idnits 2.17.00 (12 Aug 2021) /tmp/idnits17906/draft-housley-smime-oids-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (2 December 2013) is 3085 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) -- Obsolete informational reference (is this intentional?): RFC 2630 (Obsoleted by RFC 3369, RFC 3370) -- Obsolete informational reference (is this intentional?): RFC 2633 (Obsoleted by RFC 3851) -- Obsolete informational reference (is this intentional?): RFC 3126 (Obsoleted by RFC 5126) -- Duplicate reference: RFC3183, mentioned in 'RFC3183', was also mentioned in 'Err3757'. -- Obsolete informational reference (is this intentional?): RFC 3211 (Obsoleted by RFC 3369, RFC 3370) -- Obsolete informational reference (is this intentional?): RFC 3369 (Obsoleted by RFC 3852) -- Obsolete informational reference (is this intentional?): RFC 3851 (Obsoleted by RFC 5751) -- Obsolete informational reference (is this intentional?): RFC 3852 (Obsoleted by RFC 5652) -- Obsolete informational reference (is this intentional?): RFC 4049 (Obsoleted by RFC 6019) == Outdated reference: draft-housley-ct-keypackage-receipt-n-error has been published as RFC 7191 == Outdated reference: A later version (-10) exists of draft-housley-cms-mts-hash-sig-00 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Housley 3 Intended Status: Informational Vigil Security 4 Expires: 2 June 2014 2 December 2013 6 Object Identifier Registry for the S/MIME Mail Security Working Group 7 9 Abstract 11 When the S/MIME Mail Security Working Group was chartered, an object 12 identifier arc was donated by RSA Data Security for use by that 13 working group. This document describes the object identifiers that 14 were assigned in that donated arc, it transfers control of that arc 15 to IANA, and it establishes IANA allocation policies for any future 16 assignments within that arc. 18 Status of this Memo 20 This Internet-Draft is submitted to IETF in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF), its areas, and its working groups. Note that 25 other groups may also distribute working documents as 26 Internet-Drafts. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 The list of current Internet-Drafts can be accessed at 34 http://www.ietf.org/1id-abstracts.html 36 The list of Internet-Draft Shadow Directories can be accessed at 37 http://www.ietf.org/shadow.html 39 Copyright and License Notice 41 Copyright (c) 2013 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Subordinate Object Identifier Arcs . . . . . . . . . . . . . . 3 58 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 3.1. Update to SMI Security for Mechanism Codes Registry . . . 4 60 3.2. Add SMI Security for S/MIME Mail Security Registry . . . . 4 61 3.3. Add SMI Security for S/MIME Module Identifier Registry . . 5 62 3.4. Add SMI Security for S/MIME CMS Content Type Registry . . 6 63 3.5. Add SMI Security for S/MIME Attributes Registry . . . . . 7 64 3.6. Add SMI Security for S/MIME Algorithms Registry . . . . . 9 65 3.7. Add SMI Security for S/MIME Certificate Distribution 66 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 3.8. Add SMI Security for S/MIME Signature Policy Qualifier 68 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 10 69 3.9. Add SMI Security for S/MIME Commitment Type Identifier 70 Registry . . . . . . . . . . . . . . . . . . . . . . . . . 10 71 3.10. Add SMI Security for S/MIME Test Security Policies 72 Registry . . . . . . . . . . . . . . . . . . . . . . . . 10 73 3.11. Add SMI Security for S/MIME Control Attributes for 74 Symmetric Key Distribution Registry . . . . . . . . . . . 11 75 3.12. Add SMI Security for S/MIME Signature Type Identifiers 76 Registry . . . . . . . . . . . . . . . . . . . . . . . . 11 77 3.13. Add SMI Security for S/MIME X.400 Encoded Information 78 Types Registry . . . . . . . . . . . . . . . . . . . . . 11 79 3.14. Add SMI Security for S/MIME Non-cryptographic 80 Capabilities Registry . . . . . . . . . . . . . . . . . . 12 81 3.15. Add SMI Security for S/MIME Portable Symmetric Key 82 Container (PSKC) Attributes Registry . . . . . . . . . . 