idnits 2.17.00 (12 Aug 2021)

/tmp/idnits2559/draft-blake-wilson-xmldsig-ecdsa-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  ** The document seems to lack a 1id_guidelines paragraph about
     Internet-Drafts being working documents. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     current Internet-Drafts. 

  ** The document seems to lack a 1id_guidelines paragraph about the list of
     Shadow Directories -- however, there's a paragraph with a matching
     beginning. Boilerplate error?

  == There is 1 instance of lines with non-ascii characters in the document.

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard

  == The page length should not exceed 58 lines per page, but there was 5
     longer pages, the longest (page 7) being 74 lines


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** The document seems to lack separate sections for Informative/Normative
     References.  All references will be assumed normative when checking for
     downward references.

  ** There is 1 instance of too long lines in the document, the longest one
     being 1 character in excess of 72.

  ** The abstract seems to contain references ([XMLDSIG]), which it
     shouldn't.  Please replace those with straight textual mentions of the
     documents in question.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 112: '...The XML namespace [XML-ns] URI that MUST be used by implementations of...'
     RFC 2119 keyword, line 142: '...definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]:...'
     RFC 2119 keyword, line 201: '...[X9.62], [FIPS-186-2] or [SEC2], the OIDs of these curves SHOULD be used...'


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (December 2002) is 7096 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'FIPS186-2' is mentioned on line 85, but not defined

  == Missing Reference: 'NIST-ECC' is mentioned on line 469, but not defined

  -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS-180-1'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'FIPS-186-2'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE1363'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'KEYS'

  ** Downref: Normative reference to an Informational RFC: RFC 3061

  -- Possible downref: Non-RFC (?) normative reference: ref. 'SEC1'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'SEC2'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'XML'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'XMLDSIG'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'XML-ns'

  -- Possible downref: Non-RFC (?) normative reference: ref. 'XML-schema'


     Summary: 10 errors (**), 0 flaws (~~), 6 warnings (==), 12 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	INTERNET-DRAFT                                    S. Blake-Wilson, BCI
2	                                             G. Karlinger, CIO Austria
3	                                                         Y. Wang, UNCC
4	                                                     T. Kobayashi, NTT
5	Expires: June 2003                                       December 2002

7	                     ECDSA with XML-Signature Syntax
8	                 <draft-blake-wilson-xmldsig-ecdsa-04.txt>

10	Status of this Memo

12	This document is an Internet-Draft and is in full conformance with all
13	provisions of Section 10 of RFC2026. Internet-Drafts are working
14	documents of the Internet Engineering Task Force (IETF), its areas,
15	and its working groups. Note that other groups may also distribute
16	working documents as Internet-Drafts.

18	Internet-Drafts are draft documents valid for a maximum of six months
19	and may be updated, replaced, or obsoleted by other documents at any
20	time. It is inappropriate to use Internet-Drafts as reference material
21	or to cite them other than as "work in progress."

23	The list of current Internet-Drafts may be found at
24	http://www.ietf.org/ietf/1id-abstracts.txt

26	The list of Internet-Draft Shadow Directories may be found at
27	http://www.ietf.org/shadow.html.

29	Abstract

31	  This document specifies how to use ECDSA (Elliptic Curve Digital
32	  Signature Algorithm) with XML Signatures [XMLDSIG]. The mechanism
33	  specified provides integrity, message authentication, and/or signer
34	  authentication services for data of any type, whether located
35	  within the XML that includes the signature or included by reference.

37	Table of Contents

39	  1  Introduction . . . . . . . . . . . . . . . . . . . . . . . . . .  3
40	  2  ECDSA  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
41	  3  Specifying ECDSA within XMLDSIG  . . . . . . . . . . . . . . . .  3
42	     3.1  Version, Namespaces and Identifiers . . . . . . . . . . . .  3
43	          3.1.1  XML Schema Preamble  . . . . . . . . . . . . . . . .  3
44	          3.1.2  DTD Replacement  . . . . . . . . . . . . . . . . . .  3
45	     3.2  XML Schema Preamble and DTD Replacement . . . . . . . . . .  4
46	          3.2.1 XML Schema Preamble . . . . . . . . . . . . . . . . .  4
47	          3.2.2 DTD Replacement . . . . . . . . . . . . . . . . . . .  4
48	     3.3  ECDSA Signatures  . . . . . . . . . . . . . . . . . . . . .  4
49	     3.4  ECDSA Key Values  . . . . . . . . . . . . . . . . . . . . .  4
50	          3.4.1  Key Value Root Element . . . . . . . . . . . . . . .  5
51	          3.4.2  EC Domain Parameters . . . . . . . . . . . . . . . .  5
52	                 3.4.2.1  Field Parameters  . . . . . . . . . . . . .  6
53	                 3.4.2.2  Curve Parameters  . . . . . . . . . . . . .  8
54	                 3.4.2.3  Base Point Parameters . . . . . . . . . . .  9
55	          3.4.3  EC Points  . . . . . . . . . . . . . . . . . . . . . 10
56	  4  Security Considerations  . . . . . . . . . . . . . . . . . . . . 11
57	  5  Intellectual Property Rights . . . . . . . . . . . . . . . . . . 11
58	  6  References . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
59	  7  Authors' addresses . . . . . . . . . . . . . . . . . . . . . . . 13
60	  8  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13
61	  9  Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 13

