idnits 2.17.00 (12 Aug 2021) /tmp/idnits58329/draft-housley-smime-oids-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (1 December 2013) is 3093 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 2630 (Obsoleted by RFC 3369, RFC 3370) -- Obsolete informational reference (is this intentional?): RFC 2633 (Obsoleted by RFC 3851) -- Obsolete informational reference (is this intentional?): RFC 3126 (Obsoleted by RFC 5126) -- Duplicate reference: RFC3183, mentioned in 'RFC3183', was also mentioned in 'Err3757'. -- Obsolete informational reference (is this intentional?): RFC 3211 (Obsoleted by RFC 3369, RFC 3370) -- Obsolete informational reference (is this intentional?): RFC 3369 (Obsoleted by RFC 3852) -- Obsolete informational reference (is this intentional?): RFC 3851 (Obsoleted by RFC 5751) -- Obsolete informational reference (is this intentional?): RFC 3852 (Obsoleted by RFC 5652) -- Obsolete informational reference (is this intentional?): RFC 4049 (Obsoleted by RFC 6019) == Outdated reference: draft-housley-ct-keypackage-receipt-n-error has been published as RFC 7191 == Outdated reference: A later version (-10) exists of draft-housley-cms-mts-hash-sig-00 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 1 June 2014 1 December 2013 6 Object Identifier Registry for the S/MIME Mail Security Working Group 7 9 Abstract 11 When the S/MIME Mail Security Working Group was chartered, an object 12 identifier arc was donated by RSA Data Security for use by that 13 working group. This document describes the object identifiers that 14 were assigned in that donated arc, it transfers control of that arc 15 to IANA, and it establishes IANA allocation policies for any future 16 assignments within that arc. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as 26 Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/1id-abstracts.html 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html 39 Copyright and License Notice 41 Copyright (c) 2013 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 3 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 3.1. Update to SMI Security for Mechanism Codes Registry . . . 4 60 3.2. Add SMI Security for S/MIME Mail Security Registry . . . . 4 61 3.3. Add SMI Security for S/MIME Module Identifier Registry . . 5 62 3.4. Add SMI Security for S/MIME CMS Content Type Registry . . 6 63 3.5. Add SMI Security for S/MIME Attributes Registry . . . . . 7 64 3.6. Add SMI Security for S/MIME Algorithms Registry . . . . . 9 65 3.7. Add SMI Security for S/MIME Certificate Distribution 66 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 3.8. Add SMI Security for S/MIME Signature Policy Qualifier 68 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 10 69 3.9. Add SMI Security for S/MIME Commitment Type Identifier 70 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 10 71 3.10. Add SMI Security for S/MIME Test Security Policies 72 Registry . . . . . . . . . . . . . . . . . . . . . . . . 10 73 3.11. Add SMI Security for S/MIME Control Attributes for 74 Symmetric Key Distribution Registry . . . . . . . . . . . 11 75 3.12. Add SMI Security for S/MIME Signature Type Identifiers 76 Registry . . . . . . . . . . . . . . . . . . . . . . . . 11 77 3.13. Add SMI Security for S/MIME X.400 Encoded Information 78 Types Registry . . . . . . . . . . . . . . . . . . . . . 11 79 3.14. Add SMI Security for S/MIME Non-cryptographic 80 Capabilities Registry . . . . . . . . . . . . . . . . . . 12 81 3.15. Add SMI Security for S/MIME Portable Symmetric Key 82 Container (PSKC) Attributes Registry . . . . . . . . . . 12 83 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 84 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 85 5.1. Normative References . . . . . . . . . . . . . . . . . . . 13 86 5.2. Informative References . . . . . . . . . . . . . . . . . . 