12 83 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 84 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 85 5.1. Normative References . . . . . . . . . . . . . . . . . . . 13 86 5.2. Informative References . . . . . . . . . . . . . . . . . . 13 87 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 18 88 Author's Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 90 1. Introduction 92 When the S/MIME Mail Security Working Group was chartered, an object 93 identifier arc was donated by RSA Data Security for use by that 94 working group. These object identifiers are primarily used with 95 Abstract Syntax Notation One (ASN.1) [ASN1-88] [ASN1-97]. The ASN.1 96 specifications continure to evolve, but object identifiers can be 97 used with any and all versions of ASN.1. 99 The S/MIME object identifier arc is: 101 id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) 102 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } 104 This document describes the object identifiers that were assigned in 105 that donated arc, it transfers control of that arc to IANA, and it 106 establishes IANA allocation policies for any future assignments 107 within that arc. 109 2. Subordinate Object Identifier Arcs 111 Thirteen subordinate object identifier arcs were used, numbered from 112 zero to twelve. They were assigned as follows: 114 -- ASN.1 modules 115 id-mod OBJECT IDENTIFIER ::= { id-smime 0 } 117 -- CMS content types 118 id-ct OBJECT IDENTIFIER ::= { id-smime 1 } 120 -- attributes 121 id-aa OBJECT IDENTIFIER ::= { id-smime 2 } 123 -- algorithm identifiers 124 id-alg OBJECT IDENTIFIER ::= { id-smime 3 } 126 -- certificate distribution 127 id-cd OBJECT IDENTIFIER ::= { id-smime 4 } 129 -- signature policy qualifier 130 id-spq OBJECT IDENTIFIER ::= { id-smime 5 } 132 -- commitment type identifier 133 id-cti OBJECT IDENTIFIER ::= { id-smime 6 } 135 -- test security policies 136 id-tsp OBJECT IDENTIFIER ::= { id-smime 7 } 138 -- symmetric key distribution control attributes 139 id-skd OBJECT IDENTIFIER ::= { id-smime 8 } 141 -- signature type identifier 142 id-sti OBJECT IDENTIFIER ::= { id-smime 9 } 143 -- encoded information types 144 id-eit OBJECT IDENTIFIER ::= { id-smime 10 } 146 -- S/MIME capabilities 147 id-cap OBJECT IDENTIFIER ::= { id-smime 11 } 149 -- PSKC Attributes 150 id-pskc OBJECT IDENTIFIER ::= { id-smime 12 } 152 The values assigned in each of these subordinate object identifier 153 arcs are discussed in the next section. 155 3. IANA Considerations 157 IANA is asked to update one registry table and create fourteen 158 additional tables. 160 Updates to the new tables require both Specification Required and 161 Expert Review as defined in [RFC5226]. The expert is expected to 162 ensure that any new values are strongly related to the work that was 163 done by the S/MIME Mail Security Working Group; examples include 164 Content Types, Attributes, and Identifiers for Algorithms used with 165 S/MIME and CMS. Object identifiers for other purposes should not be 166 assigned in this arc. 168 3.1. Update to SMI Security for Mechanism Codes Registry 170 The SMI Security for Mechanism Codes table, generally contains 171 entries with a positive integer value, but the value donated by RSA 172 Data Security cannot be described in this manner. An accompanying 173 table is needed with this entry: 175 OID Value Name Description References 176 --------------------- ----- --------------------- ---------- 177 1.2.840.113549.1.9.16 smime S/MIME Mail Security {This RFC} 179 3.2. Add SMI Security for S/MIME Mail Security Registry 181 Within the SMI-numbers registry, add a "SMI Security for S/MIME Mail 182 Security (1.2.840.113549.1.9.16)" table with three columns: 184 Decimal Description References 185 ------- -------------------------------------- ---------- 186 0 Module identifiers {This RFC} 187 1 CMS content types {This RFC} 188 2 Attributes {This RFC} 189 3 Algorithm identifiers {This RFC} 190 4 Certificate distribution {This RFC} 191 5 Signature policy qualifiers {This RFC} 192 6 Commitment type identifiers {This RFC} 193 7 Test security policies {This RFC} 194 8 Symmetric key dist ctrl attrs {This RFC} 195 9 Signature type identifiers {This RFC} 196 10 Encoded information types {This RFC} 197 11 S/MIME capabilities {This RFC} 198 12 PSKC attributes {This RFC} 200 Future updates to this table require both Specification Required and 201 Expert Review as defined in [RFC5226]. 