63	  Appendix A: Aggregate XML Schema  . . . . . . . . . . . . . . . . . 14
64	  Appendix B: Aggregate DTD . . . . . . . . . . . . . . . . . . . . . 17

66	1. Introduction

68	This document specifies how to use the Elliptic Curve Digital Signature
69	Algorithm (ECDSA) with XML signatures as specified in [XMLDSIG]. Therein
70	only two digital signature methods are defined: RSA signatures and DSA
71	(DSS) signatures. This document introduces ECDSA signatures as an
72	additional method.

74	This document uses both XML Schemas [XML-schema] (normative) and DTDs
75	[XML] (informational) for specifying the corresponding XML structures.

77	2. ECDSA

79	The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic
80	curve analogue of the DSA (DSS) signature method [FIPS186-2]. It is
81	defined in the ANSI X9.62 standard [X9.62]. Other compatible
82	specifications include FIPS 186-2 [FIPS186-2], IEEE 1363 [IEEE1363],
83	and SEC1 [SEC1]. [RFC3279] describes the means to carry ECDSA keys in
84	X.509 certificates. Recommended elliptic curve domain parameters for
85	use with ECDSA are given in [FIPS186-2], [SEC2], and [X9.62].

87	Like DSA, ECDSA incorporates the use of a hash function. Currently,the
88	only hash function defined for use with ECDSA is the SHA-1 message
89	digest algorithm [FIPS-180-1].

91	ECDSA signatures are smaller than RSA signatures of similar
92	cryptographic strength. ECDSA public keys (and certificates) are smaller
93	than similar strength DSA keys, resulting in improved communications
94	efficiency. Furthermore, on many platforms ECDSA operations can be
95	computed faster than similar strength RSA or DSA operations (see [KEYS]
96	for a security analysis of key sizes across public key algorithms).
97	These advantages of signature size, bandwidth, and computational
98	efficiency may make ECDSA an attractive choice for XMLDSIG
99	implementations.

101	3. Specifying ECDSA within XMLDSIG

103	This section specifies the details of how to use ECDSA with XML
104	Signature Syntax and Processing [XMLDSIG]. It relies heavily on the
105	syntax and namespace defined therein.

107	3.1 Version, Namespaces and Identifiers

109	No provision is made for an explicit version number in this syntax. If
110	a future version is needed, it will use a different namespace.

112	The XML namespace [XML-ns] URI that MUST be used by implementations of
113	this (dated) specification is:
114	  http://www.buergerkarte.at/namespaces/ecdsa/200206030#

116	Elements in the namespace of the [XMLDSIG] specification are marked as
117	such by using the namespace prefix "dsig" in the remaining sections of
118	this document.

120	The identifier for the ECDSA signature algorithm is:
121	  http://www.buergerkarte.at/namespaces/ecdsa/200206030#ecdsa-sha1

123	3.2 XML Schema Preamble and DTD Replacement

125	3.2.1 XML Schema Preamble

127	The subsequent preamble is to be used with the XML Schema definitions
128	given in the remaining sections of this document.

130	  <?xml version="1.0" encoding="UTF-8"?>
131	  <xs:schema
132	    targetNamespace="http://www.buergerkarte.at/namespaces/
133	                     ecdsa/200206030#"
134	    xmlns:ecdsa="http://www.buergerkarte.at/namespaces/ecdsa/200206030#"
135	    xmlns:xs="http://www.w3.org/2001/XMLSchema"
136	    elementFormDefault="qualified" attributeFormDefault="unqualified"
137	    version="0.2">

139	3.2.2 DTD Replacement

141	In order to include ECDSA in XML-signature syntax, the following
142	definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]:

144	  <!ENTITY % KeyValue.ANY '| ecdsa:ECDSAKeyValue'>

146	3.3 ECDSA Signatures

148	The input to the ECDSA algorithm is the canonicalized represenation of
149	the dsig:SignedInfo element as specified in Section 3 of [XMLDSIG].

