idnits 2.17.00 (12 Aug 2021)

/tmp/idnits31610/draft-ietf-cose-hash-sig-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (April 05, 2019) is 1142 days in the past.  Is this
     intentional?

  -- Found something which looks like a code comment -- if you have code
     sections in the document, please surround them with '<CODE BEGINS>' and
     '<CODE ENDS>' lines.


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: '0' on line 293

  -- Looks like a reference, but probably isn't: '1' on line 248

  == Missing Reference: 'Nspk-2' is mentioned on line 192, but not defined

  == Missing Reference: 'Nspk-1' is mentioned on line 193, but not defined

  == Outdated reference: draft-mcgrew-hash-sigs has been published as RFC 8554

  ** Downref: Normative reference to an Informational draft:
     draft-mcgrew-hash-sigs (ref. 'HASHSIG')

  -- Possible downref: Non-RFC (?) normative reference: ref. 'SHS'


     Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 5 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                         R. Housley
3	Internet-Draft                                            Vigil Security
4	Intended status: Standards Track                          April 05, 2019
5	Expires: October 7, 2019

7	 Use of the Hash-based Signature Algorithm with CBOR Object Signing and
8	                           Encryption (COSE)
9	                      draft-ietf-cose-hash-sig-02

11	Abstract

13	   This document specifies the conventions for using the HSS/LMS hash-
14	   based signature algorithm with the CBOR Object Signing and Encryption
15	   (COSE) syntax.  The HSS/LMS algorithm is one form of hash-based
16	   digital signature; it is described in RFC 8554.

18	Status of This Memo

20	   This Internet-Draft is submitted in full conformance with the
21	   provisions of BCP 78 and BCP 79.

23	   Internet-Drafts are working documents of the Internet Engineering
24	   Task Force (IETF).  Note that other groups may also distribute
25	   working documents as Internet-Drafts.  The list of current Internet-
26	   Drafts is at https://datatracker.ietf.org/drafts/current/.

28	   Internet-Drafts are draft documents valid for a maximum of six months
29	   and may be updated, replaced, or obsoleted by other documents at any
30	   time.  It is inappropriate to use Internet-Drafts as reference
31	   material or to cite them other than as "work in progress."

33	   This Internet-Draft will expire on October 7, 2019.

35	Copyright Notice

37	   Copyright (c) 2019 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents
42	   (https://trustee.ietf.org/license-info) in effect on the date of
43	   publication of this document.  Please review these documents
44	   carefully, as they describe your rights and restrictions with respect
45	   to this document.  Code Components extracted from this document must
46	   include Simplified BSD License text as described in Section 4.e of
47	   the Trust Legal Provisions and are provided without warranty as
48	   described in the Simplified BSD License.

50	Table of Contents

52	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
53	     1.1.  Algorithm Security Considerations . . . . . . . . . . . .   3
54	     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
55	   2.  LMS Digital Signature Algorithm Overview  . . . . . . . . . .   4
56	     2.1.  Hierarchical Signature System (HSS) . . . . . . . . . . .   4
57	     2.2.  Leighton-Micali Signature (LMS) . . . . . . . . . . . . .   5
58	     2.3.  Leighton-Micali One-time Signature Algorithm (LM-OTS) . .   6
59	   3.  Hash-based Signature Algorithm Identifiers  . . . . . . . . .   7
60	   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
61	     4.1.  Implementation Security Considerations  . . . . . . . . .   7
62	   5.  Operational Considerations  . . . . . . . . . . . . . . . . .   8
63	   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
64	     6.1.  COSE Algorithms Registry Entry  . . . . . . . . . . . . .   9
65	     6.2.  COSE Key Types Registry Entry . . . . . . . . . . . . . .   9
66	   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
67	     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
68	     7.2.  Informative References  . . . . . . . . . . . . . . . . .  10
69	   Appendix A.  Examples . . . . . . . . . . . . . . . . . . . . . .  11
70	     A.1.  Example COSE Full Message Signature . . . . . . . . . . .  11
71	     A.2.  Example COSE_Sign0 Message  . . . . . . . . . . . . . . .  16
72	   Appendix B.  Acknowledgements . . . . . . . . . . . . . . . . . .  21
73	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  21

75	1.  Introduction

77	   This document specifies the conventions for using the HSS/LMS hash-
78	   based signature algorithm with the CBOR Object Signing and Encryption
79	   (COSE) [RFC8152] syntax.  The Leighton-Micali Signature (LMS) system
80	   provides a one-time digital signature that is a variant of Merkle
81	   Tree Signatures (MTS).  The Hierarchical Signature System (HSS) is
82	   built on top of the LMS system to efficiently scale for a larger
83	   numbers of signatures.  The HSS/LMS algorithm is one form of hash-
84	   based digital signature, and it is described in [HASHSIG].  The HSS/
85	   LMS signature algorithm can only be used for a fixed number of
86	   signing operations.  The number of signing operations depends upon
87	   the size of the tree.  The HSS/LMS signature algorithm uses small
88	   public keys, and it has low computational cost; however, the
89	   signatures are quite large.  The HSS/LMS private key can be very
90	   small when the signer is willing to perform additional computation at
91	   signing time; alternatively, the private key can consume additional
92	   memory and provide a faster signing time.

94	1.1.  Algorithm Security Considerations

96	   At Black Hat USA 2013, some researchers gave a presentation on the
97	   current state of public key cryptography.  They said: "Current
98	   cryptosystems depend on discrete logarithm and factoring which has
99	   seen some major new developments in the past 6 months" [BH2013].  Due
100	   to advances in cryptanalysis, they encouraged preparation for a day
101	   when RSA and DSA cannot be depended upon.

103	   If large-scale quantum computers are ever built, these computers will
104	   be able to break many of the public-key cryptosystems currently in
105	   use.  A post-quantum cryptosystem [PQC] is a system that is secure
106	   against quantum computers that have more than a trivial number of
107	   quantum bits (qu-bits).  It is open to conjecture when it will be
108	   feasible to build such computers; however, RSA, DSA, ECDSA, and EdDSA
109	   are all vulnerable if large-scale quantum computers come to pass.

111	   The HSS/LMS signature algorithm does not depend on the difficulty of
112	   discrete logarithm or factoring, as a result these algorithms are
113	   considered to be post-quantum secure.

115	   Hash-based signatures [HASHSIG] are currently defined to use
116	   exclusively SHA-256 [SHS].  An IANA registry is defined so that other
117	   hash functions could be used in the future.  LM-OTS signature
118	   generation prepends a random string as well as other metadata before
119	   computing the hash value.  The inclusion of the random value reduces
120	   the chances of an attacker being able to find collisions, even if the
121	   attacker has a large-scale quantum computer.

123	   Today, RSA is often used to digitally sign software updates.  This
124	   means that the distribution of software updates could be compromised
125	   if a significant advance is made in factoring or a large-scale
126	   quantum computer is invented.  The use of HSS/LMS hash-based
127	   signatures to protect software update distribution, perhaps using the
128	   format that is being specified by the IETF SUIT Working Group, will
129	   allow the deployment of software that implements new cryptosystems.

131	1.2.  Terminology

133	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
134	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
135	   "OPTIONAL" in this document are to be interpreted as described in
136	   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
137	   capitals, as shown here.

139	2.  LMS Digital Signature Algorithm Overview

141	   This specification makes use of the hash-based signature algorithm
142	   specified in [HASHSIG], which is the Leighton and Micali adaptation
143	   [LM] of the original Lamport-Diffie-Winternitz-Merkle one-time
144	   signature system [M1979][M1987][M1989a][M1989b].

146	   The hash-based signature algorithm has three major components:

148	      o  Hierarchical Signature System (HSS) -- see Section 2.1;

150	      o  Leighton-Micali Signature (LMS) -- see Section 2.2; and

152	      o  Leighton-Micali One-time Signature Algorithm (LM-OTS) -- see
153	            Section 2.3.

155	   As implied by the name, the hash-based signature algorithm depends on
156	   a collision-resistant hash function.  The the hash-based signature
157	   algorithm specified in [HASHSIG] currently makes use of the SHA-256
158	   one-way hash function [SHS], but it also establishes an IANA registry
159	   to permit the registration of additional one-way hash functions in
160	   the future.