203 3.3. Add SMI Security for S/MIME Module Identifier Registry 205 Within the SMI-numbers registry, add a "SMI Security for S/MIME 206 Module Identifier (1.2.840.113549.1.9.16.0)" table with three 207 columns: 209 Decimal Description References 210 ------- -------------------------------------- ---------- 211 1 id-mod-cms [RFC2630] 212 2 id-mod-ess [RFC2634] 213 3 id-mod-oid Reserved and Obsolete 214 4 id-mod-msg-v3 [RFC2633] 215 5 id-mod-ets-eSignature-88 [RFC3126] 216 6 id-mod-ets-eSignature-97 [RFC3126] 217 7 id-mod-ets-eSigPolicy-88 [RFC3125] 218 8 id-mod-ets-eSigPolicy-97 [RFC3125] 219 9 id-mod-certdist Reserved and Obsolete 220 10 id-mod-domsec [RFC3183] 221 11 id-mod-compress [RFC3274] 222 12 id-mod-symkeydist [RFC5275] 223 13 id-mod-cek-reuse [RFC3185] 224 14 id-mod-cms-2001 [RFC3369] 225 15 id-mod-v1AttrCert [RFC3369] 226 16 id-mod-cmsalg-2001 [RFC3370] 227 17 id-mod-cms-pwri-88 [RFC3211] 228 18 id-mod-cms-pwri-97 [RFC3211] 229 19 id-mod-cms-aes [RFC3565] 230 20 id-mod-cms-rsaes-oaep [RFC3560] 231 21 id-mod-msg-v3dot1 [RFC3851] 232 22 id-mod-cms-firmware-wrap [RFC4108] 233 23 id-mod-cms-camilla [RFC3657] 234 24 id-mod-cms-2004 [RFC3852] 235 25 id-mod-cms-seed [RFC4010] 236 26 id-mod-contentCollection [RFC4073] 237 27 id-mod-binarySigningTime [RFC4049] 238 28 id-mod-ets-eSignature-explicitSyntax88 [RFC5126] 239 29 id-mod-ets-eSignature-explicitSyntax97 [RFC5126] 240 30 id-mod-ess-2006 [RFC5035] 241 31 id-mod-cms-authEnvelopedData [RFC5083] 242 32 id-mod-cms-aes-ccm-and-gcm [RFC5084] 243 33 id-mod-symmetricKeyPkgV1 [RFC6031] 244 34 id-mod-multipleSig-2008 [RFC5752] 245 35 id-mod-timestampedData [RFC5544] 246 36 id-mod-symkeydist-02 [RFC5911] 247 37 id-mod-cmsalg-2001-02 [RFC5911] 248 38 id-mod-cms-aes-02 [RFC5911] 249 39 id-mod-msg-v3dot1-02 [RFC5911] 250 40 id-mod-cms-firmware-wrap-02 [RFC5911] 251 41 id-mod-cms-2004-02 [RFC5911] 252 42 id-mod-ess-2006-02 [RFC5911] 253 43 id-mod-cms-authEnvelopedData-02 [RFC5911] 254 44 id-mod-cms-aes-ccm-gcm-02 [RFC5911] 255 45 id-mod-cms-ecc-alg-2009-88 [RFC5753] 256 46 id-mod-cms-ecc-alg-2009-02 [RFC5753] 257 47 id-mod-aesKeyWrapWithPad-88 [RFC5649] 258 48 id-mod-aesKeyWrapWithPad-02 [RFC5649] 259 49 id-mod-MD5-XOR-EXPERIMENT [RFC6210] 260 50 id-mod-asymmetricKeyPkgV1 [RFC5958] 261 51 id-mod-encryptedKeyPkgV1 [RFC6032] 262 52 id-mod-cms-algorithmProtect [RFC6211] 263 53 id-mod-pskcAttributesModule [RFC6031] 264 54 id-mod-compressedDataContent [RFC6268] 265 55 id-mod-binSigningTime-2009 [RFC6268] 266 56 id-mod-contentCollect-2009 [RFC6268] 267 57 id-mod-cmsAuthEnvData-2009 [RFC6268] 268 58 id-mod-cms-2009 [RFC6268] 269 59 id-mod-multipleSign-2009 [RFC6268] 270 60 id-mod-rpkiManifest [RFC6486] 271 61 id-mod-rpkiROA [RFC6482] 272 62 id-mod-setKeyAttributeV1 [WIP1] 273 63 id-mod-keyPkgReceiptAndErrV2 [WIP2] 274 64 id-mod-mts-hashsig-2013 [WIP3] 276 Future updates to this table require both Specification Required and 277 Expert Review as defined in [RFC5226]. 279 3.4. Add SMI Security for S/MIME CMS Content Type Registry 281 Within the SMI-numbers registry, add a "SMI Security for S/MIME CMS 282 Content Type (1.2.840.113549.1.9.16.1)" table with three columns: 284 Decimal Description References 285 ------- -------------------------------------- ---------- 286 0 id-ct-anyContentType [RFC6010] 287 1 id-ct-receipt [RFC2634] 288 2 id-ct-authData [RFC2630] 289 3 id-ct-publishCert Reserved and Obsolete 290 4 id-ct-TSTInfo [RFC3161] 291 5 id-ct-TDTInfo Reserved and Obsolete 292 6 id-ct-contentInfo [RFC2630] 293 7 id-ct-DVCSRequestData [RFC3029] 294 8 id-ct-DVCSResponseData [RFC3029] 295 9 id-ct-compressedData [RFC3274] 296 10 id-ct-scvp-certValRequest [RFC5055] 297 11 id-ct-scvp-certValResponse [RFC5055] 298 12 