151	The output of the ECDSA algorithm consists of a pair of integers usually
152	referred by the pair (r, s). The signature value (text value of element
153	dsig:SignatureValue - see section 4.2 of [XMLDSIG]) consists of the
154	base64 encoding of the concatenation of two octet-streams that
155	respectively result from the octet-encoding of the values r and s. This
156	concatenation is described in section E3.1 of [IEEE1363].

158	3.4 ECDSA Key Values

160	The syntax used for ECDSA key values closely follows the ASN.1 syntax
161	defined in ANSI X9.62 [X9.62].

163	3.4.1 Key Value Root Element

165	The element ECDSAKeyValue is used for encoding ECDSA public keys. For
166	use with XMLDSIG simply use this element inside dsig:KeyValue, such as
167	the predefined elements dsig:RSAKeyValue or dsig:DSAKeyValue.

169	The element consists of an optional subelement DomainParameters and the
170	mandatory subelement PublicKey. If Domainparameters is missing in an
171	instance, this means that the application knows about them from other
172	means (implicitly).

174	  Schema Definition:

176	  <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>

178	  <xs:complexType name="ECDSAKeyValueType">
179	    <xs:sequence>
180	      <xs:element name="DomainParameters" type="ecdsa:DomainParamsType"
181	                  minOccurs="0"/>
182	      <xs:element name="PublicKey" type="ecdsa:ECPointType"/>
183	    </xs:sequence>
184	  </xs:complexType>

186	  DTD Definition:

188	  <!ELEMENT ECDSAKeyValue (DomainParameters?, PublicKey)>
189	  <!ELEMENT PublicKey (X, Y)?>
190	  <!ELEMENT X EMPTY>
191	  <!ATTLIST X Value CDATA #REQUIRED>
192	  <!ELEMENT Y EMPTY>
193	  <!ATTLIST Y Value CDATA #REQUIRED>

195	3.4.2 EC Domain Parameters

197	Domain parameters can be encoded either explicitly using element
198	ExplicitParams, or by reference using element NamedCurve. The latter
199	simply consists of an attribute named URN, which bears a uniform
200	ressource name as its value. For the named curves of standards like
201	[X9.62], [FIPS-186-2] or [SEC2], the OIDs of these curves SHOULD be used
202	in this attribute, e. g. URN="urn:oid:1.2.840.10045.3.1.1". The
203	mechanism for encoding OIDs in URNs is shown in [RFC3061].

205	  Schema Definition:

207	  <xs:complexType name="DomainParamsType">
208	    <xs:choice>
209	      <xs:element name="ExplicitParams"
210	                  type="ecdsa:ExplicitParamsType"/>
211	      <xs:element name="NamedCurve">
212	        <xs:complexType>
213	          <xs:attribute name="URN" type="xs:anyURI" use="required"/>
214	        </xs:complexType>
215	      </xs:element>
216	    </xs:choice>
217	  </xs:complexType>

219	  DTD Definition:

221	  <!ELEMENT DomainParameters (ExplicitParams | NamedCurve)>
222	  <!ELEMENT NamedCurve EMPTY>
223	  <!ATTLIST NamedCurve URN CDATA #REQUIRED>

225	The element ExplicitParams is used for explicit encoding of domain
226	parameters. It contains three subelements: FieldParams describes the
227	underlying field, CurveParams describes the elliptic curve, and
228	BasePointParams describes the base point of the elliptic curve.

230	  Schema Definition:

232	  <xs:complexType name="ExplicitParamsType">
233	    <xs:sequence>
234	      <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
235	      <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
236	      <xs:element name="BasePointParams"
237	                  type="ecdsa:BasePointParamsType"/>
238	    </xs:sequence>
239	  </xs:complexType>

241	  DTD Definition:

243	  <!ELEMENT ExplicitParams (FieldParams, CurveParams, BasePointParams)>

245	3.4.2.1 Field Parameters

247	The element FieldParams is used for encoding field parameters. The
248	corresponding XML Schema type FieldParamsType is declared abstract and
249	will be extended by specialized types for prime field, characteristic
250	two field and odd characteristic extension fields parameters.

252	The XML Schema type PrimeFieldParamsType is derived from FieldParamsType
253	and is used for for encoding prime field parameters. The type contains
254	as its single subelement P, the order of the prime field.