13 87 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 18 88 Author's Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 90 1. Introduction 92 When the S/MIME Mail Security Working Group was chartered, an object 93 identifier arc was donated by RSA Data Security for use by that 94 working group. These object identifiers are primarily used with 95 Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. The ASN.1 96 specifications continure to evolve, but object identifiers can be 97 used with any and all versions of ASN.1. 99 The S/MIME object identifier arc is: 101 id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) 102 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } 104 This document describes the object identifiers that were assigned in 105 that donated arc, it transfers control of that arc to IANA, and it 106 establishes IANA allocation policies for any future assignments 107 within that arc. 109 2. Subordinate Object Identifier Arcs 111 Thirteen subordinate object identifier arcs were used, numbered from 112 zero to twelve. They were assigned as follows: 114 -- ASN.1 modules 115 id-mod OBJECT IDENTIFIER ::= { id-smime 0 } 117 -- CMS content types 118 id-ct OBJECT IDENTIFIER ::= { id-smime 1 } 120 -- attributes 121 id-aa OBJECT IDENTIFIER ::= { id-smime 2 } 123 -- algorithm identifiers 124 id-alg OBJECT IDENTIFIER ::= { id-smime 3 } 126 -- certificate distribution 127 id-cd OBJECT IDENTIFIER ::= { id-smime 4 } 129 -- signature policy qualifier 130 id-spq OBJECT IDENTIFIER ::= { id-smime 5 } 132 -- commitment type identifier 133 id-cti OBJECT IDENTIFIER ::= { id-smime 6 } 135 -- test security policies 136 id-tsp OBJECT IDENTIFIER ::= { id-smime 7 } 138 -- symmetric key distribution control attributes 139 id-skd OBJECT IDENTIFIER ::= { id-smime 8 } 141 -- signature type identifier 142 id-sti OBJECT IDENTIFIER ::= { id-smime 9 } 143 -- encoded information types 144 id-eit OBJECT IDENTIFIER ::= { id-smime 10 } 146 -- S/MIME capabilities 147 id-cap OBJECT IDENTIFIER ::= { id-smime 11 } 149 -- PSKC Attributes 150 id-pskc OBJECT IDENTIFIER ::= { id-smime 12 } 152 The values assigned in each of these subordinate object identifier 153 arcs are discussed in the next section. 155 3. IANA Considerations 157 IANA is asked to update one registry table and create fourteen 158 additional tables. 160 Updates to the new tables require Expert Review as defined in 161 [RFC5226]. The expert is expected to ensure that any new values are 162 strongly related to the work that was done by the S/MIME Mail 163 Security Working Group. Object identifiers for other purposes should 164 not be assigned in this arc. 166 3.1. Update to SMI Security for Mechanism Codes Registry 168 The SMI Security for Mechanism Codes table, generally contains 169 entries with a positive integer value, but the value donated by RSA 170 Data Security cannot be described in this manner. An accompanying 171 table is needed with this entry: 173 OID Value Name Description References 174 --------------------- ----- --------------------- ---------- 175 1.2.840.113549.1.9.16 smime S/MIME Mail Security {This RFC} 177 3.2. Add SMI Security for S/MIME Mail Security Registry 179 Within the SMI-numbers registry, add a "SMI Security for S/MIME Mail 180 Security (1.2.840.113549.1.9.16)" table with three columns: 182 Decimal Description References 183 ------- -------------------------------------- ---------- 184 0 Module identifiers {This RFC} 185 1 CMS content types {This RFC} 186 2 Attributes {This RFC} 187 3 Algorithm identifiers {This RFC} 188 4 Certificate distribution {This RFC} 189 5 Signature policy qualifiers {This RFC} 190 6 Commitment type identifiers {This RFC} 191 7 Test security policies {This RFC} 192 8 Symmetric key dist ctrl attrs {This RFC} 193 9 Signature type identifiers {This RFC} 194 10 Encoded information types {This RFC} 195 11 S/MIME capabilities {This RFC} 196 12 PSKC attributes {This RFC} 198 Future updates to this table require Expert Review as defined in 199 [RFC5226]. 