id-ct-scvp-valPolRequest [RFC5055] 299 13 id-ct-scvp-valPolResponse [RFC5055] 300 14 id-ct-attrCertEncAttrs [RFC5755] 301 15 id-ct-TSReq Reserved and Obsolete 302 16 id-ct-firmwarePackage [RFC4108] 303 17 id-ct-firmwareLoadReceipt [RFC4108] 304 18 id-ct-firmwareLoadError [RFC4108] 305 19 id-ct-contentCollection [RFC4073] 306 20 id-ct-contentWithAttrs [RFC4073] 307 21 id-ct-encKeyWithID [RFC4211] 308 22 id-ct-encPEPSI Reserved and Obsolete 309 23 id-ct-authEnvelopedData [RFC5083] 310 24 id-ct-routeOriginAuthz [RFC6482] 311 25 id-ct-KP-sKeyPackage [RFC6031] 312 26 id-ct-rpkiManifest [RFC6486] 313 27 id-ct-asciiTextWithCRLF [RFC5485] 314 28 id-ct-xml [RFC5485] 315 29 id-ct-pdf [RFC5485] 316 30 id-ct-postscript [RFC5485] 317 31 id-ct-timestampedData [RFC5544] 318 32 id-ct-ASAdjacencyAttest Reserved and Obsolete 319 33 id-ct-rpkiTrustAnchor Reserved and Obsolete 320 34 id-ct-trustAnchorList [RFC5914] 321 35 id-ct-rpkiGhostbusters [RFC6493] 322 36 id-ct-resourceTaggedAttest Reserved and Obsolete 324 Future updates to this table require both Specification Required and 325 Expert Review as defined in [RFC5226]. 327 3.5. Add SMI Security for S/MIME Attributes Registry 329 Within the SMI-numbers registry, add a "SMI Security for S/MIME 330 Attributes (1.2.840.113549.1.9.16.2)" table with three columns: 332 Decimal Description References 333 ------- -------------------------------------- ---------- 334 1 id-aa-receiptRequest [RFC2634] 335 2 id-aa-securityLabel [RFC2634] 336 3 id-aa-mlExpandHistory [RFC2634] 337 4 id-aa-contentHint [RFC2634] 338 5 id-aa-msgSigDigest [RFC2634] 339 6 id-aa-encapContentType Reserved and Obsolete 340 7 id-aa-contentIdentifier [RFC2634] 341 8 id-aa-macValue Reserved and Obsolete 342 9 id-aa-equivalentLabels [RFC2634] 343 10 id-aa-contentReference [RFC2634] 344 11 id-aa-encrypKeyPref [RFC2634] 345 12 id-aa-signingCertificate [RFC2634] 346 13 id-aa-smimeEncryptCerts Reserved and Obsolete 347 14 id-aa-timeStampToken [RFC3126] 348 15 id-aa-ets-sigPolicyId [RFC3126] 349 16 id-aa-ets-commitmentType [RFC3126] 350 17 id-aa-ets-signerLocation [RFC3126] 351 18 id-aa-ets-signerAttr [RFC3126] 352 19 id-aa-ets-otherSigCert [RFC3126] 353 20 id-aa-ets-contentTimestamp [RFC3126] 354 21 id-aa-ets-CertificateRefs [RFC3126] 355 22 id-aa-ets-RevocationRefs [RFC3126] 356 23 id-aa-ets-certValues [RFC3126] 357 24 id-aa-ets-revocationValues [RFC3126] 358 25 id-aa-ets-escTimeStamp [RFC3126] 359 26 id-aa-ets-certCRLTimestamp [RFC3126] 360 27 id-aa-ets-archiveTimeStamp [RFC3126] 361 28 id-aa-signatureType [Err3757] 362 29 id-aa-dvcs-dvc [RFC3029] 363 30 id-aa-CEKReference [RFC3185] 364 31 id-aa-CEKMaxDecrypts [RFC3185] 365 32 id-aa-KEKDerivationAlg [RFC3185] 366 33 id-aa-intendedRecipients Reserved and Obsolete 367 34 id-aa-cmc-unsignedData [RFC5272] 368 35 id-aa-firmwarePackageID [RFC4108] 369 36 id-aa-targetHardwareIDs [RFC4108] 370 37 id-aa-decryptKeyID [RFC4108] 371 38 id-aa-implCryptoAlgs [RFC4108] 372 39 id-aa-wrappedFirmwareKey [RFC4108] 373 40 id-aa-communityIdentifiers [RFC4108] 374 41 id-aa-fwPkgMessageDigest [RFC4108] 375 42 id-aa-firmwarePackageInfo [RFC4108] 376 43 id-aa-implCompressAlgs [RFC4108] 377 44 id-aa-ets-attrCertificateRefs [RFC5126] 378 45 id-aa-ets-attrRevocationRefs [RFC5126] 379 46 id-aa-binarySigningTime [RFC4049] 380 47 id-aa-signingCertificateV2 [RFC5035] 381 48 id-aa-ets-archiveTimeStampV2 [RFC5126] 382 49 id-aa-er-internal [RFC4998] 383 50 id-aa-er-external [RFC4998] 384 51 id-aa-multipleSignatures [RFC5752] 385 52 id-aa-cmsAlgorithmProtect [RFC6211] 386 53 id-aa-setKeyInformation [WIP1] 387 54 id-aa-asymmDecryptKeyID [RFC7030] 389 Future updates to this table require both Specification Required and 390 Expert Review as defined in [RFC5226]. 