256	The XML Schema type CharTwoFieldParamsType is derived from
257	FieldParamsType as well and is used for encoding parameters of a
258	characteristic two field. It is again an abstract type and will be
259	extended by specialized types for trinomial base fields and pentanomial
260	base fields. F2m Gaussian Normal Base fields are not supported by this
261	specification to relieve interoperability. Common to both specialized
262	types is the element M, the extension degree of the field.

264	The XML Schema type TnBFieldParamsType is derived from
265	CharTwoFieldParamsType and is used for encoding trinomial base fields.
266	It adds the single element K, which represents the integer k, where
267	x^m + x^k + 1 is the reduction polynomial.

269	The XML Schema type PnBFieldParamsType is derived from
270	CharTwoFieldParamsType as well and is used for encoding pentanomial base
271	fields. It adds the three elements K1, K2 and K3, which represent the
272	integers k1, k2 and k3 respectively, where x^m + x^k3 + x^k2 + x^k1 + 1
273	is the reduction polynomial.

275	The XML Schema type OddCharExtensionFieldParamsType is derived from
276	FieldParamsType as well and is used for encoding parameters of a
277	odd characteristic extension field.
278	The type contains two elements M, the extension degree of the field,
279	and W, which represent the integers w,
280	where x^m - w is the reduction polynomial.

282	  Schema Definition:

284	  <xs:complexType name="FieldParamsType" abstract="true"/>

286	  <xs:complexType name="PrimeFieldParamsType">
287	    <xs:complexContent>
288	      <xs:extension base="ecdsa:FieldParamsType">
289	        <xs:sequence>
290	          <xs:element name="P" type="xs:positiveInteger"/>
291	        </xs:sequence>
292	      </xs:extension>
293	    </xs:complexContent>
294	  </xs:complexType>

296	  <xs:complexType name="CharTwoFieldParamsType" abstract="true">
297	    <xs:complexContent>
298	      <xs:extension base="ecdsa:FieldParamsType">
299	        <xs:sequence>
300	          <xs:element name="M" type="xs:positiveInteger"/>
301	        </xs:sequence>
302	      </xs:extension>
303	    </xs:complexContent>
304	  </xs:complexType>

306	  <xs:complexType name="OddCharExtensionFieldParamsType" abstract="true">
307	    <xs:complexContent>
308	      <xs:extension base="ecdsa:FieldParamsType">
309	        <xs:sequence>
310	          <xs:element name="M" type="xs:positiveInteger"/>
311	          <xs:element name="W" type="xs:positiveInteger"/>
312	        </xs:sequence>
313	      </xs:extension>
314	    </xs:complexContent>
315	  </xs:complexType>
316	  <xs:complexType name="TnBFieldParamsType">
317	    <xs:complexContent>
318	      <xs:extension base="ecdsa:CharTwoFieldParamsType">
319	        <xs:sequence>
320	          <xs:element name="K" type="xs:positiveInteger"/>
321	        </xs:sequence>
322	      </xs:extension>
323	    </xs:complexContent>
324	  </xs:complexType>

326	  <xs:complexType name="PnBFieldParamsType">
327	    <xs:complexContent>
328	      <xs:extension base="ecdsa:CharTwoFieldParamsType">
329	        <xs:sequence>
330	          <xs:element name="K1" type="xs:positiveInteger"/>
331	          <xs:element name="K2" type="xs:positiveInteger"/>
332	          <xs:element name="K3" type="xs:positiveInteger"/>
333	        </xs:sequence>
334	      </xs:extension>
335	    </xs:complexContent>
336	  </xs:complexType>

338	  DTD Definition:

340	  <!ELEMENT FieldParams (P | (M, K) | (M, K1, K2, K3))>
341	  <!ELEMENT P (#PCDATA)>
342	  <!ELEMENT M (#PCDATA)>
343	  <!ELEMENT K (#PCDATA)>
344	  <!ELEMENT K1 (#PCDATA)>
345	  <!ELEMENT K2 (#PCDATA)>
346	  <!ELEMENT K3 (#PCDATA)>

348	3.4.2.2 Curve Parameters

350	The element CurveParams is used for encoding parameters of the elliptic
351	curve. The corresponding XML Schema type CurveParamsType bears the
352	elements A and B representing the coefficients a and b of the elliptic
353	curve, while the optional element Seed contains the value used to derive
354	the coefficients of a randomly generated elliptic curve, according to
355	the algorithm specified in annex A3.3 of [X9.62].