201 3.3. Add SMI Security for S/MIME Module Identifier Registry 203 Within the SMI-numbers registry, add a "SMI Security for S/MIME 204 Module Identifier (1.2.840.113549.1.9.16.0)" table with three 205 columns: 207 Decimal Description References 208 ------- -------------------------------------- ---------- 209 1 id-mod-cms [RFC2630] 210 2 id-mod-ess [RFC2634] 211 3 id-mod-oid Reserved and Obsolete 212 4 id-mod-msg-v3 [RFC2633] 213 5 id-mod-ets-eSignature-88 [RFC3126] 214 6 id-mod-ets-eSignature-97 [RFC3126] 215 7 id-mod-ets-eSigPolicy-88 [RFC3125] 216 8 id-mod-ets-eSigPolicy-97 [RFC3125] 217 9 id-mod-certdist Reserved and Obsolete 218 10 id-mod-domsec [RFC3183] 219 11 id-mod-compress [RFC3274] 220 12 id-mod-symkeydist [RFC5275] 221 13 id-mod-cek-reuse [RFC3185] 222 14 id-mod-cms-2001 [RFC3369] 223 15 id-mod-v1AttrCert [RFC3369] 224 16 id-mod-cmsalg-2001 [RFC3370] 225 17 id-mod-cms-pwri-88 [RFC3211] 226 18 id-mod-cms-pwri-97 [RFC3211] 227 19 id-mod-cms-aes [RFC3565] 228 20 id-mod-cms-rsaes-oaep [RFC3560] 229 21 id-mod-msg-v3dot1 [RFC3851] 230 22 id-mod-cms-firmware-wrap [RFC4108] 231 23 id-mod-cms-camilla [RFC3657] 232 24 id-mod-cms-2004 [RFC3852] 233 25 id-mod-cms-seed [RFC4010] 234 26 id-mod-contentCollection [RFC4073] 235 27 id-mod-binarySigningTime [RFC4049] 236 28 id-mod-ets-eSignature-explicitSyntax88 [RFC5126] 237 29 id-mod-ets-eSignature-explicitSyntax97 [RFC5126] 238 30 id-mod-ess-2006 [RFC5035] 239 31 id-mod-cms-authEnvelopedData [RFC5083] 240 32 id-mod-cms-aes-ccm-and-gcm [RFC5084] 241 33 id-mod-symmetricKeyPkgV1 [RFC6031] 242 34 id-mod-multipleSig-2008 [RFC5752] 243 35 id-mod-timestampedData [RFC5544] 244 36 id-mod-symkeydist-02 [RFC5911] 245 37 id-mod-cmsalg-2001-02 [RFC5911] 246 38 id-mod-cms-aes-02 [RFC5911] 247 39 id-mod-msg-v3dot1-02 [RFC5911] 248 40 id-mod-cms-firmware-wrap-02 [RFC5911] 249 41 id-mod-cms-2004-02 [RFC5911] 250 42 id-mod-ess-2006-02 [RFC5911] 251 43 id-mod-cms-authEnvelopedData-02 [RFC5911] 252 44 id-mod-cms-aes-ccm-gcm-02 [RFC5911] 253 45 id-mod-cms-ecc-alg-2009-88 [RFC5753] 254 46 id-mod-cms-ecc-alg-2009-02 [RFC5753] 255 47 id-mod-aesKeyWrapWithPad-88 [RFC5649] 256 48 id-mod-aesKeyWrapWithPad-02 [RFC5649] 257 49 id-mod-MD5-XOR-EXPERIMENT [RFC6210] 258 50 id-mod-asymmetricKeyPkgV1 [RFC5958] 259 51 id-mod-encryptedKeyPkgV1 [RFC6032] 260 52 id-mod-cms-algorithmProtect [RFC6211] 261 53 id-mod-pskcAttributesModule [RFC6031] 262 54 id-mod-compressedDataContent [RFC6268] 263 55 id-mod-binSigningTime-2009 [RFC6268] 264 56 id-mod-contentCollect-2009 [RFC6268] 265 57 id-mod-cmsAuthEnvData-2009 [RFC6268] 266 58 id-mod-cms-2009 [RFC6268] 267 59 id-mod-multipleSign-2009 [RFC6268] 268 60 id-mod-rpkiManifest [RFC6486] 269 61 id-mod-rpkiROA [RFC6482] 270 62 id-mod-setKeyAttributeV1 [WIP1] 271 63 id-mod-keyPkgReceiptAndErrV2 [WIP2] 272 64 id-mod-mts-hashsig-2013 [WIP3] 274 Future updates to this table require Expert Review as defined in 275 [RFC5226]. 277 3.4. Add SMI Security for S/MIME CMS Content Type Registry 279 Within the SMI-numbers registry, add a "SMI Security for S/MIME CMS 280 Content Type (1.2.840.113549.1.9.16.1)" table with three columns: 282 Decimal Description References 283 ------- -------------------------------------- ---------- 284 0 id-ct-anyContentType [RFC6010] 285 1 id-ct-receipt [RFC2634] 286 2 id-ct-authData [RFC2630] 287 3 id-ct-publishCert Reserved and Obsolete 288 4 id-ct-TSTInfo [RFC3161] 289 5 id-ct-TDTInfo Reserved and Obsolete 290 6 id-ct-contentInfo [RFC2630] 291 7 id-ct-DVCSRequestData [RFC3029] 292 8 id-ct-DVCSResponseData [RFC3029] 293 9 id-ct-compressedData [RFC3274] 294 10 id-ct-scvp-certValRequest [RFC5055] 295 11 id-ct-scvp-certValResponse [RFC5055] 296 12 id-ct-scvp-valPolRequest [RFC5055] 297 13 id-ct-scvp-valPolResponse [RFC5055] 298 14 id-ct-attrCertEncAttrs [RFC5755] 299 15 id-ct-TSReq Reserved and Obsolete 300 16 id-ct-firmwarePackage [RFC4108] 301 17 id-ct-firmwareLoadReceipt [RFC4108] 302 18 id-ct-firmwareLoadError [RFC4108] 303 19 id-ct-contentCollection [RFC4073] 304 20 id-ct-contentWithAttrs [RFC4073] 305 21 id-ct-encKeyWithID [RFC4211] 306 22 id-ct-encPEPSI Reserved and Obsolete 307 23 id-ct-authEnvelopedData [RFC5083] 308 24 id-ct-routeOriginAuthz [RFC6482] 309 25 id-ct-KP-sKeyPackage [RFC6031] 310 26 id-ct-rpkiManifest [RFC6486] 311 27 id-ct-asciiTextWithCRLF [RFC5485] 312 28 id-ct-xml [RFC5485] 313 29 id-ct-pdf [RFC5485] 314 30 id-ct-postscript [RFC5485] 315 31 id-ct-timestampedData [RFC5544] 316 32 id-ct-ASAdjacencyAttest Reserved and Obsolete 317 33 id-ct-rpkiTrustAnchor Reserved and Obsolete 318 34 id-ct-trustAnchorList [RFC5914] 319 35 id-ct-rpkiGhostbusters [RFC6493] 320 36 id-ct-resourceTaggedAttest Reserved and Obsolete 322 Future updates to this table require Expert Review as defined in 323 [RFC5226]. 325 3.5. Add SMI Security for S/MIME Attributes Registry 327 Within the SMI-numbers registry, add a "SMI Security for S/MIME 328 Attributes (1.2.840.113549.1.9.16.2)" table with three columns: 330 Decimal Description References 331 ------- -------------------------------------- ---------- 332 1 id-aa-receiptRequest [RFC2634] 333 2 id-aa-securityLabel [RFC2634] 334 3 id-aa-mlExpandHistory [RFC2634] 335 4 id-aa-contentHint [RFC2634] 336 5 id-aa-msgSigDigest [RFC2634] 337 6 id-aa-encapContentType Reserved and Obsolete 338 7 id-aa-contentIdentifier [RFC2634] 339 8 id-aa-macValue Reserved and Obsolete 340 9 id-aa-equivalentLabels [RFC2634] 341 10 id-aa-contentReference [RFC2634] 342 11 id-aa-encrypKeyPref [RFC2634] 343 12 id-aa-signingCertificate [RFC2634] 344 13 id-aa-smimeEncryptCerts Reserved and Obsolete 345 14 id-aa-timeStampToken [RFC3126] 346 15 id-aa-ets-sigPolicyId [RFC3126] 347 16 id-aa-ets-commitmentType [RFC3126] 348 17 id-aa-ets-signerLocation [RFC3126] 349 18 id-aa-ets-signerAttr [RFC3126] 350 19 id-aa-ets-otherSigCert [RFC3126] 351 20 id-aa-ets-contentTimestamp [RFC3126] 352 21 id-aa-ets-CertificateRefs [RFC3126] 353 22 id-aa-ets-RevocationRefs [RFC3126] 354 23 id-aa-ets-certValues [RFC3126] 355 24 id-aa-ets-revocationValues [RFC3126] 356 25 id-aa-ets-escTimeStamp [RFC3126] 357 26 id-aa-ets-certCRLTimestamp [RFC3126] 358 27 id-aa-ets-archiveTimeStamp [RFC3126] 359 28 id-aa-signatureType [Err3757] 360 29 id-aa-dvcs-dvc [RFC3029] 361 30 id-aa-CEKReference [RFC3185] 362 31 id-aa-CEKMaxDecrypts [RFC3185] 363 32 id-aa-KEKDerivationAlg [RFC3185] 364 33 id-aa-intendedRecipients Reserved and Obsolete 365 34 id-aa-cmc-unsignedData [RFC5272] 366 35 id-aa-firmwarePackageID [RFC4108] 367 36 id-aa-targetHardwareIDs [RFC4108] 368 37 id-aa-decryptKeyID [RFC4108] 369 38 id-aa-implCryptoAlgs [RFC4108] 370 39 id-aa-wrappedFirmwareKey [RFC4108] 371 40 id-aa-communityIdentifiers [RFC4108] 372 41 id-aa-fwPkgMessageDigest [RFC4108] 373 42 id-aa-firmwarePackageInfo [RFC4108] 374 43 id-aa-implCompressAlgs [RFC4108] 375 44 id-aa-ets-attrCertificateRefs [RFC5126] 376 45 id-aa-ets-attrRevocationRefs [RFC5126] 377 46 id-aa-binarySigningTime [RFC4049] 378 47 id-aa-signingCertificateV2 [RFC5035] 379 48 id-aa-ets-archiveTimeStampV2 [RFC5126] 380 49 id-aa-er-internal [RFC4998] 381 50 id-aa-er-external [RFC4998] 382 51 id-aa-multipleSignatures [RFC5752] 383 52 id-aa-cmsAlgorithmProtect [RFC6211] 384 53 id-aa-setKeyInformation [WIP1] 385 54 id-aa-asymmDecryptKeyID [RFC7030] 387 Future updates to this table require Expert Review as defined in 388 [RFC5226]. 390 3.6. Add SMI Security for S/MIME Algorithms Registry 392 Within the SMI-numbers registry, add a "SMI Security for S/MIME 393 Algorithms (1.2.840.113549.1.9.16.3)" table with three columns: 395 Decimal Description References 396 ------- -------------------------------------- ---------- 397 1 id-alg-ESDHwith3DES Reserved and Obsolete 398 2 id-alg-ESDHwithRC2 Reserved and Obsolete 399 3 id-alg-3DESwrap Reserved and Obsolete 400 4 id-alg-RC2wrap Reserved and Obsolete 401 5 id-alg-ESDH [RFC2630] 402 6 id-alg-CMS3DESwrap [RFC2630] 403 7 id-alg-CMSRC2wrap [RFC2630] 404 8 id-alg-zLibCompress [RFC3274] 405 9 id-alg-PWRI-KEK [RFC3211] 406 10 id-alg-SSDH [RFC3370] 407 11 id-alg-HMACwith3DESwrap [RFC3537] 408 12 id-alg-HMACwithAESwrap [RFC3537] 409 13 id-alg-MD5-XOR-EXPERIMENT [RFC6210] 410 14 id-alg-rsa-kem [RFC5990] 411 15 id-alg-authEnc-128 [RFC6476] 412 16 id-alg-authEnc-256 [RFC6476] 413 17 id-alg-mts-hashsig [WIP3] 415 Future updates to this table require Expert Review as defined in 416 [RFC5226]. 