162	2.1.  Hierarchical Signature System (HSS)

164	   The hash-based signature algorithm specified in [HASHSIG] uses a
165	   hierarchy of trees.  The Hierarchical N-time Signature System (HSS)
166	   allows subordinate trees to be generated when needed by the signer.
167	   Otherwise, generation of the entire tree might take weeks or longer.

169	   An HSS signature as specified in [HASHSIG] carries the number of
170	   signed public keys (Nspk), followed by that number of signed public
171	   keys, followed by the LMS signature as described in Section 2.2.  The
172	   public key for the top-most LMS tree is the public key of the HSS
173	   system.  The LMS private key in the parent tree signs the LMS public
174	   key in the child tree, and the LMS private key in the bottom-most
175	   tree signs the actual message.  The signature over the public key and
176	   the signature over the actual message are LMS signatures as described
177	   in Section 2.2.

179	   The elements of the HSS signature value for a stand-alone tree (a top
180	   tree with no children) can be summarized as:

182	      u32str(0) ||
183	      lms_signature  /* signature of message */

185	   The elements of the HSS signature value for a tree with Nspk signed
186	   public keys can be summarized as:

188	      u32str(Nspk) ||
189	      signed_public_key[0] ||
190	      signed_public_key[1] ||
191	         ...
192	      signed_public_key[Nspk-2] ||
193	      signed_public_key[Nspk-1] ||
194	      lms_signature  /* signature of message */

196	   where, as defined in Section 3.3 of [HASHSIG], a signed_public_key is
197	   the lms_signature over the public key followed by the public key
198	   itself.  Note that Nspk is the number of levels in the hierarchy of
199	   trees minus 1.

201	2.2.  Leighton-Micali Signature (LMS)

203	   Each tree in the hash-based signature algorithm specified in
204	   [HASHSIG] uses the Leighton-Micali Signature (LMS) system.  LMS
205	   systems have two parameters.  The first parameter is the height of
206	   the tree, h, which is the number of levels in the tree minus one.
207	   The [HASHSIG] includes support for five values of this parameter:
208	   h=5; h=10; h=15; h=20; and h=25.  Note that there are 2^h leaves in
209	   the tree.  The second parameter is the number of bytes output by the
210	   hash function, m, which is the amount of data associated with each
211	   node in the tree.  This specification supports only SHA-256, with
212	   m=32.  An IANA registry is defined so that other hash functions could
213	   be used in the future.

215	   The [HASHSIG] specification supports five tree sizes:

217	      LMS_SHA256_M32_H5;
218	      LMS_SHA256_M32_H10;
219	      LMS_SHA256_M32_H15;
220	      LMS_SHA256_M32_H20; and
221	      LMS_SHA256_M32_H25.

223	   The [HASHSIG] specification establishes an IANA registry to permit
224	   the registration of additional hash functions and additional tree
225	   sizes in the future.

227	   The LMS public key can be summarized as:

229	      u32str(lms_algorithm_type) || u32str(otstype) || I || T[1]

231	   An LMS signature consists of four elements: the number of the leaf
232	   associated with the LM-OTS signature, an LM-OTS signature as
233	   described in Section 2.3, a typecode indicating the particular LMS
234	   algorithm, and an array of values that is associated with the path
235	   through the tree from the leaf associated with the LM-OTS signature
236	   to the root.  The array of values contains the siblings of the nodes
237	   on the path from the leaf to the root but does not contain the nodes
238	   on the path itself.  The array for a tree with height h will have h
239	   values.  The first value is the sibling of the leaf, the next value
240	   is the sibling of the parent of the leaf, and so on up the path to
241	   the root.

243	   The four elements of the LMS signature value can be summarized as:

245	      u32str(q) ||
246	      ots_signature ||
247	      u32str(type) ||
248	      path[0] || path[1] || ... || path[h-1]

250	2.3.  Leighton-Micali One-time Signature Algorithm (LM-OTS)

252	   The hash-based signature algorithm depends on a one-time signature
253	   method.  This specification makes use of the Leighton-Micali One-time
254	   Signature Algorithm (LM-OTS) [HASHSIG].  An LM-OTS has five
255	   parameters:

257	      n -  The number of bytes output by the hash function.  This
258	           specification supports only SHA-256 [SHS], with n=32.

260	      H -  A preimage-resistant hash function that accepts byte strings
261	           of any length, and returns an n-byte string.  This
262	           specification supports only SHA-256 [SHS].

264	      w -  The width in bits of the Winternitz coefficients.  [HASHSIG]
265	           supports four values for this parameter: w=1; w=2; w=4; and
266	           w=8.

268	      p -  The number of n-byte string elements that make up the LM-OTS
269	           signature.

271	      ls - The number of left-shift bits used in the checksum function,
272	           which is defined in Section 4.5 of [HASHSIG].

274	   The values of p and ls are dependent on the choices of the parameters
275	   n and w, as described in Appendix A of [HASHSIG].

277	   The [HASHSIG] specification supports four LM-OTS variants:

279	      LMOTS_SHA256_N32_W1;
280	      LMOTS_SHA256_N32_W2;
281	      LMOTS_SHA256_N32_W4; and
282	      LMOTS_SHA256_N32_W8.

284	   The [HASHSIG] specification establishes an IANA registry to permit
285	   the registration of additional hash functions and additional
286	   parameter sets in the future.

288	   Signing involves the generation of C, which is an n-byte random
289	   value.

291	   The LM-OTS signature value can be summarized as:

293	      u32str(otstype) || C || y[0] || ... || y[p-1]

295	3.  Hash-based Signature Algorithm Identifiers

297	   The CBOR Object Signing and Encryption (COSE) [RFC8152] supports two
298	   signature algorithm schemes.  This specification makes use of the
299	   signature with appendix scheme for hash-based signatures.

301	   The signature value is a large byte string.  The byte string is
302	   designed for easy parsing, and it includes a counter and type codes
303	   that indirectly provide all of the information that is needed to
304	   parse the byte string during signature validation.

306	   When using a COSE key for this algorithm, the following checks are
307	   made:

309	      o  The 'kty' field MUST be present, and it MUST be 'HSS-LMS'.

311	      o  If the 'alg' field is present, and it MUST be 'HSS-LMS'.

313	      o  If the 'key_ops' field is present, it MUST include 'sign' when
314	           creating a hash-based signature.

316	      o  If the 'key_ops' field is present, it MUST include 'verify'
317	           when verifying a hash-based signature.

319	      o  If the 'kid' field is present, it MAY be used to identify the
320	           top of the HSS tree.  In [HASHSIG], this identifier is called
321	           'I', and it is the 16-byte identifier of the LMS public key
322	           for the tree.

324	4.  Security Considerations

326	4.1.  Implementation Security Considerations

328	   Implementations must protect the private keys.  Use of a hardware
329	   security module (HSM) is one way to protect the private keys.
330	   Compromise of the private keys may result in the ability to forge
331	   signatures.  Along with the private key, the implementation must keep
332	   track of which leaf nodes in the tree have been used.  Loss of
333	   integrity of this tracking data can cause a one-time key to be used
334	   more than once.  As a result, when a private key and the tracking
335	   data are stored on non-volatile media or stored in a virtual machine
336	   environment, care must be taken to preserve confidentiality and
337	   integrity.

339	   When a LMS key pair is generating a LMS key pair, an implementation
340	   must must generate the key pair and the corresponding identifier
341	   independently of all other key pairs in the HSS tree.

343	   An implementation must ensure that a LM-OTS private key is used to
344	   generate a signature only one time, and ensure that it cannot be used
345	   for any other purpose.

347	   The generation of private keys relies on random numbers.  The use of
348	   inadequate pseudo-random number generators (PRNGs) to generate these
349	   values can result in little or no security.  An attacker may find it
350	   much easier to reproduce the PRNG environment that produced the keys,
351	   searching the resulting small set of possibilities, rather than brute
352	   force searching the whole key space.  The generation of quality
353	   random numbers is difficult.  [RFC4086] offers important guidance in
354	   this area.