357	  Schema Definition:

359	  <xs:complexType name="CurveParamsType">
360	    <xs:sequence>
361	      <xs:element name="A" type="ecdsa:FieldElemType"/>
362	      <xs:element name="B" type="ecdsa:FieldElemType"/>
363	      <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
364	    </xs:sequence>
365	  </xs:complexType>

367	  DTD Definition:

369	  <!ELEMENT CurveParams (A, B, Seed?)>
370	  <!ELEMENT A EMPTY>
371	  <!ATTLIST A Value CDATA #REQUIRED>
372	  <!ELEMENT B EMPTY>
373	  <!ATTLIST B Value CDATA #REQUIRED>
374	  <!ELEMENT Seed (#PCDATA)>

376	3.4.2.3 Base Point Parameters

378	The element BasePointParams is used for encoding parameters regarding
379	the base point of the elliptic curve. BasePoint represents the base
380	point itself, Order provides the order of the base point, and Cofactor
381	optionally provides the cofactor of the base point.

383	  Schema Definition:

385	  <xs:complexType name="BasePointParamsType">
386	    <xs:sequence>
387	      <xs:element name="BasePoint" type="ecdsa:ECPointType"/>
388	      <xs:element name="Order" type="xs:positiveInteger"/>
389	      <xs:element name="Cofactor" type="xs:positiveInteger"
390	                  minOccurs="0"/>
391	    </xs:sequence>
392	  </xs:complexType>

394	  DTD Definition:

396	  <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)>
397	  <!ELEMENT BasePoint (X, Y)?>
398	  <!ELEMENT Order (#PCDATA)>
399	  <!ELEMENT Cofactor (#PCDATA)>

401	3.4.3 EC Points

403	The XML Schema type ECPointType is used for encoding a point on the
404	elliptic curve. It consists of the subelements X and Y, providing the
405	x and y coordinates of the point. Point compression representation is
406	not supported by this specification for the sake of simple design.

408	The point at infinity is encoded by omitting both elements X and Y.

410	The subelements X and Y are of type FieldElemType. This is an abstract
411	type for encoding elements of the elliptic curveËs underlying field and
412	is extended by specialized types for prime field elements and
413	characteristic two field elements.

415	The XML Schema type PrimeFieldElemType is used for encoding prime field
416	elements. It contains a single attribute named Value, whose value
417	represents the field element as an integer.

419	The XML Schema type CharTwoFieldElemType is used for encoding
420	characteristic two field elements. It Contains a single attribute named
421	Value, whose value represents the field element as an octet string. The
422	octet string must be composed as shown in paragraph 2 of section 4.3.3
423	of [X9.62].

425	  Schema Definition:

427	  <xs:complexType name="ECPointType">
428	    <xs:sequence minOccurs="0">
429	      <xs:element name="X" type="ecdsa:FieldElemType"/>
430	      <xs:element name="Y" type="ecdsa:FieldElemType"/>
431	    </xs:sequence>
432	  </xs:complexType>

434	  <xs:complexType name="FieldElemType" abstract="true"/>

436	  <xs:complexType name="PrimeFieldElemType">
437	    <xs:complexContent>
438	      <xs:extension base="ecdsa:FieldElemType">
439	        <xs:attribute name="Value" type="xs:nonNegativeInteger"
440	                      use="required"/>
441	      </xs:extension>
442	    </xs:complexContent>
443	  </xs:complexType>

445	  <xs:complexType name="OddCharExtensionFieldElemType">
446	    <xs:complexContent>
447	      <xs:extension base="ecdsa:FieldElemType">
448	        <xs:attribute name="Value" type="xs:nonNegativeInteger"
449	                      use="required"/>
450	      </xs:extension>
451	    </xs:complexContent>
452	  </xs:complexType>
453	  <xs:complexType name="CharTwoFieldElemType">
454	    <xs:complexContent>
455	      <xs:extension base="ecdsa:FieldElemType">
456	        <xs:attribute name="Value" type="xs:hexBinary"
457	                      use="required"/>
458	      </xs:extension>
459	    </xs:complexContent>
460	  </xs:complexType>

462	4. Security Considerations

464	Implementers should ensure that appropriate security measures are in
465	place when they deploy ECDSA within XMLDSIG. In particular, the security
466	of ECDSA requires the careful selection of both key sizes and elliptic
467	curve domain parameters. Selection guidelines for these parameters and
468	some specific recommended curves that are considered safe are provided
469	in [X9.62], [NIST-ECC], and [SEC2]. For further security discussion,
470	see [XMLDSIG].

472	5. Intellectual Property Rights

474	The IETF has been notified of intellectual property rights claimed in
475	regard to the specification contained in this document.
476	For more information, consult the online list of claimed rights
477	(http://www.ietf.org/ipr.html).

