity certificates in a piece of software (for | To use these end-entity certificates in a piece of software (for | |||
| example, in a test suite or an interoperability matrix), most tools | example, in a test suite or an interoperability matrix), most tools | |||
| will need to accept either the Example RSA CA (Section 3) or the | will need to accept either the Example RSA CA (Section 3) or the | |||
| Example Ed25519 CA (Section 6) as a legitimate root authority. | Example Ed25519 CA (Section 6) as a legitimate root authority. | |||
| Note that some tooling behaves differently for certificates validated | Note that some tooling behaves differently for certificates validated | |||
| skipping to change at page 7, line 11 ¶ | skipping to change at page 7, line 11 ¶ | |||
| ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ | ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ | |||
| ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ | ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ | |||
| ╚══════════════╝ └──────────────────┘ └───────────────────┘ | ╚══════════════╝ └──────────────────┘ └───────────────────┘ | |||
| By omitting the cross-signed CA certs, it should be possible to test | By omitting the cross-signed CA certs, it should be possible to test | |||
| a "transvalid" certificate (an end-entity certificate that is | a "transvalid" certificate (an end-entity certificate that is | |||
| supplied without its intermediate certificate) in some | supplied without its intermediate certificate) in some | |||
| configurations. | configurations. | |||
| 2.6. Passwords | 2.6. Passwords | |||
| Each secret key presented in this draft is unprotected (it has no | Each secret key presented in this draft is represented as a PEM- | |||
| encoded PKCS#8 [RFC5958] object in cleartext form (it has no | ||||
| password). | password). | |||
| As such, the secret key objects are not suitable for verifying | As such, the secret key objects are not suitable for verifying | |||
| interoperable password protection schemes. | interoperable password protection schemes. | |||
| However, the PKCS#12 [RFC7292] objects do have simple textual | However, the PKCS#12 [RFC7292] objects do have simple textual | |||
| passwords, because tooling for dealing with passwordless PKCS#12 | passwords, because tooling for dealing with passwordless PKCS#12 | |||
| objects is underdeveloped at the time of this draft. | objects is underdeveloped at the time of this draft. | |||
| 2.7. Secret key origins | 2.7. Secret key origins | |||
| The secret RSA keys in this document are all deterministically | The secret RSA keys in this document are all deterministically | |||
| derived using provable prime generation as found in [FIPS186-4], | derived using provable prime generation as found in [FIPS186-4], | |||
| based on known seeds derived via [SHA256] from simple strings. The | based on known seeds derived via [SHA256] from simple strings. The | |||
| secret Ed25519 and X25519 keys in this document are all derived by | validation parameters for these derivations are stored in the objects | |||
| hashing a simple string. The seeds and their derivation are included | themselves as specified in [RFC8479]. | |||
| in the document for informational purposes, and to allow re-creation | ||||
| of the objects from appropriate tooling. | The secret Ed25519 and X25519 keys in this document are all derived | |||
| by hashing a simple string. The seeds and their derivation are | ||||
| included in the document for informational purposes, and to allow re- | ||||
| creation of the objects from appropriate tooling. | ||||
| All RSA seeds used are 224 bits long (the first 224 bits of the | All RSA seeds used are 224 bits long (the first 224 bits of the | |||
| SHA-256 digest of the origin string), and are represented in | SHA-256 digest of the origin string), and are represented in | |||
| hexadecimal. | hexadecimal. | |||
| 3. Example RSA Certification Authority | 3. Example RSA Certification Authority | |||
| The example RSA Certification Authority has the following | The example RSA Certification Authority has the following | |||
| information: | information: | |||
| skipping to change at page 32, line 32 ¶ | skipping to change at page 32, line 32 ¶ | |||
| kkzl2MltAgIoAA== | kkzl2MltAgIoAA== | |||
| -----END PKCS12----- | -----END PKCS12----- | |||
| 9. Security Considerations | 9. Security Considerations | |||
| The keys presented in this document should be considered compromised | The keys presented in this document should be considered compromised | |||
| and insecure, because the secret key material is published and | and insecure, because the secret key material is published and | |||
| therefore not secret. | therefore not secret. | |||
| Any application which maintains a denylist of invalid key material | Any application which maintains a denylist of invalid key material | |||
| SHOULD include these keys in its list. | should include these keys in its list. | |||
| 10. IANA Considerations | 10. IANA Considerations | |||
| IANA has nothing to do for this document. | IANA has nothing to do for this document. | |||
| 11. Document Considerations | 11. Document Considerations | |||
| [ RFC Editor: please remove this section before publication ] | [ RFC Editor: please remove this section before publication ] | |||
| This document is currently edited as markdown. Minor editorial | This document is currently edited as markdown. Minor editorial | |||