356	   The generation of hash-based signatures also depends on random
357	   numbers.  While the consequences of an inadequate pseudo-random
358	   number generator (PRNGs) to generate these values is much less severe
359	   than the generation of private keys, the guidance in [RFC4086]
360	   remains important.

362	5.  Operational Considerations

364	   The public key for the hash-based signature is the key at the root of
365	   Hierarchical Signature System (HSS).  In the absence of a public key
366	   infrastructure [RFC5280], this public key is a trust anchor, and the
367	   number of signatures that can be generated is bounded by the size of
368	   the overall HSS set of trees.  When all of the LM-OTS signatures have
369	   been used to produce a signature, then the establishment of a new
370	   trust anchor is required.

372	   To ensure that none of tree nodes are used to generate more than one
373	   signature, the signer maintains state across different invocations of
374	   the signing algorithm.  Section 12.2 of [HASHSIG] offers some
375	   practical implementation approaches around this statefulness.  In
376	   some of these approaches, nodes are sacrificed to ensure that none
377	   are used more than once.  As a result, the total number of signatures
378	   that can be generated might be less than the overall HSS set of
379	   trees.

381	6.  IANA Considerations

383	   IANA is requested to add entries for hash-based signatures in the
384	   "COSE Algorithms" registry and hash-based public keys in the "COSE
385	   Key Types" registry.

387	6.1.  COSE Algorithms Registry Entry

389	   The new entry in the "COSE Algorithms" registry has the following
390	   columns:

392	      Name:  HSS-LMS

394	      Value:  TBD (Value to be assigned by IANA)

396	      Description:  HSS/LMS hash-based digital signature

398	      Reference:  This document (Number to be assigned by RFC Editor)

400	      Recommended:  Yes

402	6.2.  COSE Key Types Registry Entry

404	   The new entry in the "COSE Key Types" registry has the following
405	   columns:

407	      Name:  HSS-LMS

409	      Value:  TBD (Value to be assigned by IANA)

411	      Description:  Public key for HSS/LMS hash-based digital signature

413	      Reference:  This document (Number to be assigned by RFC Editor)

415	7.  References

417	7.1.  Normative References

419	   [HASHSIG]  McGrew, D., Curcio, M., and S. Fluhrer, "Hash-Based
420	              Signatures", draft-mcgrew-hash-sigs-15 (work in progress),
421	              January 2019.

423	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
424	              Requirement Levels", BCP 14, RFC 2119,
425	              DOI 10.17487/RFC2119, March 1997,
426	              <https://www.rfc-editor.org/info/rfc2119>.

428	   [RFC8152]  Schaad, J., "CBOR Object Signing and Encryption (COSE)",
429	              RFC 8152, DOI 10.17487/RFC8152, July 2017,
430	              <https://www.rfc-editor.org/info/rfc8152>.

432	   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
433	              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
434	              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

436	   [SHS]      National Institute of Standards and Technology (NIST),
437	              "Secure Hash Standard", FIPS Publication 180-3, 2008.

439	7.2.  Informative References

441	   [BH2013]   Ptacek, T., Ritter, T., Samuel, J., and A. Stamos, "The
442	              Factoring Dead: Preparing for the Cryptopocalypse", August
443	              2013, <https://media.blackhat.com/us-13/
444	              us-13-Stamos-The-Factoring-Dead.pdf>.

446	   [LM]       Leighton, F. and S. Micali, "Large provably fast and
447	              secure digital signature schemes from secure hash
448	              functions", U.S. Patent 5,432,852, July 1995.

450	   [M1979]    Merkle, R., "Secrecy, Authentication, and Public Key
451	              Systems", Stanford University Information Systems
452	              Laboratory Technical Report 1979-1, 1979.

454	   [M1987]    Merkle, R., "A Digital Signature Based on a Conventional
455	              Encryption Function", Lecture Notes in Computer
456	              Science crypto87, 1988.

458	   [M1989a]   Merkle, R., "A Certified Digital Signature", Lecture Notes
459	              in Computer Science crypto89, 1990.

461	   [M1989b]   Merkle, R., "One Way Hash Functions and DES", Lecture
462	              Notes in Computer Science crypto89, 1990.

464	   [PQC]      Bernstein, D., "Introduction to post-quantum
465	              cryptography", 2009,
466	              <http://www.pqcrypto.org/www.springer.com/cda/content/
467	              document/cda_downloaddocument/9783540887010-c1.pdf>.

469	   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
470	              "Randomness Requirements for Security", BCP 106, RFC 4086,
471	              DOI 10.17487/RFC4086, June 2005,
472	              <https://www.rfc-editor.org/info/rfc4086>.

474	   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
475	              Housley, R., and W. Polk, "Internet X.509 Public Key
476	              Infrastructure Certificate and Certificate Revocation List
477	              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
478	              <https://www.rfc-editor.org/info/rfc5280>.