479	The IETF takes no position regarding the validity or scope of any
480	intellectual property or other rights that might be claimed to
481	pertain to the implementation or use of the technology described in
482	this document or the extent to which any license under such rights
483	might or might not be available; neither does it represent that it
484	has made any effort to identify any such rights. Information on the
485	IETF's procedures with respect to rights in standards-track and
486	standards-related documentation can be found in BCP-11. Copies of
487	claims of rights made available for publication and any assurances of
488	licenses to be made available, or the result of an attempt made to
489	obtain a general license or permission for the use of such
490	proprietary rights by implementers or users of this specification can
491	be obtained from the IETF Secretariat.

493	6. References

495	  [FIPS-180-1] Federal Information Processing Standards Publication
496	               (FIPS PUB) 180-1, Secure Hash Standard, April 1995.

498	  [FIPS-186-2] Federal Information Processing Standards Publication
499	               (FIPS PUB) 186-2, Digital Signature Standard. January
500	               2000.

502	  [IEEE1363] Institute for Electrical and Electronics Engineers (IEEE)
503	             Standard 1363-2000, Standard Specifications for Public Key
504	             Cryptography. January 2000.

506	  [KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key
507	         Sizes. October 1999. Presented at Public Key Cryptography
508	         Conference, Melbourne, Australia, January 2000.
509	         http://www.cryptosavvy.com/

511	  [RFC3061] Mealling, M., RFC 3061, A URN Namespace of Object
512	            Identifiers. IETF Informational RFC, February 2001.
513	            http://www.ietf.org/rfc/rfc3061.txt

515	  [RFC3279] Bassham, L., Housley, R., and Polk, W., RFC 3279, Algorithms
516	            and Identifiers for the Internet X.509 Public Key
517	            Infrastructure Certificate and Certificate Revocation List
518	            (CRL) Profile. IETF Proposed Standard, April 2002.
519	            http://www.ietf.org/rfc/rfc3279.txt

521	  [SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic
522	         Curve Cryptography, Version 1.0, September 2000.
523	         http://www.secg.org

525	  [SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended
526	         Elliptic Curve Domain Parameters, Version 1.0, September 2000.
527	         http://www.secg.org

529	  [X9.62] American National Standards Institute. ANSI X9.62-1998,
530	          Public Key Cryptography for the Financial Services Industry:
531	          The Elliptic Curve Digital Signature Algorithm. January 1999.

533	  [XML] Bray, T., Maler, E., Paoli, J. , and Sperberg-McQueen, C. M.,
534	        Extensible Markup Language (XML) 1.0 (Second Edition), W3C
535	        Recommendation, October 2000.
536	        http://www.w3.org/TR/2000/REC-xml-20001006

538	  [XMLDSIG] Eastlake, D., Reagle, J., and Solo, D., XML-Signature
539	            Syntax and Processing. W3C Recommendation, February 2002.
540	            http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/

542	  [XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML,
543	           W3C Recommendation, January 1999.
544	           http://www.w3.org/TR/1999/REC-xml-names-19990114/

546	   [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson,
547	                H., XML Schema Part 1: Structures, W3C Recommendation,
548	                May 2001.
549	                http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/
550	                Biron, P., and Malhotra, A., ML Schema Part 2:
551	                Datatypes, W3C Recommendation, May 2001.
552	                http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/

554	7. Authors' Addresses

556	   Simon Blake-Wilson
557	   BCI
558	   96 Spadina Ave, Unit 606
559	   Toronto, ON, M5V 2J6, Canada
560	   e-mail: sblakewilson@bcisse.com

562	   Gregor Karlinger
563	   Chief Information Office Austria
564	   Parkring 10/I/5
565	   1010 Wien, Austria
566	   e-mail: gregor.karlinger@cio.gv.at

568	   Tetsutaro Kobayashi
569	   NTT Laboratories
570	   1-1 Hikarinooka, Yokosuka, 239-0847, Japan
571	   Phone: +81-468-59-3712
572	   FAX:   +81-468-59-3365
573	   email: kotetsu@isl.ntt.co.jp

575	   Yongge Wang
576	   University of North Carolina at Charlotte
577	   9201 University City Blvd
578	   Charlotte, NC 28223, USA
579	   e-mail: yonwang@uncc.edu

581	8. Acknowledgements

583	  The authors would like to acknowledge the many helpful comments of
584	  Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Joseph M.
585	  Reagle Jr., and Francois Rousseau.

