| rfc8813xml2.original.xml | rfc8813.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ | <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"> | |||
| <!ENTITY RFC2119 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF | ||||
| C.2119.xml"> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category=" | |||
| <!ENTITY RFC5280 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF | std" consensus="true" docName="draft-ietf-lamps-5480-ku-clarifications-03" numbe | |||
| C.5280.xml"> | r="8813" updates="5480" ipr="trust200902" obsoletes="" xml:lang="en" symRefs="tr | |||
| <!ENTITY RFC5480 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF | ue" sortRefs="true" tocInclude="true" version="3"> | |||
| C.5480.xml"> | ||||
| <!ENTITY RFC8174 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF | <!-- xml2rfc v2v3 conversion 2.44.0 --> | |||
| C.8174.xml"> | <!-- Generated by id2xml 1.5.0 on 2020-05-19T19:13:04Z --> | |||
| ]> | ||||
| <rfc submissionType="IETF" docName="draft-ietf-lamps-5480-ku-clarifications-03" | ||||
| category="std" updates="5480" ipr="trust200902"> | ||||
| <!-- Generated by id2xml 1.5.0 on 2020-05-19T19:13:04Z --> | ||||
| <?rfc strict="yes"?> | ||||
| <?rfc compact="yes"?> | ||||
| <?rfc subcompact="no"?> | ||||
| <?rfc symrefs="yes"?> | ||||
| <?rfc sortrefs="yes"?> | ||||
| <?rfc text-list-symbols="o*+-"?> | ||||
| <?rfc toc="yes"?> | ||||
| <front> | <front> | |||
| <title abbrev="Clarifications for Elliptic Curve Crypto">Clarifications f | <title abbrev="Clarifications for ECC SPKI">Clarifications for Elliptic Curv | |||
| or Elliptic Curve Cryptogtaphy Subject Public Key Information</title> | e Cryptography Subject Public Key Information</title> | |||
| <author initials="T." surname="Ito" fullname="Tadahiko Ito"> | <seriesInfo name="RFC" value="8813"/> | |||
| <organization>SECOM CO., LTD.</organization> | <author initials="T." surname="Ito" fullname="Tadahiko Ito"> | |||
| <address><email>tadahiko.ito.public@gmail.com</email> | <organization>SECOM CO., LTD.</organization> | |||
| </address> | <address> | |||
| </author> | <email>tadahiko.ito.public@gmail.com</email> | |||
| </address> | ||||
| </author> | ||||
| <author initials="S." surname="Turner" fullname="Sean Turner"> | ||||
| <organization>sn3rd</organization> | ||||
| <address> | ||||
| <email>sean@sn3rd.com</email> | ||||
| </address> | ||||
| </author> | ||||
| <date month="August" year="2020"/> | ||||
| <workgroup>LAMPS</workgroup> | ||||
| <author initials="S." surname="Turner" fullname="Sean Turner"> | <keyword>PKIX</keyword> | |||
| <organization>sn3rd</organization> | <keyword>X.509</keyword> | |||
| <address><email>sean@sn3rd.com</email> | ||||
| </address> | ||||
| </author> | ||||
| <date year="2020" month="May"/> | <abstract> | |||
| <workgroup>LAMPS</workgroup> | <t> | |||
| <abstract><t> | ||||
| This document updates RFC 5480 to specify semantics for the | This document updates RFC 5480 to specify semantics for the | |||
| keyEncipherment and dataEncipherment key usage bits when used in | keyEncipherment and dataEncipherment key usage bits when used in | |||
| certificates that support Elliptic Curve Cryptography.</t> | certificates that support Elliptic Curve Cryptography.</t> | |||
| </abstract> | ||||
| </abstract> | </front> | |||
| </front> | <middle> | |||
| <section anchor="sect-1" numbered="true" toc="default"> | ||||
| <middle> | <name>Introduction</name> | |||
| <section title="Introduction" anchor="sect-1"><t> | <t> | |||
| <xref target="RFC5480"/> specifies the syntax and semantics for the Subject P | <xref target="RFC5480" format="default"/> specifies the syntax and semantics | |||
| ublic | for the Subject Public | |||
| Key Information field in certificates that support Elliptic Curve | Key Information field in certificates that support Elliptic Curve | |||
| Cryptography. As part of these semantics, it defines what | Cryptography. As part of these semantics, it defines what | |||
| combinations are permissible for the values of the key usage | combinations are permissible for the values of the key usage | |||
| extension <xref target="RFC5280"/>. <xref target="RFC5480"/> specifies 7 of | extension <xref target="RFC5280" format="default"/>. <xref target="RFC5480" | |||
| the 9 values; it | format="default"/> specifies 7 of the 9 values; it | |||
| makes no mention of keyEncipherment and dataEncipherment key usage | makes no mention of the keyEncipherment and dataEncipherment key usage | |||
| bits. This document corrects this omission, by updating Section 3 of | bits. This document corrects this omission by updating | |||