| changes can be suggested via merge requests at | changes can be suggested via merge requests at | |||
| https://gitlab.com/dkg/lamps-samples or by e-mail to the author. | https://gitlab.com/dkg/lamps-samples or by e-mail to the author. | |||
| Please direct all significant commentary to the public IETF LAMPS | Please direct all significant commentary to the public IETF LAMPS | |||
| mailing list: spasm@ietf.org | mailing list: spasm@ietf.org | |||
| 11.1. Document History | 11.1. Document History | |||
| 11.1.1. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07 | 11.1.1. Substantive Changes from draft-ietf-*-07 to draft-ietf-*-08 | |||
| * Apply editorial cleanup suggested during review | ||||
| 11.1.2. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07 | ||||
| * Correct document history | * Correct document history | |||
| * Restore PKCS12 for dana and bob from -05 | * Restore PKCS12 for dana and bob from -05 | |||
| 11.1.2. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06 | 11.1.3. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06 | |||
| * Added outbound references for acronyms PEM, CRL, and OCSP, thanks | * Added outbound references for acronyms PEM, CRL, and OCSP, thanks | |||
| Stewart Brant. | Stewart Brant. | |||
| * Accidentally modified PKCS12 for dana and bob | * Accidentally modified PKCS12 for dana and bob | |||
| 11.1.3. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 | 11.1.4. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 | |||
| * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for | * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for | |||
| interop with Keychain Access on macOS. | interop with Keychain Access on macOS. | |||
| 11.1.4. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 | 11.1.5. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 | |||
| * Order subject/issuer DN components by scope. | * Order subject/issuer DN components by scope. | |||
| * Put cross-signed intermediate CA certificates into PKCS#12 instead | * Put cross-signed intermediate CA certificates into PKCS#12 instead | |||
| of self-signed root CA certificates. | of self-signed root CA certificates. | |||
| 11.1.5. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 | 11.1.6. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 | |||
| * Correct encoding of S/MIME Capabilities extension. | * Correct encoding of S/MIME Capabilities extension. | |||
| * Change "Certificate Authority" to "Certification Authority". | * Change "Certificate Authority" to "Certification Authority". | |||
| * Add CertificatePolicies to all intermediate and end-entity | * Add CertificatePolicies to all intermediate and end-entity | |||
| certificates. | certificates. | |||
| * Add organization and organizational unit to all certificates. | * Add organization and organizational unit to all certificates. | |||
| 11.1.6. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 | 11.1.7. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 | |||
| * Added cross-signed certificates for both CAs | * Added cross-signed certificates for both CAs | |||
| * Added S/MIME Capabilities extension for Carlos and Dana's | * Added S/MIME Capabilities extension for Carlos and Dana's | |||
| encryption keys, indicating preferred ECDH parameters. | encryption keys, indicating preferred ECDH parameters. | |||
| * Ensure no serial numbers are negative. | * Ensure no serial numbers are negative. | |||
| * Encode keyUsage extensions in minimum-length BIT STRINGs. | * Encode keyUsage extensions in minimum-length BIT STRINGs. | |||
| 11.1.7. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 | 11.1.8. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 | |||
| * Added Curve25519 sample certificates (new CA, Carlos, and Dana) | * Added Curve25519 sample certificates (new CA, Carlos, and Dana) | |||
| 11.1.8. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 | 11.1.9. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 | |||
| * WG adoption (dkg moves from Author to Editor) | * WG adoption (dkg moves from Author to Editor) | |||
| 11.1.9. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 | 11.1.10. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 | |||
| * PEM blobs are now sourcecode, not artwork | * PEM blobs are now sourcecode, not artwork | |||
| 11.1.10. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 | 11.1.11. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 | |||
| * Describe deterministic key generation | * Describe deterministic key generation | |||
| * label PEM blobs with filenames in XML | * label PEM blobs with filenames in XML | |||
| 11.1.11. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 | 11.1.12. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 | |||
| * Alice and Bob now each have two distinct certificates: one for | * Alice and Bob now each have two distinct certificates: one for | |||
| signing, one for encryption, and public keys to match. | signing, one for encryption, and public keys to match. | |||
| 11.1.12. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 | 11.1.13. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 | |||
| * PKCS#12 objects are deliberately locked with simple passphrases | * PKCS#12 objects are deliberately locked with simple passphrases | |||
| 11.1.13. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 | 11.1.14. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 | |||