418 3.7. Add SMI Security for S/MIME Certificate Distribution Registry 420 Within the SMI-numbers registry, add a "SMI Security for S/MIME 421 Certificate Distribution Mechanisms (1.2.840.113549.1.9.16.4)" table 422 with three columns: 424 Decimal Description References 425 ------- -------------------------------------- ---------- 426 1 id-cd-ldap Reserved and Obsolete 428 Future updates to this table require Expert Review as defined in 429 [RFC5226]. 431 3.8. Add SMI Security for S/MIME Signature Policy Qualifier Registry 433 Within the SMI-numbers registry, add a "SMI Security for S/MIME 434 Signature Policy Qualifier (1.2.840.113549.1.9.16.5)" table with 435 three columns: 437 Decimal Description References 438 ------- -------------------------------------- ---------- 439 1 id-spq-ets-sqt-uri [RFC3126] 440 2 id-spq-ets-sqt-unotice [RFC3126] 442 Future updates to this table require Expert Review as defined in 443 [RFC5226]. 445 3.9. Add SMI Security for S/MIME Commitment Type Identifier Registry 447 Within the SMI-numbers registry, add a "SMI Security for S/MIME 448 Commitment Type Identifier (1.2.840.113549.1.9.16.6)" table with 449 three columns: 451 Decimal Description References 452 ------- -------------------------------------- ---------- 453 1 id-cti-ets-proofOfOrigin [RFC3126] 454 2 id-cti-ets-proofOfReceipt [RFC3126] 455 3 id-cti-ets-proofOfDelivery [RFC3126] 456 4 id-cti-ets-proofOfSender [RFC3126] 457 5 id-cti-ets-proofOfApproval [RFC3126] 458 6 id-cti-ets-proofOfCreation [RFC3126] 460 Future updates to this table require Expert Review as defined in 461 [RFC5226]. 463 3.10. Add SMI Security for S/MIME Test Security Policies Registry 465 Within the SMI-numbers registry, add a "SMI Security for S/MIME Test 466 Security Policies (1.2.840.113549.1.9.16.7)" table with three 467 columns: 469 Decimal Description References 470 ------- -------------------------------------- ---------- 471 1 id-tsp-TEST-Amoco [RFC3114] 472 2 id-tsp-TEST-Caterpillar [RFC3114] 473 3 id-tsp-TEST-Whirlpool [RFC3114] 474 4 id-tsp-TEST-Whirlpool-Categories [RFC3114] 476 Future updates to this table require Expert Review as defined in 477 [RFC5226]. 479 3.11. Add SMI Security for S/MIME Control Attributes for Symmetric Key 480 Distribution Registry 482 Within the SMI-numbers registry, add a "SMI Security for S/MIME 483 Control Attributes for Symmetric Key Distribution 484 (1.2.840.113549.1.9.16.8)" table with three columns: 486 Decimal Description References 487 ------- -------------------------------------- ---------- 488 1 id-skd-glUseKEK [RFC5275] 489 2 id-skd-glDelete [RFC5275] 490 3 id-skd-glAddMember [RFC5275] 491 4 id-skd-glDeleteMember [RFC5275] 492 5 id-skd-glRekey [RFC5275] 493 6 id-skd-glAddOwner [RFC5275] 494 7 id-skd-glRemoveOwner [RFC5275] 495 8 id-skd-glkCompromise [RFC5275] 496 9 id-skd-glkRefresh [RFC5275] 497 10 id-skd-glFailInfo Reserved and Obsolete 498 11 id-skd-glaQueryRequest [RFC5275] 499 12 id-skd-glaQueryResponse [RFC5275] 500 13 id-skd-glProvideCert [RFC5275] 501 14 id-skd-glManageCert [RFC5275] 502 15 id-skd-glKey [RFC5275] 504 Future updates to this table require Expert Review as defined in 505 [RFC5226]. 507 3.12. Add SMI Security for S/MIME Signature Type Identifiers Registry 509 Within the SMI-numbers registry, add a "SMI Security for S/MIME 510 Signature Type Identifiers (1.2.840.113549.1.9.16.9)" table with 511 three columns: 513 Decimal Description References 514 ------- -------------------------------------- ---------- 515 1 id-sti-originatorSig [RFC3183] 516 2 id-sti-domainSig [RFC3183] 517 3 id-sti-addAttribSig [RFC3183] 518 4 id-sti-reviewSig [RFC3183] 520 Future updates to this table require Expert Review as defined in 521 [RFC5226]. 