392 3.6. Add SMI Security for S/MIME Algorithms Registry 394 Within the SMI-numbers registry, add a "SMI Security for S/MIME 395 Algorithms (1.2.840.113549.1.9.16.3)" table with three columns: 397 Decimal Description References 398 ------- -------------------------------------- ---------- 399 1 id-alg-ESDHwith3DES Reserved and Obsolete 400 2 id-alg-ESDHwithRC2 Reserved and Obsolete 401 3 id-alg-3DESwrap Reserved and Obsolete 402 4 id-alg-RC2wrap Reserved and Obsolete 403 5 id-alg-ESDH [RFC2630] 404 6 id-alg-CMS3DESwrap [RFC2630] 405 7 id-alg-CMSRC2wrap [RFC2630] 406 8 id-alg-zLibCompress [RFC3274] 407 9 id-alg-PWRI-KEK [RFC3211] 408 10 id-alg-SSDH [RFC3370] 409 11 id-alg-HMACwith3DESwrap [RFC3537] 410 12 id-alg-HMACwithAESwrap [RFC3537] 411 13 id-alg-MD5-XOR-EXPERIMENT [RFC6210] 412 14 id-alg-rsa-kem [RFC5990] 413 15 id-alg-authEnc-128 [RFC6476] 414 16 id-alg-authEnc-256 [RFC6476] 415 17 id-alg-mts-hashsig [WIP3] 417 Future updates to this table require both Specification Required and 418 Expert Review as defined in [RFC5226]. 420 3.7. Add SMI Security for S/MIME Certificate Distribution Registry 422 Within the SMI-numbers registry, add a "SMI Security for S/MIME 423 Certificate Distribution Mechanisms (1.2.840.113549.1.9.16.4)" table 424 with three columns: 426 Decimal Description References 427 ------- -------------------------------------- ---------- 428 1 id-cd-ldap Reserved and Obsolete 430 Future updates to this table require both Specification Required and 431 Expert Review as defined in [RFC5226]. 433 3.8. Add SMI Security for S/MIME Signature Policy Qualifier Registry 435 Within the SMI-numbers registry, add a "SMI Security for S/MIME 436 Signature Policy Qualifier (1.2.840.113549.1.9.16.5)" table with 437 three columns: 439 Decimal Description References 440 ------- -------------------------------------- ---------- 441 1 id-spq-ets-sqt-uri [RFC3126] 442 2 id-spq-ets-sqt-unotice [RFC3126] 444 Future updates to this table require both Specification Required and 445 Expert Review as defined in [RFC5226]. 447 3.9. Add SMI Security for S/MIME Commitment Type Identifier Registry 449 Within the SMI-numbers registry, add a "SMI Security for S/MIME 450 Commitment Type Identifier (1.2.840.113549.1.9.16.6)" table with 451 three columns: 453 Decimal Description References 454 ------- -------------------------------------- ---------- 455 1 id-cti-ets-proofOfOrigin [RFC3126] 456 2 id-cti-ets-proofOfReceipt [RFC3126] 457 3 id-cti-ets-proofOfDelivery [RFC3126] 458 4 id-cti-ets-proofOfSender [RFC3126] 459 5 id-cti-ets-proofOfApproval [RFC3126] 460 6 id-cti-ets-proofOfCreation [RFC3126] 462 Future updates to this table require both Specification Required and 463 Expert Review as defined in [RFC5226]. 465 3.10. Add SMI Security for S/MIME Test Security Policies Registry 467 Within the SMI-numbers registry, add a "SMI Security for S/MIME Test 468 Security Policies (1.2.840.113549.1.9.16.7)" table with three 469 columns: 471 Decimal Description References 472 ------- -------------------------------------- ---------- 473 1 id-tsp-TEST-Amoco [RFC3114] 474 2 id-tsp-TEST-Caterpillar [RFC3114] 475 3 id-tsp-TEST-Whirlpool [RFC3114] 476 4 id-tsp-TEST-Whirlpool-Categories [RFC3114] 478 Future updates to this table require both Specification Required and 479 Expert Review as defined in [RFC5226]. 481 3.11. Add SMI Security for S/MIME Control Attributes for Symmetric Key 482 Distribution Registry 484 Within the SMI-numbers registry, add a "SMI Security for S/MIME 485 Control Attributes for Symmetric Key Distribution 486 (1.2.840.113549.1.9.16.8)" table with three columns: 488 Decimal Description References 489 ------- -------------------------------------- ---------- 490 1 id-skd-glUseKEK [RFC5275] 491 2 id-skd-glDelete [RFC5275] 492 3 id-skd-glAddMember [RFC5275] 493 4 id-skd-glDeleteMember [RFC5275] 494 5 id-skd-glRekey [RFC5275] 495 6 id-skd-glAddOwner [RFC5275] 496 7 id-skd-glRemoveOwner [RFC5275] 497 8 id-skd-glkCompromise [RFC5275] 498 9 id-skd-glkRefresh [RFC5275] 499 10 id-skd-glFailInfo Reserved and Obsolete 500 11 id-skd-glaQueryRequest [RFC5275] 501 12 id-skd-glaQueryResponse [RFC5275] 502 13 id-skd-glProvideCert [RFC5275] 503 14 id-skd-glManageCert [RFC5275] 504 15 id-skd-glKey [RFC5275] 506 Future updates to this table require both Specification Required and 507 Expert Review as defined in [RFC5226]. 