480	Appendix A.  Examples

482	   This appendix provides an example of a COSE full message signature
483	   and an example of a COSE_Sign0 message.

485	A.1.  Example COSE Full Message Signature

487	   This section provides an example of a COSE full message signature.

489	   {
490	      "title":"HSS LMS Hash based signature - hsssig-01",
491	      "input":{
492	         "plaintext":"This is the content.",
493	         "sign":{
494	            "protected":{
495	               "ctyp":0
496	            },
497	            "signers":[
498	               {
499	                  "key":{
500	                     "kty":"HSS-LMS",
501	                     "kid":"ItsBig",
502	                     "comment":"1 level key - LM_SHA256_MD32_H10 + \
503	                         LMOTS_SHA256_N32_W4 ",
504	                     "public":"000000010000000600000003d08fabd4a20 \
505	                         91ff0a8cb4ed834e7453432a58885cd9ba0431235 \
506	                         466bff9651c6c92124404d45fa53cf161c28f1ad5a8e",
507	                     "private":"1|6|3|558B8966C48AE9CB898B423C8344 \
508	                         3AAE014A72F1B1AB5CC85CF1D892903B5439|1|d0 \
509	                         8fabd4a2091ff0a8cb4ed834e74534"
510	                  },
511	                  "unprotected":{
512	                     "kid":"ItsBig"
513	                  },
514	                  "protected":{
515	                     "alg":"HSS-LMS"
516	                  }
517	               }
518	            ]
519	         },
520	         "rng_description":"Random value for signature",
521	         "rng_stream":[
522	            "ACFC5C7377D45C969DF7D7289882A48C1A10E5C48B6E29DF5018D \
523	                3E683E36BC5"
524	         ]
525	      },
526	      "intermediates":{
527	         "signers":[
528	            {
529	               "ToBeSign_hex":"85695369676E617475726543A103004AA10 \
530	                   1674853532D4C4D53405454686973206973207468652063 \
531	                   6F6E74656E742E"
532	            }
533	         ]
534	      },
535	      "output":{
536	         "cbor_diag":"98([h'A10300', {}, h'54686973206973207468652 \
537	             0636F6E74656E742E', [[h'A101674853532D4C4D53', \
538	             {4: h'497473426967'}, h'00000000000000010000000391291 \
539	             DE76CE6E24D1E2A9B60266519BC8CE889F814DEB0FC00EDD3129D \
540	             E3AB9BFC0F5DA46923923AA3209BF9E1480AB78906D79D4C9280A \
541	             DC6300C182CB33429CE0035FE3E2E4428770D22F85687A18AEE76 \
542	             CDC2F8E8F40043B314A68E72F9F679F7E3A5A34594E7673EEB70E \
543	             840FBFFDA398EC59BF0236FDD34ACE319DC1EAD1BD22B0213A094 \
544	             6160F30168A6E193C57C32BB017C22529EC3760FF93358633D5A6 \
545	             9F7F0850BD720E72FF758B19D4E27D114B1E6321BFDF1859102E7 \
546	             23A3B1F1AE5BC53EC8732FF1B2C4D384137E8EEEC94804CB47C82 \
547	             3C0B01441E28B178E1F5A904CF7592AAACF820C97E7714B69FCA4 \
548	             BABE97854B0C00A705CAE7BA9112D182C21BCE3F10EA70C324F46 \
549	             6749279610A3477B03E3622169438C27CD46FCAD769D010D0B13A \
550	             06F5CD00D93A2EEB2BB0E25BFFD2A08C8DDF0653518B7BFEDB3B4 \
551	             6EB56BDA75B0421DF87F7FD1F08808B58DD3647472D90F8F9459C \
552	             775BFF5930956EBD7BF4D5F6B26BC53196FF9B660949B23154B9C \
553	             E7A0DF55E9083B42A90D82F8D1DE2F62770EBDCE42A4A50448854 \
554	             15C7BA81EFED2BCF8C1B6932215646E9EF160DDD79CA4DD6F4774 \
555	             85BB5B01AAD4DF4D6D45942B935C74D35BD340D9D83CBC8F8A719 \
556	             D6BB5CE098091C8787E193C84CE386355C55807A17CE1BFF830D4 \
557	             B87D63646EF8FC1E9E9071BB67A123FDEC3F37638CDAF0F4BF308 \
558	             4074069171C10C4670163B9626635ADE3BD6D7917D0B029C7D4B8 \
559	             8B005473B6FF3862FB491CD1E1F6069B306C4EF8AE4C7F83EB320 \
560	             A20406AA7FFF84BFDD22AD876B4661ED5D38F35591625F1D53DC1 \
561	             BD472D1B4D93E93DA31A8CD5CEA70B6DD7BCFA510E5BD31C1AA60 \
562	             BD252071D689C9D9CC1EDFE8AA0235C654F758FC8936515AE3441 \
563	             C3B9F2AFFA164AF2999C6994C54F0AC923F0E6ED8C48C6148234E \
564	             ADB87ABEA3C935B3D9682E6D121506131E6928474327E1E47CE7C \
565	             9D9BD4C36E7A274664B21B1E6304CCD6111E53159775196AAC4D5 \
566	             9ED5FF553F4EC9597DF17873BB5E47827D83AA48BD22849D5A97C \
567	             93A106672BDEB52ED7B6D2C56CE32700513C0FC04F26549A6FC5C \
568	             DBB5634C0BFBB6EF1FAADA66923D21BAB3BF62C6DD6D7DAAB67AB \
569	             A8923C4CF1CC8ABB47F33DF12617C38A7B1DB13E6B2D6E23DFA59 \
570	             F8E760966B7B17A5B492C6AE25920E8F697F7666D02222CD48852 \
571	             7DB55DAABD2F82D927BBB7EC06B833D4BBE08680A54B1E062D938 \
572	             8530B1F96696F712457AF44705400D8F443FAFB01D76FD6075D20 \
573	             845044ACCEA54DC4872A97C2DBCF0A9968001CB7C22F9D9387A76 \
574	             630FE4A825AA4054A3E5BA1486F5AD7B2A87FD4B248DCEE4E6EC1 \
575	             A2B8A2D2BFB19A74CA3027338633B18865EB5A16997D2DD3BC441 \
576	             35E47220182BC1FB7445037C3524641CF69370D0627C04C43A14E \
577	             778BADCFD7961551A9FCB95A8D4162A94110BC703F5F49CB85322 \
578	             CA9007322F2DBE55DC237FAED2FBF9C953EF9F5EBBDC0058BFD69 \
579	             475A87D32E4A9E5C266012B0CCE1E507AD10FC01D7E00FBF5556E \
580	             A9DC716B812357F0BE844FD14C33C582E80EB1603D78C00A6E9F6 \
581	             7EB8981A04581122F3F0DDCF997F6F7CB637857C07DEC7353DA14 \