523 3.13. Add SMI Security for S/MIME X.400 Encoded Information Types 524 Registry 526 Within the SMI-numbers registry, add a "SMI Security for X.400 527 Encoded Information Types (EIT) for S/MIME objects 528 (1.2.840.113549.1.9.16.10)" table with three columns: 530 Decimal Description References 531 ------- -------------------------------------- ---------- 532 1 id-eit-envelopedData [RFC3855] 533 2 id-eit-signedData [RFC3855] 534 3 id-eit-certOnly [RFC3855] 535 4 id-eit-signedReceipt [RFC3855] 536 5 id-eit-envelopedX400 [RFC3855] 537 6 id-eit-signedX400 [RFC3855] 538 7 id-eit-compressedData [RFC3855] 540 Future updates to this table require Expert Review as defined in 541 [RFC5226]. 543 3.14. Add SMI Security for S/MIME Non-cryptographic Capabilities 544 Registry 546 Within the SMI-numbers registry, add a "SMI Security for S/MIME 547 Capabilities (other than cryptographic algorithms) 548 (1.2.840.113549.1.9.16.11)" table with three columns: 550 Decimal Description References 551 ------- -------------------------------------- ---------- 552 1 id-cap-preferBinaryInside [RFC3851] 554 Future updates to this table require Expert Review as defined in 555 [RFC5226]. 557 3.15. Add SMI Security for S/MIME Portable Symmetric Key Container 558 (PSKC) Attributes Registry 560 Within the SMI-numbers registry, add a "SMI Security for S/MIME 561 Portable Symmetric Key Container (PSKC) Attributes 562 (1.2.840.113549.1.9.16.12)" table with three columns: 564 Decimal Description References 565 ------- -------------------------------------- ---------- 566 1 id-pskc-manufacturer [RFC6031] 567 2 id-pskc-serialNo [RFC6031] 568 3 id-pskc-model [RFC6031] 569 4 id-pskc-issueNo [RFC6031] 570 5 id-pskc-deviceBinding [RFC6031] 571 6 id-pskc-deviceStartDate [RFC6031] 572 7 id-pskc-deviceExpiryDate [RFC6031] 573 7 id-pskc-moduleId [RFC6031] 574 9 id-pskc-keyId [RFC6031] 575 10 id-pskc-algorithm [RFC6031] 576 11 id-pskc-issuer [RFC6031] 577 12 id-pskc-keyProfileId [RFC6031] 578 13 id-pskc-keyReference [RFC6031] 579 14 id-pskc-friendlyName [RFC6031] 580 15 id-pskc-algorithmParams [RFC6031] 581 16 id-pskc-counter [RFC6031] 582 17 id-pskc-time [RFC6031] 583 18 id-pskc-timeInterval [RFC6031] 584 19 id-pskc-timeDrift [RFC6031] 585 20 id-pskc-valueMAC [RFC6031] 586 21 id-pskc-keyStartDate [RFC6031] 587 22 id-pskc-keyExpiryDate [RFC6031] 588 23 id-pskc-noOfTransactions [RFC6031] 589 24 id-pskc-keyUsages [RFC6031] 590 25 id-pskc-pinPolicy [RFC6031] 591 26 id-pskc-deviceUserId [RFC6031] 592 27 id-pskc-keyUserId [RFC6031] 594 Future updates to this table require Expert Review as defined in 595 [RFC5226]. 597 4. Security Considerations 599 This document populates an IANA registry, and it raises no new 600 security considerations. The protocols that specify these values 601 include the security considerations associated with their usage. 603 5. References 605 5.1. Normative References 607 [ASN1-88] International Telephone and Telegraph Consultative 608 Committee, "Specification of Abstract Syntax Notation One 609 (ASN.1)", CCITT Recommendation X.208, 1988. 611 [ASN1-97] International Telecommunications Union, "Abstract Syntax 612 Notation One (ASN.1): Specification of basic notation", 613 ITU-T Recommendation X.680, 1997. 615 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 616 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 617 May 2008. 619 5.2. Informative References 621 [Err3757] Errata for RFC 3183. [http://www.rfc- 622 editor.org/errata_search.php?eid=3757] 624 [RFC2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, 625 June 1999. 627 [RFC2633] Ramsdell, B., Ed., "S/MIME Version 3 Message 628 Specification", RFC 2633, June 1999. 