509 3.12. Add SMI Security for S/MIME Signature Type Identifiers Registry 511 Within the SMI-numbers registry, add a "SMI Security for S/MIME 512 Signature Type Identifiers (1.2.840.113549.1.9.16.9)" table with 513 three columns: 515 Decimal Description References 516 ------- -------------------------------------- ---------- 517 1 id-sti-originatorSig [RFC3183] 518 2 id-sti-domainSig [RFC3183] 519 3 id-sti-addAttribSig [RFC3183] 520 4 id-sti-reviewSig [RFC3183] 522 Future updates to this table require both Specification Required and 523 Expert Review as defined in [RFC5226]. 525 3.13. Add SMI Security for S/MIME X.400 Encoded Information Types 526 Registry 527 Within the SMI-numbers registry, add a "SMI Security for X.400 528 Encoded Information Types (EIT) for S/MIME objects 529 (1.2.840.113549.1.9.16.10)" table with three columns: 531 Decimal Description References 532 ------- -------------------------------------- ---------- 533 1 id-eit-envelopedData [RFC3855] 534 2 id-eit-signedData [RFC3855] 535 3 id-eit-certOnly [RFC3855] 536 4 id-eit-signedReceipt [RFC3855] 537 5 id-eit-envelopedX400 [RFC3855] 538 6 id-eit-signedX400 [RFC3855] 539 7 id-eit-compressedData [RFC3855] 541 Future updates to this table require both Specification Required and 542 Expert Review as defined in [RFC5226]. 544 3.14. Add SMI Security for S/MIME Non-cryptographic Capabilities 545 Registry 547 Within the SMI-numbers registry, add a "SMI Security for S/MIME 548 Capabilities (other than cryptographic algorithms) 549 (1.2.840.113549.1.9.16.11)" table with three columns: 551 Decimal Description References 552 ------- -------------------------------------- ---------- 553 1 id-cap-preferBinaryInside [RFC3851] 555 Future updates to this table require both Specification Required and 556 Expert Review as defined in [RFC5226]. 558 3.15. Add SMI Security for S/MIME Portable Symmetric Key Container 559 (PSKC) Attributes Registry 561 Within the SMI-numbers registry, add a "SMI Security for S/MIME 562 Portable Symmetric Key Container (PSKC) Attributes 563 (1.2.840.113549.1.9.16.12)" table with three columns: 565 Decimal Description References 566 ------- -------------------------------------- ---------- 567 1 id-pskc-manufacturer [RFC6031] 568 2 id-pskc-serialNo [RFC6031] 569 3 id-pskc-model [RFC6031] 570 4 id-pskc-issueNo [RFC6031] 571 5 id-pskc-deviceBinding [RFC6031] 572 6 id-pskc-deviceStartDate [RFC6031] 573 7 id-pskc-deviceExpiryDate [RFC6031] 574 7 id-pskc-moduleId [RFC6031] 575 9 id-pskc-keyId [RFC6031] 576 10 id-pskc-algorithm [RFC6031] 577 11 id-pskc-issuer [RFC6031] 578 12 id-pskc-keyProfileId [RFC6031] 579 13 id-pskc-keyReference [RFC6031] 580 14 id-pskc-friendlyName [RFC6031] 581 15 id-pskc-algorithmParams [RFC6031] 582 16 id-pskc-counter [RFC6031] 583 17 id-pskc-time [RFC6031] 584 18 id-pskc-timeInterval [RFC6031] 585 19 id-pskc-timeDrift [RFC6031] 586 20 id-pskc-valueMAC [RFC6031] 587 21 id-pskc-keyStartDate [RFC6031] 588 22 id-pskc-keyExpiryDate [RFC6031] 589 23 id-pskc-noOfTransactions [RFC6031] 590 24 id-pskc-keyUsages [RFC6031] 591 25 id-pskc-pinPolicy [RFC6031] 592 26 id-pskc-deviceUserId [RFC6031] 593 27 id-pskc-keyUserId [RFC6031] 595 Future updates to this table require both Specification Required and 596 Expert Review as defined in [RFC5226]. 598 4. Security Considerations 600 This document populates an IANA registry, and it raises no new 601 security considerations. The protocols that specify these values 602 include the security considerations associated with their usage. 604 5. References 606 5.1. Normative References 608 [ASN1-88] International Telephone and Telegraph Consultative 609 Committee, "Specification of Abstract Syntax Notation One 610 (ASN.1)", CCITT Recommendation X.208, 1988. 612 [ASN1-97] International Telecommunications Union, "Abstract Syntax 613 Notation One (ASN.1): Specification of basic notation", 614 ITU-T Recommendation X.680, 1997. 616 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 617 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 618 May 2008. 620 5.2. Informative References 622 [Err3757] Errata for RFC 3183. [http://www.rfc- 623 editor.org/errata_search.php?eid=3757] 625 [RFC2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, 626 June 1999. 