587	9. Full Copyright Statement

589	  Copyright (C) The Internet Society (1999).  All Rights Reserved.

591	  This document and translations of it may be copied and furnished to
592	  others, and derivative works that comment on or otherwise explain
593	  it or assist in its implementation may be prepared, copied,
594	  published and distributed, in whole or in part, without restriction
595	  of any kind, provided that the above copyright notice and this
596	  paragraph are included on all such copies and derivative works.
597	  However, this document itself may not be modified in any way, such
598	  as by removing the copyright notice or references to the Internet
599	  Society or other Internet organizations, except as needed for the
600	  purpose of developing Internet standards in which case the procedures
601	  for copyrights defined in the Internet Standards process must be
602	  followed, or as required to translate it into languages other than
603	  English.

605	  The limited permissions granted above are perpetual and will not be
606	  revoked by the Internet Society or its successors or assigns.

608	  This document and the information contained herein is provided on an
609	  "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
610	  TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
611	  BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
612	  HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
613	  MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

615	Appendix A: Aggregate XML Schema

617	  <?xml version="1.0" encoding="UTF-8"?>
618	  <xs:schema targetNamespace="http://www.buergerkarte.at/namespaces/
619	                              ecdsa/200206030#"
620	             xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
621	             xmlns:xs="http://www.w3.org/2001/XMLSchema"
622	             xmlns:ecdsa="http://www.buergerkarte.at/namespaces/
623	                          ecdsa/200206030#"
624	             elementFormDefault="qualified"
625	             attributeFormDefault="unqualified" version="0.3">

627	    <!--ECDSA key value root element-->

629	    <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/>
630	    <xs:complexType name="ECDSAKeyValueType">
631	      <xs:sequence>
632	        <xs:element name="DomainParameters"
633	                    type="ecdsa:DomainParamsType" minOccurs="0"/>
634	        <xs:element name="PublicKey" type="ecdsa:ECPointType"/>
635	      </xs:sequence>
636	    </xs:complexType>
637	    <!--EC domain parameters-->

639	    <xs:complexType name="DomainParamsType">
640	      <xs:choice>
641	        <xs:element name="ExplicitParams"
642	                    type="ecdsa:ExplicitParamsType"/>
643	        <xs:element name="NamedCurve">
644	          <xs:complexType>
645	            <xs:attribute name="URN" type="xs:anyURI" use="required"/>
646	          </xs:complexType>
647	        </xs:element>
648	      </xs:choice>
649	    </xs:complexType>
650	    <xs:complexType name="FieldParamsType" abstract="true"/>

652	    <xs:complexType name="PrimeFieldParamsType">
653	      <xs:complexContent>
654	        <xs:extension base="ecdsa:FieldParamsType">
655	          <xs:sequence>
656	            <xs:element name="P" type="xs:positiveInteger"/>
657	          </xs:sequence>
658	        </xs:extension>
659	      </xs:complexContent>
660	    </xs:complexType>
661	    <xs:complexType name="OddCharExtensionFieldParamsType">
662	      <xs:complexContent>
663	        <xs:extension base="ecdsa:FieldParamsType">
664	          <xs:sequence>
665	            <xs:element name="M" type="xs:positiveInteger"/>
666	            <xs:element name="W" type="xs:positiveInteger"/>
667	          </xs:sequence>
668	        </xs:extension>
669	      </xs:complexContent>
670	    </xs:complexType>
671	    <xs:complexType name="CharTwoFieldParamsType" abstract="true">
672	      <xs:complexContent>
673	        <xs:extension base="ecdsa:FieldParamsType">
674	          <xs:sequence>
675	            <xs:element name="M" type="xs:positiveInteger"/>
676	          </xs:sequence>
677	        </xs:extension>
678	      </xs:complexContent>
679	    </xs:complexType>
680	    <xs:complexType name="TnBFieldParamsType">
681	      <xs:complexContent>
682	        <xs:extension base="ecdsa:CharTwoFieldParamsType">
683	          <xs:sequence>
684	            <xs:element name="K" type="xs:positiveInteger"/>
685	          </xs:sequence>
686	        </xs:extension>
687	      </xs:complexContent>
688	    </xs:complexType>
689	    <xs:complexType name="PnBFieldParamsType">
690	      <xs:complexContent>
691	        <xs:extension base="ecdsa:CharTwoFieldParamsType">
692	          <xs:sequence>
693	            <xs:element name="K1" type="xs:positiveInteger"/>
694	            <xs:element name="K2" type="xs:positiveInteger"/>
695	            <xs:element name="K3" type="xs:positiveInteger"/>
696	          </xs:sequence>
697	        </xs:extension>
698	      </xs:complexContent>
699	    </xs:complexType>
700	    <xs:complexType name="ExplicitParamsType">
701	      <xs:sequence>
702	        <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/>
703	        <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/>
704	        <xs:element name="BasePointParams"
705	                    type="ecdsa:BasePointParamsType"/>
706	      </xs:sequence>
707	    </xs:complexType>
708	    <xs:complexType name="CurveParamsType">
709	      <xs:sequence>
710	        <xs:element name="A" type="ecdsa:FieldElemType"/>
711	        <xs:element name="B" type="ecdsa:FieldElemType"/>
712	        <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/>
713	      </xs:sequence>
714	    </xs:complexType>
715	    <xs:complexType name="BasePointParamsType">
716	      <xs:sequence>
717	        <xs:element name="BasePoint" type="ecdsa:ECPointType"/>
718	        <xs:element name="Order" type="xs:positiveInteger"/>
719	        <xs:element name="Cofactor" type="xs:positiveInteger"
720	                    minOccurs="0"/>
721	      </xs:sequence>
722	    </xs:complexType>