582	             03BAAFAC8DB374922198081D77F52DB3F8B6281471D53BB11C6DA \
583	             56DD733632021F584E207FD61222C4FFEFAA74214C7634B6171C9 \
584	             5905CA05D9A3A686A7BA541BFA59A76F9CB85F4A5272BC6209A41 \
585	             CF83A22EF22074B2760118952B8282ACEF179B26C879D2C8B4238 \
586	             979E4BD512D8A5D20578810E134F254B4C1D22685B58537632259 \
587	             BB6B4CC14FB6E6C94C1087441A81F11B9A83535B24DDC725A81A9 \
588	             D1FF62DA2804C8D84C6E3837D97DEF03AA275D348E7C0AA4A46A3 \
589	             9EDDDD55C45513AB692BD7DEC0F0B142F3E7075CBEA436F3791AF \
590	             2C6E014F73C8A29464393BBB56ACE6A7048F1E444934125C9B5F7 \
591	             8A5AA130F238A441DBEC5EA73F61D00D059CB2A137D6F9EC27306 \
592	             8B2545549E525055CDE70F7C7C28FB4CADC251AE6FE3186DF1987 \
593	             0661831E95C76450146654A3D36184CFFAA1EFC684ACD21D2498E \
594	             298FD18E99D5C6AFAF5588CCDDC2475B9E8294677924FA8283094 \
595	             810F7DD9FEF57DFF359805725ED044AC13D1794D7949FE0EAFC42 \
596	             5933A7D788035C6C825A580EC3E26F7B3BE31FB98A7F67BCC6FF5 \
597	             1ABEA2A7D9FF6D898018B5FBEE74D892C8694101236E20991499D \
598	             0385A18B290BCF2938806D602E27800C21B2E38C65B987B10D360 \
599	             B2C674EED6A6205F251A0E68B7D57060DE5E3F599BA197997EE49 \
600	             DA7D6AB97119F03AF737CE914B004462AA07C61B15311BBA10FC5 \
601	             BB68A2621E47BE3374222DFFDE29C7910418F6D9E4DD1B7B7A9B3 \
602	             600689019F188EA696B7951A10C15E9BD01A5160E1A571942E223 \
603	             C6F29A70528E5CF7A52F1F60806A9FF729E76D69BFD315383F031 \
604	             C3863650757F1EF75D474935147FBAA9A6DA0ABF7C5BCF4E05026 \
605	             FD134AC20815A3A81A026213EA50FF1454F2399518DD359D49D9E \
606	             475DA432FFD4B953875FDB7A7EA7D04AC13D4102851D90BAB6527 \
607	             72527E85C485E863D9A1AC76BC0474D53FA5E6A77E64210788FBD \
608	             EB5696C6DEEEDF18AAC2BC74FC861AB770175A032273E4D5D7366 \
609	             C8FFE6F446995B564FC3D59C70FECDB60A25E28650417157F43F3 \
610	             E72C3AFC2372EC9D0787CB37BFAC383648E7A168EAACCA7C55505 \
611	             F93E9A09310320CB5184512F583F2FEA5853C36E6E43A6E6BE182 \
612	             185F04FE4B05170865618A51CF25542EADF473D5794295BDC86FC \
613	             6909D301E952346E32D69320D333BCA39B4FF8AF7E199BD55D919 \
614	             0F1FED4D3225274F03A1806E201ED2D040509FD7FA67C9CE6068E \
615	             C54B56D53BF47E67B5B8B6382A0CB69A61D7FBC2DDEDA171D4F70 \
616	             14262FC77F454A3E68E6EFB7C31C4080024C8027FD8D6CE648B78 \
617	             2B56B762BEE5ADA237D018689B58902CBAC4E44C931416B47CD5E \
618	             20026D5B81B407A0E29CAAEC81F1C3528463132F00589A9F8021A \
619	             74109F8DBF81FE282C1F58BF3F2A52C560E38BFD68B2D28679CBC \
620	             089F2C9C3FC245FF5FA3ADA7F7973D9BD4BEC69B1F0C71416A6C4 \
621	             F00000006ED1CE8C6E437918D43FBA7BD9385694C41182703F6B7 \
622	             F704DEEDD9384BA6F8BC362C948646B3C9848803E6D9BA1F7D396 \
623	             7F709CDDD35DC77D60356F0C36808900B491CB4ECBBABEC128E7C \
624	             81A46E62A67B57640A0A78BE1CBF7DD9D419A10CD8686D16621A8 \
625	             0816BFDB5BDC56211D72CA70B81F1117D129529A7570CF79CF52A \
626	             7028A48538ECDD3B38D3D5D62D26246595C4FB73A525A5ED2C305 \
627	             24EBB1D8CC82E0C19BC4977C6898FF95FD3D310B0BAE71696CEF9 \
628	             3C6A552456BF96E9D075E383BB7543C675842BAFBFC7CDB88483B \
629	             3276C29D4F0A341C2D406E40D4653B7E4D045851ACF6A0A0EA9C7 \
630	             10B805CCED4635EE8C107362F0FC8D80C14D0AC49C516703D26D1 \
631	             4752F34C1C0D2C4247581C18C2CF4DE48E9CE949BE7C888E9CAEB \
632	             E4A415E291FD107D21DC1F084B1158208249F28F4F7C7E931BA7B \
633	             3BD0D824A4570']]])",
634	         "cbor":"D8628443A10300A054546869732069732074686520636F6E7 \
635	             4656E742E81834AA101674853532D4C4D53A10446497473426967 \
636	             5909D000000000000000010000000391291DE76CE6E24D1E2A9B6 \
637	             0266519BC8CE889F814DEB0FC00EDD3129DE3AB9BFC0F5DA46923 \
638	             923AA3209BF9E1480AB78906D79D4C9280ADC6300C182CB33429C \
639	             E0035FE3E2E4428770D22F85687A18AEE76CDC2F8E8F40043B314 \
640	             A68E72F9F679F7E3A5A34594E7673EEB70E840FBFFDA398EC59BF \
641	             0236FDD34ACE319DC1EAD1BD22B0213A0946160F30168A6E193C5 \
642	             7C32BB017C22529EC3760FF93358633D5A69F7F0850BD720E72FF \
643	             758B19D4E27D114B1E6321BFDF1859102E723A3B1F1AE5BC53EC8 \
644	             732FF1B2C4D384137E8EEEC94804CB47C823C0B01441E28B178E1 \
645	             F5A904CF7592AAACF820C97E7714B69FCA4BABE97854B0C00A705 \
646	             CAE7BA9112D182C21BCE3F10EA70C324F466749279610A3477B03 \
647	             E3622169438C27CD46FCAD769D010D0B13A06F5CD00D93A2EEB2B \
648	             B0E25BFFD2A08C8DDF0653518B7BFEDB3B46EB56BDA75B0421DF8 \
649	             7F7FD1F08808B58DD3647472D90F8F9459C775BFF5930956EBD7B \
650	             F4D5F6B26BC53196FF9B660949B23154B9CE7A0DF55E9083B42A9 \
651	             0D82F8D1DE2F62770EBDCE42A4A5044885415C7BA81EFED2BCF8C \
652	             1B6932215646E9EF160DDD79CA4DD6F477485BB5B01AAD4DF4D6D \
653	             45942B935C74D35BD340D9D83CBC8F8A719D6BB5CE098091C8787 \
654	             E193C84CE386355C55807A17CE1BFF830D4B87D63646EF8FC1E9E \
655	             9071BB67A123FDEC3F37638CDAF0F4BF3084074069171C10C4670 \
656	             163B9626635ADE3BD6D7917D0B029C7D4B88B005473B6FF3862FB \