630 [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", 631 RFC 2634, June 1999. 633 [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. 634 Zuccherato, "Internet X.509 Public Key Infrastructure Data 635 Validation and Certification Server Protocols", RFC 3029, 636 February 2001. 638 [RFC3114] Nicolls, W., "Implementing Company Classification Policy 639 with the S/MIME Security Label", RFC 3114, May 2002. 641 [RFC3125] Ross, J., Pinkas, D., and N. Pope, "Electronic Signature 642 Policies", RFC 3125, September 2001. 644 [RFC3126] Pinkas, D., Ross, J., and N. Pope, "Electronic Signature 645 Formats for long term electronic signatures", RFC 3126, 646 September 2001. 648 [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, 649 "Internet X.509 Public Key Infrastructure Time-Stamp 650 Protocol (TSP)", RFC 3161, August 2001. 652 [RFC3183] Dean, T. and W. Ottaway, "Domain Security Services using 653 S/MIME", RFC 3183, October 2001. 655 [RFC3185] Farrell, S. and S. Turner, "Reuse of CMS Content 656 Encryption Keys", RFC 3185, October 2001. 658 [RFC3211] Gutmann, P., "Password-based Encryption for CMS", 659 RFC 3211, December 2001. 661 [RFC3274] Gutmann, P., "Compressed Data Content Type for 662 Cryptographic Message Syntax (CMS)", RFC 3274, June 2002. 664 [RFC3369] Housley, R., "Cryptographic Message Syntax (CMS)", 665 RFC 3369, August 2002. 667 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 668 Algorithms", RFC 3370, August 2002. 670 [RFC3537] Schaad, J. and R. Housley, "Wrapping a Hashed Message 671 Authentication Code (HMAC) key with a Triple-Data 672 Encryption Standard (DES) Key or an Advanced Encryption 673 Standard (AES) Key", RFC 3537, May 2003. 675 [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport 676 Algorithm in Cryptographic Message Syntax (CMS)", 677 RFC 3560, July 2003. 679 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard (AES) 680 Encryption Algorithm in Cryptographic Message Syntax 681 (CMS)", RFC 3565, July 2003. 683 [RFC3657] Moriai, S. and A. Kato, "Use of the Camellia Encryption 684 Algorithm in Cryptographic Message Syntax (CMS)", 685 RFC 3657, January 2004. 687 [RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail 688 Extensions (S/MIME) Version 3.1 Message Specification", 689 RFC 3851, July 2004. 691 [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", 692 RFC 3852, July 2004. 694 [RFC3855] Hoffman, P. and C. Bonatti, "Transporting 695 Secure/Multipurpose Internet Mail Extensions (S/MIME) 696 Objects in X.400", RFC 3855, July 2004. 698 [RFC4010] Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 699 Encryption Algorithm in Cryptographic Message Syntax 700 (CMS)", RFC 4010, February 2005. 702 [RFC4073] Housley, R., "Protecting Multiple Contents with the 703 Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. 705 [RFC4049] Housley, R., "BinaryTime: An Alternate Format for 706 Representing Date and Time in ASN.1", RFC 4049, April 707 2005. 709 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 710 Protect Firmware Packages", RFC 4108, August 2005. 712 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 713 Certificate Request Message Format (CRMF)", RFC 4211, 714 September 2005. 716 [RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence 717 Record Syntax (ERS)", RFC 4998, August 2007. 719 [RFC5035] Schaad, J., "Enhanced Security Services (ESS) Update: 720 Adding CertID Algorithm Agility", RFC 5035, August 2007. 722 [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. 723 Polk, "Server-Based Certificate Validation Protocol 724 (SCVP)", RFC 5055, December 2007. 726 [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) 727 Authenticated-Enveloped-Data Content Type", RFC 5083, 728 November 2007. 730 [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated 731 Encryption in the Cryptographic Message Syntax (CMS)", 732 RFC 5084, November 2007. 734 [RFC5126] Pinkas, D., Pope, N., and J. Ross, "CMS Advanced 735 Electronic Signatures (CAdES)", RFC 5126, March 2008. 