628 [RFC2633] Ramsdell, B., Ed., "S/MIME Version 3 Message 629 Specification", RFC 2633, June 1999. 631 [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", 632 RFC 2634, June 1999. 634 [RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R. 635 Zuccherato, "Internet X.509 Public Key Infrastructure Data 636 Validation and Certification Server Protocols", RFC 3029, 637 February 2001. 639 [RFC3114] Nicolls, W., "Implementing Company Classification Policy 640 with the S/MIME Security Label", RFC 3114, May 2002. 642 [RFC3125] Ross, J., Pinkas, D., and N. Pope, "Electronic Signature 643 Policies", RFC 3125, September 2001. 645 [RFC3126] Pinkas, D., Ross, J., and N. Pope, "Electronic Signature 646 Formats for long term electronic signatures", RFC 3126, 647 September 2001. 649 [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, 650 "Internet X.509 Public Key Infrastructure Time-Stamp 651 Protocol (TSP)", RFC 3161, August 2001. 653 [RFC3183] Dean, T. and W. Ottaway, "Domain Security Services using 654 S/MIME", RFC 3183, October 2001. 656 [RFC3185] Farrell, S. and S. Turner, "Reuse of CMS Content 657 Encryption Keys", RFC 3185, October 2001. 659 [RFC3211] Gutmann, P., "Password-based Encryption for CMS", 660 RFC 3211, December 2001. 662 [RFC3274] Gutmann, P., "Compressed Data Content Type for 663 Cryptographic Message Syntax (CMS)", RFC 3274, June 2002. 665 [RFC3369] Housley, R., "Cryptographic Message Syntax (CMS)", 666 RFC 3369, August 2002. 668 [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) 669 Algorithms", RFC 3370, August 2002. 671 [RFC3537] Schaad, J. and R. Housley, "Wrapping a Hashed Message 672 Authentication Code (HMAC) key with a Triple-Data 673 Encryption Standard (DES) Key or an Advanced Encryption 674 Standard (AES) Key", RFC 3537, May 2003. 676 [RFC3560] Housley, R., "Use of the RSAES-OAEP Key Transport 677 Algorithm in Cryptographic Message Syntax (CMS)", 678 RFC 3560, July 2003. 680 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard (AES) 681 Encryption Algorithm in Cryptographic Message Syntax 682 (CMS)", RFC 3565, July 2003. 684 [RFC3657] Moriai, S. and A. Kato, "Use of the Camellia Encryption 685 Algorithm in Cryptographic Message Syntax (CMS)", 686 RFC 3657, January 2004. 688 [RFC3851] Ramsdell, B., Ed., "Secure/Multipurpose Internet Mail 689 Extensions (S/MIME) Version 3.1 Message Specification", 690 RFC 3851, July 2004. 692 [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", 693 RFC 3852, July 2004. 695 [RFC3855] Hoffman, P. and C. Bonatti, "Transporting 696 Secure/Multipurpose Internet Mail Extensions (S/MIME) 697 Objects in X.400", RFC 3855, July 2004. 699 [RFC4010] Park, J., Lee, S., Kim, J., and J. Lee, "Use of the SEED 700 Encryption Algorithm in Cryptographic Message Syntax 701 (CMS)", RFC 4010, February 2005. 703 [RFC4073] Housley, R., "Protecting Multiple Contents with the 704 Cryptographic Message Syntax (CMS)", RFC 4073, May 2005. 706 [RFC4049] Housley, R., "BinaryTime: An Alternate Format for 707 Representing Date and Time in ASN.1", RFC 4049, April 708 2005. 710 [RFC4108] Housley, R., "Using Cryptographic Message Syntax (CMS) to 711 Protect Firmware Packages", RFC 4108, August 2005. 713 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 714 Certificate Request Message Format (CRMF)", RFC 4211, 715 September 2005. 717 [RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence 718 Record Syntax (ERS)", RFC 4998, August 2007. 720 [RFC5035] Schaad, J., "Enhanced Security Services (ESS) Update: 721 Adding CertID Algorithm Agility", RFC 5035, August 2007. 723 [RFC5055] Freeman, T., Housley, R., Malpani, A., Cooper, D., and W. 724 Polk, "Server-Based Certificate Validation Protocol 725 (SCVP)", RFC 5055, December 2007. 727 [RFC5083] Housley, R., "Cryptographic Message Syntax (CMS) 728 Authenticated-Enveloped-Data Content Type", RFC 5083, 729 November 2007. 731 [RFC5084] Housley, R., "Using AES-CCM and AES-GCM Authenticated 732 Encryption in the Cryptographic Message Syntax (CMS)", 733 RFC 5084, November 2007. 