| * changed all three keys to use RSA instead of RSA-PSS | * changed all three keys to use RSA instead of RSA-PSS | |||
| * set keyEncipherment keyUsage flag instead of dataEncipherment in | * set keyEncipherment keyUsage flag instead of dataEncipherment in | |||
| EE certs | EE certs | |||
| 12. Acknowledgements | 12. Acknowledgements | |||
| This draft was inspired by similar work in the OpenPGP space by | This draft was inspired by similar work in the OpenPGP space by | |||
| Bjarni Runar and juga at [I-D.bre-openpgp-samples]. | Bjarni Runar and juga at [I-D.bre-openpgp-samples]. | |||
| skipping to change at page 35, line 29 ¶ | skipping to change at page 35, line 29 ¶ | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
| <https://www.rfc-editor.org/info/rfc5280>. | <https://www.rfc-editor.org/info/rfc5280>. | |||
| [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, | [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, | |||
| DOI 10.17487/RFC5322, October 2008, | DOI 10.17487/RFC5958, August 2010, | |||
| <https://www.rfc-editor.org/info/rfc5322>. | <https://www.rfc-editor.org/info/rfc5958>. | |||
| [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., | [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., | |||
| and M. Scott, "PKCS #12: Personal Information Exchange | and M. Scott, "PKCS #12: Personal Information Exchange | |||
| Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, | Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, | |||
| <https://www.rfc-editor.org/info/rfc7292>. | <https://www.rfc-editor.org/info/rfc7292>. | |||
| [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, | ||||
| PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, | ||||
| April 2015, <https://www.rfc-editor.org/info/rfc7468>. | ||||
| [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital | [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital | |||
| Signature Algorithm (EdDSA)", RFC 8032, | Signature Algorithm (EdDSA)", RFC 8032, | |||
| DOI 10.17487/RFC8032, January 2017, | DOI 10.17487/RFC8032, January 2017, | |||
| <https://www.rfc-editor.org/info/rfc8032>. | <https://www.rfc-editor.org/info/rfc8032>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC8479] Mavrogiannopoulos, N., "Storing Validation Parameters in | ||||
| PKCS#8", RFC 8479, DOI 10.17487/RFC8479, September 2018, | ||||
| <https://www.rfc-editor.org/info/rfc8479>. | ||||
| [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ | [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ | |||
| Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 | Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 | |||
| Message Specification", RFC 8551, DOI 10.17487/RFC8551, | Message Specification", RFC 8551, DOI 10.17487/RFC8551, | |||
| April 2019, <https://www.rfc-editor.org/info/rfc8551>. | April 2019, <https://www.rfc-editor.org/info/rfc8551>. | |||
| 13.2. Informative References | 13.2. Informative References | |||
| [FIPS186-4] | [FIPS186-4] | |||
| "Digital Signature Standard (DSS)", National Institute of | "Digital Signature Standard (DSS)", National Institute of | |||
| Standards and Technology report, | Standards and Technology report, | |||
| skipping to change at page 36, line 22 ¶ | skipping to change at page 36, line 33 ¶ | |||
| Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP | Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP | |||
| Example Keys and Certificates", Work in Progress, | Example Keys and Certificates", Work in Progress, | |||
| Internet-Draft, draft-bre-openpgp-samples-01, 20 December | Internet-Draft, draft-bre-openpgp-samples-01, 20 December | |||
| 2019, <https://www.ietf.org/archive/id/draft-bre-openpgp- | 2019, <https://www.ietf.org/archive/id/draft-bre-openpgp- | |||
| samples-01.txt>. | samples-01.txt>. | |||
| [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, | [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, | |||
| DOI 10.17487/RFC4134, July 2005, | DOI 10.17487/RFC4134, July 2005, | |||
| <https://www.rfc-editor.org/info/rfc4134>. | <https://www.rfc-editor.org/info/rfc4134>. | |||
| [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, | [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, | |||
| PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, | DOI 10.17487/RFC5322, October 2008, | |||
| April 2015, <https://www.rfc-editor.org/info/rfc7468>. | <https://www.rfc-editor.org/info/rfc5322>. | |||
| [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning | [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning | |||
| Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April | Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April | |||
| 2015, <https://www.rfc-editor.org/info/rfc7469>. | 2015, <https://www.rfc-editor.org/info/rfc7469>. | |||
| [RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for | [RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for | |||
| Ed25519, Ed448, X25519, and X448 for Use in the Internet | Ed25519, Ed448, X25519, and X448 for Use in the Internet | |||
| X.509 Public Key Infrastructure", RFC 8410, | X.509 Public Key Infrastructure", RFC 8410, | |||
| DOI 10.17487/RFC8410, August 2018, | DOI 10.17487/RFC8410, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8410>. | <https://www.rfc-editor.org/info/rfc8410>. | |||
| End of changes. 38 change blocks. | ||||
| 46 lines changed or deleted | 64 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||