657	             491CD1E1F6069B306C4EF8AE4C7F83EB320A20406AA7FFF84BFDD \
658	             22AD876B4661ED5D38F35591625F1D53DC1BD472D1B4D93E93DA3 \
659	             1A8CD5CEA70B6DD7BCFA510E5BD31C1AA60BD252071D689C9D9CC \
660	             1EDFE8AA0235C654F758FC8936515AE3441C3B9F2AFFA164AF299 \
661	             9C6994C54F0AC923F0E6ED8C48C6148234EADB87ABEA3C935B3D9 \
662	             682E6D121506131E6928474327E1E47CE7C9D9BD4C36E7A274664 \
663	             B21B1E6304CCD6111E53159775196AAC4D59ED5FF553F4EC9597D \
664	             F17873BB5E47827D83AA48BD22849D5A97C93A106672BDEB52ED7 \
665	             B6D2C56CE32700513C0FC04F26549A6FC5CDBB5634C0BFBB6EF1F \
666	             AADA66923D21BAB3BF62C6DD6D7DAAB67ABA8923C4CF1CC8ABB47 \
667	             F33DF12617C38A7B1DB13E6B2D6E23DFA59F8E760966B7B17A5B4 \
668	             92C6AE25920E8F697F7666D02222CD488527DB55DAABD2F82D927 \
669	             BBB7EC06B833D4BBE08680A54B1E062D9388530B1F96696F71245 \
670	             7AF44705400D8F443FAFB01D76FD6075D20845044ACCEA54DC487 \
671	             2A97C2DBCF0A9968001CB7C22F9D9387A76630FE4A825AA4054A3 \
672	             E5BA1486F5AD7B2A87FD4B248DCEE4E6EC1A2B8A2D2BFB19A74CA \
673	             3027338633B18865EB5A16997D2DD3BC44135E47220182BC1FB74 \
674	             45037C3524641CF69370D0627C04C43A14E778BADCFD7961551A9 \
675	             FCB95A8D4162A94110BC703F5F49CB85322CA9007322F2DBE55DC \
676	             237FAED2FBF9C953EF9F5EBBDC0058BFD69475A87D32E4A9E5C26 \
677	             6012B0CCE1E507AD10FC01D7E00FBF5556EA9DC716B812357F0BE \
678	             844FD14C33C582E80EB1603D78C00A6E9F67EB8981A04581122F3 \
679	             F0DDCF997F6F7CB637857C07DEC7353DA1403BAAFAC8DB3749221 \
680	             98081D77F52DB3F8B6281471D53BB11C6DA56DD733632021F584E \
681	             207FD61222C4FFEFAA74214C7634B6171C95905CA05D9A3A686A7 \
682	             BA541BFA59A76F9CB85F4A5272BC6209A41CF83A22EF22074B276 \
683	             0118952B8282ACEF179B26C879D2C8B4238979E4BD512D8A5D205 \
684	             78810E134F254B4C1D22685B58537632259BB6B4CC14FB6E6C94C \
685	             1087441A81F11B9A83535B24DDC725A81A9D1FF62DA2804C8D84C \
686	             6E3837D97DEF03AA275D348E7C0AA4A46A39EDDDD55C45513AB69 \
687	             2BD7DEC0F0B142F3E7075CBEA436F3791AF2C6E014F73C8A29464 \
688	             393BBB56ACE6A7048F1E444934125C9B5F78A5AA130F238A441DB \
689	             EC5EA73F61D00D059CB2A137D6F9EC273068B2545549E525055CD \
690	             E70F7C7C28FB4CADC251AE6FE3186DF19870661831E95C7645014 \
691	             6654A3D36184CFFAA1EFC684ACD21D2498E298FD18E99D5C6AFAF \
692	             5588CCDDC2475B9E8294677924FA8283094810F7DD9FEF57DFF35 \
693	             9805725ED044AC13D1794D7949FE0EAFC425933A7D788035C6C82 \
694	             5A580EC3E26F7B3BE31FB98A7F67BCC6FF51ABEA2A7D9FF6D8980 \
695	             18B5FBEE74D892C8694101236E20991499D0385A18B290BCF2938 \
696	             806D602E27800C21B2E38C65B987B10D360B2C674EED6A6205F25 \
697	             1A0E68B7D57060DE5E3F599BA197997EE49DA7D6AB97119F03AF7 \
698	             37CE914B004462AA07C61B15311BBA10FC5BB68A2621E47BE3374 \
699	             222DFFDE29C7910418F6D9E4DD1B7B7A9B3600689019F188EA696 \
700	             B7951A10C15E9BD01A5160E1A571942E223C6F29A70528E5CF7A5 \
701	             2F1F60806A9FF729E76D69BFD315383F031C3863650757F1EF75D \
702	             474935147FBAA9A6DA0ABF7C5BCF4E05026FD134AC20815A3A81A \
703	             026213EA50FF1454F2399518DD359D49D9E475DA432FFD4B95387 \
704	             5FDB7A7EA7D04AC13D4102851D90BAB652772527E85C485E863D9 \
705	             A1AC76BC0474D53FA5E6A77E64210788FBDEB5696C6DEEEDF18AA \
706	             C2BC74FC861AB770175A032273E4D5D7366C8FFE6F446995B564F \
707	             C3D59C70FECDB60A25E28650417157F43F3E72C3AFC2372EC9D07 \
708	             87CB37BFAC383648E7A168EAACCA7C55505F93E9A09310320CB51 \
709	             84512F583F2FEA5853C36E6E43A6E6BE182185F04FE4B05170865 \
710	             618A51CF25542EADF473D5794295BDC86FC6909D301E952346E32 \
711	             D69320D333BCA39B4FF8AF7E199BD55D9190F1FED4D3225274F03 \
712	             A1806E201ED2D040509FD7FA67C9CE6068EC54B56D53BF47E67B5 \
713	             B8B6382A0CB69A61D7FBC2DDEDA171D4F7014262FC77F454A3E68 \
714	             E6EFB7C31C4080024C8027FD8D6CE648B782B56B762BEE5ADA237 \
715	             D018689B58902CBAC4E44C931416B47CD5E20026D5B81B407A0E2 \
716	             9CAAEC81F1C3528463132F00589A9F8021A74109F8DBF81FE282C \
717	             1F58BF3F2A52C560E38BFD68B2D28679CBC089F2C9C3FC245FF5F \
718	             A3ADA7F7973D9BD4BEC69B1F0C71416A6C4F00000006ED1CE8C6E \
719	             437918D43FBA7BD9385694C41182703F6B7F704DEEDD9384BA6F8 \
720	             BC362C948646B3C9848803E6D9BA1F7D3967F709CDDD35DC77D60 \
721	             356F0C36808900B491CB4ECBBABEC128E7C81A46E62A67B57640A \
722	             0A78BE1CBF7DD9D419A10CD8686D16621A80816BFDB5BDC56211D \
723	             72CA70B81F1117D129529A7570CF79CF52A7028A48538ECDD3B38 \
724	             D3D5D62D26246595C4FB73A525A5ED2C30524EBB1D8CC82E0C19B \
725	             C4977C6898FF95FD3D310B0BAE71696CEF93C6A552456BF96E9D0 \
726	             75E383BB7543C675842BAFBFC7CDB88483B3276C29D4F0A341C2D \
727	             406E40D4653B7E4D045851ACF6A0A0EA9C710B805CCED4635EE8C \
728	             107362F0FC8D80C14D0AC49C516703D26D14752F34C1C0D2C4247 \
729	             581C18C2CF4DE48E9CE949BE7C888E9CAEBE4A415E291FD107D21 \
730	             DC1F084B1158208249F28F4F7C7E931BA7B3BD0D824A4570"
731	      }
732	   }