735 [RFC5126] Pinkas, D., Pope, N., and J. Ross, "CMS Advanced 736 Electronic Signatures (CAdES)", RFC 5126, March 2008. 738 [RFC5272] Schaad, J. and M. Myers, "Certificate Management over CMS 739 (CMC)", RFC 5272, June 2008. 741 [RFC5275] Turner, S., "CMS Symmetric Key Management and 742 Distribution", RFC 5275, June 2008. 744 [RFC5485] Housley, R., "Digital Signatures on Internet-Draft 745 Documents", RFC 5485, March 2009. 747 [RFC5544] Santoni, A., "Syntax for Binding Documents with Time- 748 Stamps", RFC 5544, February 2010. 750 [RFC5649] Housley, R. and M. Dworkin, "Advanced Encryption Standard 751 (AES) Key Wrap with Padding Algorithm", RFC 5649, 752 September 2009. 754 [RFC5752] Turner, S. and J. Schaad, "Multiple Signatures in 755 Cryptographic Message Syntax (CMS)", RFC 5752, January 756 2010. 758 [RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve 759 Cryptography (ECC) Algorithms in Cryptographic Message 760 Syntax (CMS)", RFC 5753, January 2010. 762 [RFC5755] Farrell, S., Housley, R., and S. Turner, "An Internet 763 Attribute Certificate Profile for Authorization", 764 RFC 5755, January 2010. 766 [RFC5911] Hoffman, P. and J. Schaad, "New ASN.1 Modules for 767 Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, 768 June 2010. 770 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 771 Format", RFC 5914, June 2010. 773 [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, August 774 2010. 776 [RFC5990] Randall, J., Kaliski, B., Brainard, J., and S. Turner, 777 "Use of the RSA-KEM Key Transport Algorithm in the 778 Cryptographic Message Syntax (CMS)", RFC 5990, September 779 2010. 781 [RFC6010] Housley, R., Ashmore, S., and C. Wallace, "Cryptographic 782 Message Syntax (CMS) Content Constraints Extension", 783 RFC 6010, September 2010. 785 [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax 786 (CMS) Symmetric Key Package Content Type", RFC 6031, 787 December 2010. 789 [RFC6032] Turner, S. and R. Housley, "Cryptographic Message Syntax 790 (CMS) Encrypted Key Package Content Type", RFC 6032, 791 December 2010. 793 [RFC6210] Schaad, J., "Experiment: Hash Functions with Parameters in 794 the Cryptographic Message Syntax (CMS) and S/MIME", 795 RFC 6210, April 2011. 797 [RFC6211] Schaad, J., "Cryptographic Message Syntax (CMS) Algorithm 798 Identifier Protection Attribute", RFC 6211, April 2011. 800 [RFC6268] Schaad, J. and S. Turner, "Additional New ASN.1 Modules 801 for the Cryptographic Message Syntax (CMS) and the Public 802 Key Infrastructure Using X.509 (PKIX)", RFC 6268, July 803 2011. 805 [RFC6476] Gutmann, P., "Using Message Authentication Code (MAC) 806 Encryption in the Cryptographic Message Syntax (CMS)", 807 RFC 6476, January 2012. 809 [RFC6482] Lepinski, M., Kent, S., and D. Kong, "A Profile for Route 810 Origin Authorizations (ROAs)", RFC 6482, February 2012. 812 [RFC6486] Austein, R., Huston, G., Kent, S., and M. Lepinski, 813 "Manifests for the Resource Public Key Infrastructure 814 (RPKI)", RFC 6486, February 2012. 816 [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) 817 Ghostbusters Record", RFC 6493, February 2012. 819 [RFC7030] M. Pritikin, M., P. Yee, and D. Harkins, "Enrollment over 820 Secure Transport", RFC 7030, October 2013. 822 [WIP1] Herzog, J., and R. Khazan, "A set-key attribute for 823 symmetric-key packages", Work in progress, October 2012. 824 [draft-herzog-setkey-07] 826 [WIP2] Housley, R., "Cryptographic Message Syntax (CMS) Key 827 Package Receipt and Error Content Types", Work in 828 progress, December 2013. [draft-housley-ct-keypackage- 829 receipt-n-error-06] 831 [WIP3] Housley, R., "Use of the Hash-based Merkle Tree Signature 832 (MTS) Algorithm in the Cryptographic Message Syntax 833 (CMS)", Work in progress, August 2013. [draft-housley-cms- 834 mts-hash-sig-00] 836 Acknowledgements 838 Many thanks to Suresh Krishnan, Jim Schaad, Sean Turner, and Carl 839 Wallace for their careful review and comments. 841 Author's Addresses 843 Russ Housley 844 918 Spring Knoll Drive 845 Herndon, VA 20170 846 USA 847 EMail: housley@vigilsec.com