737 [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS 738 (CMC)", RFC 5272, June 2008. 740 [RFC5275] Turner, S., "CMS Symmetric Key Management and 741 Distribution", RFC 5275, June 2008. 743 [RFC5485] Housley, R., "Digital Signatures on Internet-Draft 744 Documents", RFC 5485, March 2009. 746 [RFC5544] Santoni, A., "Syntax for Binding Documents with Time- 747 Stamps", RFC 5544, February 2010. 749 [RFC5649] Housley, R. and M. Dworkin, "Advanced Encryption Standard 750 (AES) Key Wrap with Padding Algorithm", RFC 5649, 751 September 2009. 753 [RFC5752] Turner, S. and J. Schaad, "Multiple Signatures in 754 Cryptographic Message Syntax (CMS)", RFC 5752, January 755 2010. 757 [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve 758 Cryptography (ECC) Algorithms in Cryptographic Message 759 Syntax (CMS)", RFC 5753, January 2010. 761 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 762 Attribute Certificate Profile for Authorization", 763 RFC 5755, January 2010. 765 [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for 766 Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, 767 June 2010. 769 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 770 Format", RFC 5914, June 2010. 772 [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, August 773 2010. 775 [RFC5990] Randall, J., Kaliski, B., Brainard, J., and S. Turner, 776 "Use of the RSA-KEM Key Transport Algorithm in the 777 Cryptographic Message Syntax (CMS)", RFC 5990, September 778 2010. 780 [RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic 781 Message Syntax (CMS) Content Constraints Extension", 782 RFC 6010, September 2010. 784 [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax 785 (CMS) Symmetric Key Package Content Type", RFC 6031, 786 December 2010. 788 [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax 789 (CMS) Encrypted Key Package Content Type", RFC 6032, 790 December 2010. 792 [RFC6210] Schaad, J., "Experiment: Hash Functions with Parameters in 793 the Cryptographic Message Syntax (CMS) and S/MIME", 794 RFC 6210, April 2011. 796 [RFC6211] Schaad, J., "Cryptographic Message Syntax (CMS) Algorithm 797 Identifier Protection Attribute", RFC 6211, April 2011. 799 [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules 800 for the Cryptographic Message Syntax (CMS) and the Public 801 Key Infrastructure Using X.509 (PKIX)", RFC 6268, July 802 2011. 804 [RFC6476] Gutmann, P., "Using Message Authentication Code (MAC) 805 Encryption in the Cryptographic Message Syntax (CMS)", 806 RFC 6476, January 2012. 808 [RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route 809 Origin Authorizations (ROAs)", RFC 6482, February 2012. 811 [RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski, 812 "Manifests for the Resource Public Key Infrastructure 813 (RPKI)", RFC 6486, February 2012. 815 [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) 816 Ghostbusters Record", RFC 6493, February 2012. 818 [RFC7030] M. Pritikin, M., P. Yee, and D. Harkins, "Enrollment over 819 Secure Transport", RFC 7030, October 2013. 821 [WIP1] Herzog, J., and R. Khazan, "A set-key attribute for 822 symmetric-key packages", Work in progress, October 2012. 823 [draft-herzog-setkey-07] 825 [WIP2] Housley, R., "Cryptographic Message Syntax (CMS) Key 826 Package Receipt and Error Content Types", Work in 827 progress, October 2013. [draft-housley-ct-keypackage- 828 receipt-n-error-05] 830 [WIP3] Housley, R., "Use of the Hash-based Merkle Tree Signature 831 (MTS) Algorithm in the Cryptographic Message Syntax 832 (CMS)", Work in progress, August 2013. [draft-housley-cms- 833 mts-hash-sig-00] 835 Acknowledgements 837 Many thanks to Suresh Krishnan, Jim Schaad, Sean Turner, and Carl 838 Wallace for their careful review and comments. 840 Author's Addresses 842 Russ Housley 843 918 Spring Knoll Drive 844 Herndon, VA 20170 845 USA 846 EMail: housley@vigilsec.com