Russ Housley | 3 May 21:01 2006

RE: Elliptic Curve Cryptography with PKIX


RFC 3280 does not provide as much guidance as I would like.  Section 
4.1.2.7 says the following about the  Subject Public Key Info field:

    This field is used to carry the public key and identify the algorithm
    with which the key is used (e.g., RSA, DSA, or Diffie-Hellman).  The
    algorithm is identified using the AlgorithmIdentifier structure
    specified in section 4.1.1.2.  The object identifiers for the
    supported algorithms and the methods for encoding the public key
    materials (public key and parameters) are specified in [PKIXALGS].

Section 4.1.1.2 includes these words:

    The algorithm identifier is used to identify a cryptographic
    algorithm.  The OBJECT IDENTIFIER component identifies the algorithm
    (such as DSA with SHA-1).  The contents of the optional parameters
    field will vary according to the algorithm identified.

It does not really provide much guidance to developers of AlgorithmIdentifiers.

I characterize the X9.62 approach as using the OBJECT IDENTIFIER to 
name a class of elliptic curve algorithms, and then using a portion 
of the parameters to list the members of that class that are 
acceptable for the subject public key.

I am very interested to know how this fits with real implementations.

My suspicion is that implementation that support key agreement are 
used to looking into the parameter to determine if the public key is 
a member of the same group.  This is needed for static-static 
(Continue reading)

rfc-editor | 6 May 02:41 2006

RFC 4476 on Attribute Certificate (AC) Policies Extension


A new Request for Comments is now available in online RFC libraries.

        
        RFC 4476

        Title:      Attribute Certificate (AC) Policies Extension 
        Author:     C. Francis, D. Pinkas
        Status:     Standards Track
        Date:       May 2006
        Mailbox:    Chris_S_Francis <at> Raytheon.com, 
                    Denis.Pinkas <at> bull.net
        Pages:      11
        Characters: 20229
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-pkix-acpolicies-extn-08.txt

        URL:        http://www.rfc-editor.org/rfc/rfc4476.txt

This document describes one certificate extension that explicitly
states the Attribute Certificate Policies (ACPs) that apply to a
given Attribute Certificate (AC).  The goal of this document is to
allow relying parties to perform an additional test when validating
an AC, i.e., to assess whether a given AC carrying some attributes
can be accepted on the basis of references to one or more specific
ACPs.  [STANDARDS TRACK]

This document is a product of the Public-Key Infrastructure (X.509)
Working Group of the IETF.
(Continue reading)

Internet-Drafts | 16 May 21:50 2006
Picon

I-D ACTION:draft-ietf-pkix-cmc-trans-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Certificate Management over CMS (CMC) Transport Protocols
	Author(s)	: J. Schaad, M. Myers
	Filename	: draft-ietf-pkix-cmc-trans-05.txt
	Pages		: 7
	Date		: 2006-5-16
	
This document defines a number of transport mechanisms that are used
   to move CMC (Certificate Managment over CMS (Cryptographic Message
   Syntax)) messages.  The transport mechanisms described in this
   document are: HTTP, file, mail and TCP.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-trans-05.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-pkix-cmc-trans-05.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
(Continue reading)

todd glassey | 17 May 21:46 2006
Picon
Picon

Proposal for a PKI extension to SMTP.


I want to propose an auditing extension to SMTP such that a PKI signed copy
of the Physical MAC address of the network card sending the message and the
TPM data of the system is propagated through SMTP transactions.

This will also need a resolution protocol and this is legally speaking such
a critical thing that this group might consider extending any talk of
quashing the group, until something like this was completed.

This is a key extension and trust anchor process for SMTP and its needed in
the world tremendously to prevent spam and track spammers better.

Todd Glassey

Internet-Drafts | 19 May 21:50 2006
Picon

I-D ACTION:draft-ietf-pkix-lightweight-ocsp-profile-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Lightweight OCSP Profile for High Volume Environments
	Author(s)	: R. Hurst, A. Deacon
	Filename	: draft-ietf-pkix-lightweight-ocsp-profile-05.txt
	Pages		: 20
	Date		: 2006-5-19
	
This specification defines a profile of the Online Certificate 
   Status Protocol (OCSP) that addresses the scalability issues 
   inherent when using OCSP in large scale (high volume) PKI 
   environments and/or in PKI environments that require a lightweight 
   solution to minimize communication bandwidth and client side 
   processing.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-lightweight-ocsp-profile-05.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-pkix-lightweight-ocsp-profile-05.txt".