724	    <!--EC point-->

726	    <xs:complexType name="ECPointType">
727	      <xs:sequence minOccurs="0">
728	        <xs:element name="X" type="ecdsa:FieldElemType"/>
729	        <xs:element name="Y" type="ecdsa:FieldElemType"/>
730	      </xs:sequence>
731	    </xs:complexType>
732	    <!--Field element-->

734	    <xs:complexType name="FieldElemType" abstract="true"/>
735	    <xs:complexType name="PrimeFieldElemType">
736	      <xs:complexContent>
737	        <xs:extension base="ecdsa:FieldElemType">
738	          <xs:attribute name="Value" type="xs:nonNegativeInteger"
739	                        use="required"/>
740	        </xs:extension>
741	      </xs:complexContent>
742	    </xs:complexType>
743	    <xs:complexType name="OddCharExtensionFieldElemType">
744	      <xs:complexContent>
745	        <xs:extension base="ecdsa:FieldElemType">
746	          <xs:attribute name="Value" type="xs:nonNegativeInteger"
747	                        use="required"/>
748	        </xs:extension>
749	      </xs:complexContent>
750	    </xs:complexType>
751	    <xs:complexType name="CharTwoFieldElemType">
752	      <xs:complexContent>
753	        <xs:extension base="ecdsa:FieldElemType">
754	          <xs:attribute name="Value" type="xs:hexBinary"
755	                        use="required"/>
756	        </xs:extension>
757	      </xs:complexContent>
758	    </xs:complexType>
759	  </xs:schema>

761	Appendix A: Aggregate DTD

763	  <!ELEMENT ECDSAKeyValue (DomainParameters?, PublicKey)>
764	  <!ELEMENT PublicKey (X, Y)?>
765	  <!ELEMENT X EMPTY>
766	  <!ATTLIST X Value CDATA #REQUIRED>
767	  <!ELEMENT Y EMPTY>
768	  <!ATTLIST Y Value CDATA #REQUIRED>
769	  <!ELEMENT DomainParameters (ExplicitParams | NamedCurve)>
770	  <!ELEMENT NamedCurve EMPTY>
771	  <!ATTLIST NamedCurve URN CDATA #REQUIRED>
772	  <!ELEMENT ExplicitParams (FieldParams, CurveParams, BasePointParams)>
773	  <!ELEMENT FieldParams (P | (M, K) | (M, K1, K2, K3))>
774	  <!ELEMENT P (#PCDATA)>
775	  <!ELEMENT M (#PCDATA)>
776	  <!ELEMENT W (#PCDATA)>
777	  <!ELEMENT K (#PCDATA)>
778	  <!ELEMENT K1 (#PCDATA)>
779	  <!ELEMENT K2 (#PCDATA)>
780	  <!ELEMENT K3 (#PCDATA)>
781	  <!ELEMENT CurveParams (A, B, Seed?)>
782	  <!ELEMENT A EMPTY>
783	  <!ATTLIST A Value CDATA #REQUIRED>
784	  <!ELEMENT B EMPTY>
785	  <!ATTLIST B Value CDATA #REQUIRED>
786	  <!ELEMENT Seed (#PCDATA)>
787	  <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)>
788	  <!ELEMENT BasePoint (X, Y)?>
789	  <!ELEMENT Order (#PCDATA)>
790	  <!ELEMENT Cofactor (#PCDATA)>