734	A.2.  Example COSE_Sign0 Message

736	   This section provides an example of a COSE_Sign0 message.

738	   {
739	      "title":"HSS LMS Hash based signature - hsssig-sig-01",
740	      "input":{
741	         "plaintext":"This is the content.",
742	         "sign0":{
743	            "key":{
744	               "kty":"HSS-LMS",
745	               "kid":"ItsBig",
746	               "comment":"1 level key - LM_SHA256_MD32_H10 + \
747	                   LMOTS_SHA256_N32_W4 ",
748	               "public":"000000010000000600000003d08fabd4a2091ff0a \
749	                   8cb4ed834e7453432a58885cd9ba0431235466bff9651c6 \
750	                   c92124404d45fa53cf161c28f1ad5a8e",
751	               "private":"1|6|3|558B8966C48AE9CB898B423C83443AAE01 \
752	                   4A72F1B1AB5CC85CF1D892903B5439|0|d08fabd4a2091f \
753	                   f0a8cb4ed834e74534"
754	            },
755	            "unprotected":{
756	               "kid":"ItsBig"
757	            },
758	            "protected":{
759	               "alg":"HSS-LMS"
760	            },
761	            "alg":"HSS-LMS"

763	         },
764	         "rng_description":"Random value for signature",
765	         "rng_stream":[
766	            "1D5112D38A1146402875B73BC8D4B59C845C6AE61D03A70ABAD09 \
767	            8AC05AD8297"
768	         ]
769	      },
770	      "intermediates":{
771	         "ToBeSign_hex":"846A5369676E6174757265314AA101674853532D4 \
772	         C4D534054546869732069732074686520636F6E74656E742E"
773	      },
774	      "output":{
775	         "cbor_diag":"18([h'A101674853532D4C4D53', \
776	             {4: h'497473426967'}, \
777	             h'546869732069732074686520636F6E74656E742E', \
778	             h'00000000000000000000000391291DE76CE6E24D1E2A9B60266 \
779	             519BC8CE889F814DEB0FC00EDD3129DE3AB9BA6814A4BEE84E5E8 \
780	             38C7725F78FE0610837A548F92802DA610AFB0ADFB133123061C0 \
781	             23E87A7802C17B00740F25737A775B95E923905B6F0CA02A87095 \
782	             5420A68003133A1EA12083E134238DFE5F1633E159CFD207BC79B \
783	             50DD39BA39FCAAA75C12F7F1B493AB8736162E42C2C2F9159DF33 \
784	             32C399A50BB8404F2CB6D98DAA4C3DF82A197CFE014BEC27CC820 \
785	             A5B26BAC5DFE05947E3A7D92070A4653C67BA095AB0499AF655B8 \
786	             1B719912E296765FA46CB0AD2ED56BBCF00CA6FB9C16D8C05C1C1 \
787	             65FED054A099A3DA89F9CB951C6ED366DF38E299C7E7DC9AC9C43 \
788	             66F328407E7C4A6CD8A5314D6B02B377406D5A5E589E91FEAA9F2 \
789	             E4EC1682BA1F633C7784B3038FAC2E77947916C8F4160CF6D9D0B \
790	             0BC6600CDBC4AE947DD5D317DCBA3D200A739F96CDDBA94DAF86C \
791	             E80C76158D4F5CF3CD2BA9F1393DF47E556887F919E0718625D31 \
792	             240E7FE9599012F757314C20893827194AD6555F1452E3A749CE2 \
793	             13DFBA283013DCFF196F9BD18D715B6E7451DE35B18181DF8A626 \
794	             DE1480F2DDECB126B477E019FFE75E4472EF4FA1B913C80821155 \
795	             AAE0D7F3B1175B64CA076926166C80E8219D241791C1DE3C8F936 \
796	             55085C0B00F840970367DAF2A41D462C696C74AF0C3591A6C6B4D \
797	             701963819FFBDC945785D64CE687BA4D086A31FE6A5E1C74A6C0E \
798	             25CF67CEA24DCDE0E47B5210670CC2D66003DF2232F4BA337D325 \
799	             166381681FD4738997BB3EC1499E594B5CCE9FBC11C3136C20F15 \
800	             6012A4DA062675627758DBF1BE635C876F81713D322EA127F6FFC \
801	             8880F42BA51879CC0EB27B8A0C21E434DA7C490BFE30BE1FAC3CA \
802	             A5CF97451FADF412ECA7BAD72E2553541224EB934A9C8A0034E1C \
803	             59EA2D9EAFD66A72F1C43A07B70CBBC0AD844506E31C4CC84F395 \
804	             F28915239C8CB733787EE79704B8BA0CC667282984DFBD01BDC34 \
805	             ADF0E90A309986BE6AD95486E67754543999AEE160A7C6458992F \
806	             ABC338136D95FBC688E0F4F03D8F942875DF39E8D9EAA6B35FFA6 \
807	             C9C1097E5BEA8EADA90DAAC52FBE16A830EA49D550ABFFB64C824 \
808	             4095992BAE73D970AE908CE9413A6EC52F98F593E138F3E6B7BAE \
809	             A6657E03DF715516DD69342374D222F9A4D4B6579994DD01F4E7E \
810	             C1C254C2A5EA109519C788FA1504B0273975C3E647820CFE5CDF4 \
811	             D0D5A6C717C1795EB2BE37030EDEB3196D5866255B1FC10BD03B0 \
812	             5FBDF59DBD87451877761BDEDD25D468D9409A054B1767BF70C41 \
813	             61D416B01F472E4D0924FB9EF84A7EF027A4C3F6FDDD0018A827A \
814	             B66017062F0F0709B271C1CB03557558F882C4FD89569E55E86D9 \
815	             834105F5E7468BA389305729F7FEB6BF2BE3F92BCA40917CC947A \
816	             438B43D6A109535EEBFC06BAEE3A01C9E49D95E84ACDA572F47C4 \
817	             FECC648903154182BBF5222CD4F40622DBB6886A062FE52A59260 \
818	             EC8B61843622DA827B77BAFB0E0F7AA55E3E869BD7943C780F317 \
819	             82241FE1D8B55C313A421875EFE40BD3B649087AE3A1A5942A51A \
820	             7C182EDF686A9842A2F82E51ABE70826D5CA045F984472DB63784 \
821	             194DC2C523889A95CA8C625B017BCA6CAC5175E87552EACBD8D3F \
822	             5C281E4D4108F90E395088D50C528809C37788609A5734FFCE402 \
823	             87270A3A6B04A069DE8277F7F5109C16938347A643713C9AC36FF \
824	             FC8BF141E899F48BC25C7B636D43BEBCFA7742D4E1462263E5673 \
825	             2AD2021EEF8CE84023C4959CFD250348B23AE6DB317087F1F593F \
826	             768825A970E85C15306447892E72C8CF4461E3DF57E696AF1780A \
827	             DA04F847F8FD3C42A802FC9BA38C696ED74FF8A300D171BBAE888 \
828	             8B226498CF63EBA035814557E3A552E0B5DA56DD90C1372D82386 \
829	             0D00CA4F242E8BF1FCA88BA71173DE185E6F1D1EF2BAE53D701D0 \
830	             3D4BF3B44F0842BED8126494A7FD2C7B1321A5527B78681B1D130 \
831	             62CE4DAE86C68DAB481551D857934250E6DBF99D37DA15735831C \
832	             2FA31DD2AB81FBF1F2DE8D890DF29A8CCD730431135E3A0D9C075 \
833	             860F9843B14BE9408714E96218D3642E5B0126BD8FF941757A512 \
834	             CDCB4F6336D6FDC357C28E59484EDC9101AE78BBC6CB380E6E051 \
835	             6ECC48391FE9DA4519DF813CB680497BA65132954F11F857BDFF3 \
836	             644B7F54F59542BAE97EBC7270DECDD407989CAD427894922EDC1 \
837	             BD22E5E1991E1B894A92F893268F66327084B09A945732EF82F27 \
838	             007D5DD0A08403E8E553EA7E20C1E23A567B850F8FE4D00417099 \
839	             5CE1FCC2284EACB197F001C9B0FF2FB67BC24C5774A935F96761F \
840	             D52394AEDE47896E5204BD011F2697F9791953C0F265909019A90 \
841	             804A3A59A4D5A481020861ADC270845EBEE08D8C5C442A0ECBB5C \
842	             78D65E11A5CD71D520281A73C8EE741B4B1E2807E30BD9A2AD1DF \
843	             E50FE3875F201926D87F732461E279FB774E97A93363527C13948 \
844	             DBE1776B7FB8604762C576402481704E4E056D67F00EC4399CED2 \
845	             B8802C89A78827B12FDC5D8B8A3A1914A80B573D3C4F3C87E91AE \
846	             3DBB05B685CEC2194604FA3965B0AF4E0D6E929D672E6C2EDC600 \
847	             1FC2A9AB1CA244FD07847B86A544AAB532DD2E49C2ACB9C42330B \
848	             44F95AEF50A1E44761E5E25670DA2C7291254C17C298F685B1FB0 \
849	             22932B07DE031B1E9988131C73BD0B4E748FF2C2FFD45B7DF99EF \
850	             1FA579F02930D3C3AA3D46F50AF699CF3E5E11E035B693542EBB5 \
851	             B7D756B001BA792C8B6F4521A4F49DB647A37095A28482548E3C0 \
852	             E9DFB0C2D504BE2E9B60983660B05E45FF8847BD7392ED1010AA8 \
853	             5589B36455B864A682B58A87CE0BE617C838BEA0295186178B1EC \
854	             2CD64044B8FF4A30FFEFAE2A007E7531250E0EBBB76621CBECF25 \
855	             5E08727BBE61178A3CF25395468F207249A97EF9A631D9CD651FD \
856	             36ADC2CB00B81663E6C89869E7C2BCB6C149E9CA97B4AC8F656F9 \
857	             B54A800C81045C77A6DD75040AFB72273F1C1A2B8A0E60E60F5FA \
858	             9C63AA4DBBCE603BBAF99DE4EB95FED967E444FABD025D40A2D74 \
859	             AFE0AD427C5E0D5DDFE3267DD04256752FB643D362E8DA17B5E44 \
860	             81A45176376804FF489DF09FDA863BD4000000067B95DE445ABF8 \
861	             9161DFF4B91A4A9E3BF156A39A4660F98F06BF3F017686D9DFC36 \
862	             2C948646B3C9848803E6D9BA1F7D3967F709CDDD35DC77D60356F \
863	             0C36808900B491CB4ECBBABEC128E7C81A46E62A67B57640A0A78 \
864	             BE1CBF7DD9D419A10CD8686D16621A80816BFDB5BDC56211D72CA \