A list of Internet-Drafts directories can be found in
(Continue reading)

rfc-editor | 23 May 00:24 2006

RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile


A new Request for Comments is now available in online RFC libraries.

        
        RFC 4491

        Title:      Using the GOST R 34.10-94, 
                    GOST R 34.10-2001, and GOST R 
                    34.11-94 Algorithms with the Internet X.509 
                    Public Key Infrastructure Certificate and CRL 
                    Profile 
        Author:     S. Leontiev, Ed.,
                    D. Shefanovski, Ed.
        Status:     Standards Track
        Date:       May 2006
        Mailbox:    lse <at> cryptopro.ru, 
                    dbs <at> mts.ru
        Pages:      20
        Characters: 39095
        Obsoletes:  RFC3279
        See-Also:   

        I-D Tag:    draft-ietf-pkix-gost-cppk-05.txt

        URL:        http://www.rfc-editor.org/rfc/rfc4491.txt

This document supplements RFC 3279.  It describes encoding formats,
identifiers, and parameter formats for the algorithms GOST R 34.10-94,
GOST R 34.10-2001, and GOST R 34.11-94 for use in Internet X.509
Public Key Infrastructure (PKI).  [STANDARDS TRACK]
(Continue reading)

Gregory S. Chudov | 23 May 15:22 2006
Picon

Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile


Thanks and to everyone involved.
One funny thing - the announcement says "Obsoletes:  RFC3279"
(was "Updates:  RFC3279" in the document itself).
So GOST is now the one and only algorithm for PKIX? :)

Good luck!

----- Original Message ----- 
From: <rfc-editor <at> rfc-editor.org>
To: <ietf-announce <at> ietf.org>; <rfc-dist <at> rfc-editor.org>
Cc: <rfc-editor <at> rfc-editor.org>; <ietf-pkix <at> imc.org>
Sent: Tuesday, May 23, 2006 2:24 AM
Subject: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST 
R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure 
Certificate and CRL Profile

>
>
> A new Request for Comments is now available in online RFC libraries.
>
>
>        RFC 4491
>
>        Title:      Using the GOST R 34.10-94,
>                    GOST R 34.10-2001, and GOST R
>                    34.11-94 Algorithms with the Internet X.509
>                    Public Key Infrastructure Certificate and CRL
>                    Profile
>        Author:     S. Leontiev, Ed.,
(Continue reading)

Stephen Kent | 23 May 16:24 2006
Picon

Re: RFC 4491 on Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile


At 5:22 PM +0400 5/23/06, Gregory S. Chudov wrote:
>Thanks and to everyone involved.
>One funny thing - the announcement says "Obsoletes:  RFC3279"
>(was "Updates:  RFC3279" in the document itself).
>So GOST is now the one and only algorithm for PKIX? :)
>
>Good luck!

I've contacted the RFC Editor about this whoops.

Steve

Internet-Drafts | 24 May 21:50 2006
Picon

I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
	Author(s)	: D. Cooper, et al.
	Filename	: draft-ietf-pkix-rfc3280bis-03.txt
	Pages		: 141
	Date		: 2006-5-24
	
This memo profiles the X.509 v3 certificate and X.509 v2 Certificate
   Revocation List (CRL) for use in the Internet.  An overview of this
   approach and model are provided as an introduction.  The X.509 v3
   certificate format is described in detail, with additional
   information regarding the format and semantics of Internet name
   forms.  Standard certificate extensions are described and two
   Internet-specific extensions are defined.  A set of required
   certificate extensions is specified.  The X.509 v2 CRL format is
   described in detail, and required extensions are defined.  An
   algorithm for X.509 certification path validation is described.  An
   ASN.1 module and examples are provided in the appendices.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
(Continue reading)

Internet-Drafts | 24 May 21:50 2006
Picon

I-D ACTION:draft-ietf-pkix-scvp-23.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.

	Title		: Server-based Certificate Validation Protocol (SCVP)
	Author(s)	: A. Malpani, et al.
	Filename	: draft-ietf-pkix-scvp-23.txt
	Pages		: 84
	Date		: 2006-3-3
	
SCVP allows a client to delegate certificate path construction and
   certificate path validation to a server.  The path construction or
   validation (e.g. making sure that none of the certificates in the
   path are revoked) is performed according to a validation policy,
   which contains one or more trust anchors.  It allows simplification
   of client implementations and use of a set of predefined validation
   policies.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-23.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-pkix-scvp-23.txt".

(Continue reading)


Gmane