| <xref target="RFC5480"/> to make it clear that neither keyEncipherment nor th | <xref target="RFC5480" sectionFormat="of" section="3"/> to make it clear that | |||
| e | neither keyEncipherment nor the | |||
| dataEncipherment key usage bits are set for key agreement algorithms | dataEncipherment key usage bits are set for key agreement algorithms | |||
| defined therein. The additions are to be made to the end of | defined therein. The additions are to be made to the end of | |||
| <xref target="sect-3"/>.</t> | <xref target="RFC5480" sectionFormat="of" section="3"/>.</t> | |||
| </section> | ||||
| <section title="Terminology" anchor="sect-2"><t> | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | ||||
| "OPTIONAL" in this document are to be interpreted as described in BCP | ||||
| 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, the | ||||
| y appear in all | ||||
| capitals, as shown here.</t> | ||||
| </section> | ||||
| <section title="Updates to Section 3" anchor="sect-3"><t> | </section> | |||
| <section anchor="sect-2" numbered="true" toc="default"> | ||||
| <name>Terminology</name> | ||||
| <t> | ||||
| The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", | ||||
| "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | ||||
| NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", | ||||
| "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | ||||
| "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are | ||||
| to be interpreted as described in BCP 14 <xref target="RFC2119"/> | ||||
| <xref target="RFC8174"/> when, and only when, they appear in all capitals, | ||||
| as shown here. | ||||
| </t> | ||||
| </section> | ||||
| <section anchor="sect-3" numbered="true" toc="default"> | ||||
| <name>Updates to Section 3</name> | ||||
| <t> | ||||
| If the keyUsage extension is present in a certificate that indicates | If the keyUsage extension is present in a certificate that indicates | |||
| id-ecPublicKey in SubjectPublicKeyInfo, then following values MUST | id-ecPublicKey in SubjectPublicKeyInfo, then the following values <bcp14>MUST | |||
| NOT be present:</t> | NOT</bcp14> be present:</t> | |||
| <figure><artwork><![CDATA[ | <ul empty="true" spacing="compact"> | |||
| keyEncipherment; and | <li>keyEncipherment; and</li> | |||
| dataEncipherment. | <li>dataEncipherment.</li> | |||
| ]]></artwork> | </ul> | |||
| </figure> | <t> | |||
| <t> | ||||
| If the keyUsage extension is present in a certificate that indicates | If the keyUsage extension is present in a certificate that indicates | |||
| id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following | id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following | |||
| values also MUST NOT be present:</t> | values also <bcp14>MUST NOT</bcp14> be present:</t> | |||
| <figure><artwork><![CDATA[ | ||||
| keyEncipherment; and | ||||
| dataEncipherment. | ||||
| ]]></artwork> | ||||
| </figure> | ||||
| </section> | ||||
| <section title="Security Considerations" anchor="sect-4"><t> | <ul empty="true" spacing="compact"> | |||
| <li>keyEncipherment; and</li> | ||||
| <li>dataEncipherment.</li> | ||||
| </ul> | ||||
| </section> | ||||
| <section anchor="sect-4" numbered="true" toc="default"> | ||||
| <name>Security Considerations</name> | ||||
| <t> | ||||
| This document introduces no new security considerations beyond those | This document introduces no new security considerations beyond those | |||
| found in <xref target="RFC5480"/>.</t> | found in <xref target="RFC5480" format="default"/>.</t> | |||
| </section> | ||||
| </section> | <section anchor="sect-5" numbered="true" toc="default"> | |||
| <name>IANA Considerations</name> | ||||
| <section title="IANA Considerations" anchor="sect-5"><t> | <t>This document has no IANA actions.</t> | |||
| This document makes no request of IANA.</t> | </section> | |||
| </middle> | ||||
| </section> | <back> | |||
| <references> | ||||
| </middle> | <name>Normative References</name> | |||
| <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen | ||||
| <back> | ce.RFC.2119.xml"/> | |||
| <references title="Normative References"> | <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen | |||
| &RFC2119; | ce.RFC.5280.xml"/> | |||
| &RFC5280; | <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen | |||
| &RFC5480; | ce.RFC.5480.xml"/> | |||
| &RFC8174; | <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen | |||
| </references> | ce.RFC.8174.xml"/> | |||
| </back> | </references> | |||
| </back> | ||||
| </rfc> | </rfc> | |||
| End of changes. 13 change blocks. | ||||
| 81 lines changed or deleted | 79 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||