865	             70B81F1117D129529A7570CF79CF52A7028A48538ECDD3B38D3D5 \
866	             D62D26246595C4FB73A525A5ED2C30524EBB1D8CC82E0C19BC497 \
867	             7C6898FF95FD3D310B0BAE71696CEF93C6A552456BF96E9D075E3 \
868	             83BB7543C675842BAFBFC7CDB88483B3276C29D4F0A341C2D406E \
869	             40D4653B7E4D045851ACF6A0A0EA9C710B805CCED4635EE8C1073 \
870	             62F0FC8D80C14D0AC49C516703D26D14752F34C1C0D2C4247581C \
871	             18C2CF4DE48E9CE949BE7C888E9CAEBE4A415E291FD107D21DC1F \
872	             084B1158208249F28F4F7C7E931BA7B3BD0D824A4570'])",
873	         "cbor":"D2844AA101674853532D4C4D53A1044649747342696754546 \
874	             869732069732074686520636F6E74656E742E5909D00000000000 \
875	             0000000000000391291DE76CE6E24D1E2A9B60266519BC8CE889F \
876	             814DEB0FC00EDD3129DE3AB9BA6814A4BEE84E5E838C7725F78FE \
877	             0610837A548F92802DA610AFB0ADFB133123061C023E87A7802C1 \
878	             7B00740F25737A775B95E923905B6F0CA02A870955420A6800313 \
879	             3A1EA12083E134238DFE5F1633E159CFD207BC79B50DD39BA39FC \
880	             AAA75C12F7F1B493AB8736162E42C2C2F9159DF3332C399A50BB8 \
881	             404F2CB6D98DAA4C3DF82A197CFE014BEC27CC820A5B26BAC5DFE \
882	             05947E3A7D92070A4653C67BA095AB0499AF655B81B719912E296 \
883	             765FA46CB0AD2ED56BBCF00CA6FB9C16D8C05C1C165FED054A099 \
884	             A3DA89F9CB951C6ED366DF38E299C7E7DC9AC9C4366F328407E7C \
885	             4A6CD8A5314D6B02B377406D5A5E589E91FEAA9F2E4EC1682BA1F \
886	             633C7784B3038FAC2E77947916C8F4160CF6D9D0B0BC6600CDBC4 \
887	             AE947DD5D317DCBA3D200A739F96CDDBA94DAF86CE80C76158D4F \
888	             5CF3CD2BA9F1393DF47E556887F919E0718625D31240E7FE95990 \
889	             12F757314C20893827194AD6555F1452E3A749CE213DFBA283013 \
890	             DCFF196F9BD18D715B6E7451DE35B18181DF8A626DE1480F2DDEC \
891	             B126B477E019FFE75E4472EF4FA1B913C80821155AAE0D7F3B117 \
892	             5B64CA076926166C80E8219D241791C1DE3C8F93655085C0B00F8 \
893	             40970367DAF2A41D462C696C74AF0C3591A6C6B4D701963819FFB \
894	             DC945785D64CE687BA4D086A31FE6A5E1C74A6C0E25CF67CEA24D \
895	             CDE0E47B5210670CC2D66003DF2232F4BA337D325166381681FD4 \
896	             738997BB3EC1499E594B5CCE9FBC11C3136C20F156012A4DA0626 \
897	             75627758DBF1BE635C876F81713D322EA127F6FFC8880F42BA518 \
898	             79CC0EB27B8A0C21E434DA7C490BFE30BE1FAC3CAA5CF97451FAD \
899	             F412ECA7BAD72E2553541224EB934A9C8A0034E1C59EA2D9EAFD6 \
900	             6A72F1C43A07B70CBBC0AD844506E31C4CC84F395F28915239C8C \
901	             B733787EE79704B8BA0CC667282984DFBD01BDC34ADF0E90A3099 \
902	             86BE6AD95486E67754543999AEE160A7C6458992FABC338136D95 \
903	             FBC688E0F4F03D8F942875DF39E8D9EAA6B35FFA6C9C1097E5BEA \
904	             8EADA90DAAC52FBE16A830EA49D550ABFFB64C8244095992BAE73 \
905	             D970AE908CE9413A6EC52F98F593E138F3E6B7BAEA6657E03DF71 \
906	             5516DD69342374D222F9A4D4B6579994DD01F4E7EC1C254C2A5EA \
907	             109519C788FA1504B0273975C3E647820CFE5CDF4D0D5A6C717C1 \
908	             795EB2BE37030EDEB3196D5866255B1FC10BD03B05FBDF59DBD87 \
909	             451877761BDEDD25D468D9409A054B1767BF70C4161D416B01F47 \
910	             2E4D0924FB9EF84A7EF027A4C3F6FDDD0018A827AB66017062F0F \
911	             0709B271C1CB03557558F882C4FD89569E55E86D9834105F5E746 \
912	             8BA389305729F7FEB6BF2BE3F92BCA40917CC947A438B43D6A109 \
913	             535EEBFC06BAEE3A01C9E49D95E84ACDA572F47C4FECC64890315 \
914	             4182BBF5222CD4F40622DBB6886A062FE52A59260EC8B61843622 \
915	             DA827B77BAFB0E0F7AA55E3E869BD7943C780F31782241FE1D8B5 \
916	             5C313A421875EFE40BD3B649087AE3A1A5942A51A7C182EDF686A \
917	             9842A2F82E51ABE70826D5CA045F984472DB63784194DC2C52388 \
918	             9A95CA8C625B017BCA6CAC5175E87552EACBD8D3F5C281E4D4108 \
919	             F90E395088D50C528809C37788609A5734FFCE40287270A3A6B04 \
920	             A069DE8277F7F5109C16938347A643713C9AC36FFFC8BF141E899 \
921	             F48BC25C7B636D43BEBCFA7742D4E1462263E56732AD2021EEF8C \
922	             E84023C4959CFD250348B23AE6DB317087F1F593F768825A970E8 \
923	             5C15306447892E72C8CF4461E3DF57E696AF1780ADA04F847F8FD \
924	             3C42A802FC9BA38C696ED74FF8A300D171BBAE8888B226498CF63 \
925	             EBA035814557E3A552E0B5DA56DD90C1372D823860D00CA4F242E \
926	             8BF1FCA88BA71173DE185E6F1D1EF2BAE53D701D03D4BF3B44F08 \
927	             42BED8126494A7FD2C7B1321A5527B78681B1D13062CE4DAE86C6 \
928	             8DAB481551D857934250E6DBF99D37DA15735831C2FA31DD2AB81 \
929	             FBF1F2DE8D890DF29A8CCD730431135E3A0D9C075860F9843B14B \
930	             E9408714E96218D3642E5B0126BD8FF941757A512CDCB4F6336D6 \
931	             FDC357C28E59484EDC9101AE78BBC6CB380E6E0516ECC48391FE9 \
932	             DA4519DF813CB680497BA65132954F11F857BDFF3644B7F54F595 \
933	             42BAE97EBC7270DECDD407989CAD427894922EDC1BD22E5E1991E \
934	             1B894A92F893268F66327084B09A945732EF82F27007D5DD0A084 \
935	             03E8E553EA7E20C1E23A567B850F8FE4D004170995CE1FCC2284E \
936	             ACB197F001C9B0FF2FB67BC24C5774A935F96761FD52394AEDE47 \
937	             896E5204BD011F2697F9791953C0F265909019A90804A3A59A4D5 \
938	             A481020861ADC270845EBEE08D8C5C442A0ECBB5C78D65E11A5CD \
939	             71D520281A73C8EE741B4B1E2807E30BD9A2AD1DFE50FE3875F20 \
940	             1926D87F732461E279FB774E97A93363527C13948DBE1776B7FB8 \
941	             604762C576402481704E4E056D67F00EC4399CED2B8802C89A788 \
942	             27B12FDC5D8B8A3A1914A80B573D3C4F3C87E91AE3DBB05B685CE \
943	             C2194604FA3965B0AF4E0D6E929D672E6C2EDC6001FC2A9AB1CA2 \
944	             44FD07847B86A544AAB532DD2E49C2ACB9C42330B44F95AEF50A1 \
945	             E44761E5E25670DA2C7291254C17C298F685B1FB022932B07DE03 \
946	             1B1E9988131C73BD0B4E748FF2C2FFD45B7DF99EF1FA579F02930 \
947	             D3C3AA3D46F50AF699CF3E5E11E035B693542EBB5B7D756B001BA \
948	             792C8B6F4521A4F49DB647A37095A28482548E3C0E9DFB0C2D504 \
949	             BE2E9B60983660B05E45FF8847BD7392ED1010AA85589B36455B8 \
950	             64A682B58A87CE0BE617C838BEA0295186178B1EC2CD64044B8FF \
951	             4A30FFEFAE2A007E7531250E0EBBB76621CBECF255E08727BBE61 \
952	             178A3CF25395468F207249A97EF9A631D9CD651FD36ADC2CB00B8 \
953	             1663E6C89869E7C2BCB6C149E9CA97B4AC8F656F9B54A800C8104 \
954	             5C77A6DD75040AFB72273F1C1A2B8A0E60E60F5FA9C63AA4DBBCE \
955	             603BBAF99DE4EB95FED967E444FABD025D40A2D74AFE0AD427C5E \
956	             0D5DDFE3267DD04256752FB643D362E8DA17B5E4481A451763768 \
957	             04FF489DF09FDA863BD4000000067B95DE445ABF89161DFF4B91A \
958	             4A9E3BF156A39A4660F98F06BF3F017686D9DFC362C948646B3C9 \
959	             848803E6D9BA1F7D3967F709CDDD35DC77D60356F0C36808900B4 \
960	             91CB4ECBBABEC128E7C81A46E62A67B57640A0A78BE1CBF7DD9D4 \
961	             19A10CD8686D16621A80816BFDB5BDC56211D72CA70B81F1117D1 \
962	             29529A7570CF79CF52A7028A48538ECDD3B38D3D5D62D26246595 \
963	             C4FB73A525A5ED2C30524EBB1D8CC82E0C19BC4977C6898FF95FD \
964	             3D310B0BAE71696CEF93C6A552456BF96E9D075E383BB7543C675 \
965	             842BAFBFC7CDB88483B3276C29D4F0A341C2D406E40D4653B7E4D \
966	             045851ACF6A0A0EA9C710B805CCED4635EE8C107362F0FC8D80C1 \
967	             4D0AC49C516703D26D14752F34C1C0D2C4247581C18C2CF4DE48E \
968	             9CE949BE7C888E9CAEBE4A415E291FD107D21DC1F084B11582082 \
969	             49F28F4F7C7E931BA7B3BD0D824A4570"
970	      }
971	   }

973	Appendix B.  Acknowledgements

975	   Many thanks to Scott Fluhrer, John Mattsson, Jim Schaad, and Tony
976	   Putman for their valuable review and insights.  In addition, an extra
977	   special thank you to Jim Schaad for generating the examples in
978	   Appendix A.

980	Author's Address

982	   Russ Housley
983	   Vigil Security, LLC
984	   516 Dranesville Road
985	   Herndon, VA  20170
986	   US

988	   Email: housley@vigilsec.com