summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc8813.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc8813.txt')
-rw-r--r--doc/rfc/rfc8813.txt140
1 files changed, 140 insertions, 0 deletions
diff --git a/doc/rfc/rfc8813.txt b/doc/rfc/rfc8813.txt
new file mode 100644
index 0000000..b17c985
--- /dev/null
+++ b/doc/rfc/rfc8813.txt
@@ -0,0 +1,140 @@
+
+
+
+
+Internet Engineering Task Force (IETF) T. Ito
+Request for Comments: 8813 SECOM CO., LTD.
+Updates: 5480 S. Turner
+Category: Standards Track sn3rd
+ISSN: 2070-1721 August 2020
+
+
+ Clarifications for Elliptic Curve Cryptography Subject Public Key
+ Information
+
+Abstract
+
+ This document updates RFC 5480 to specify semantics for the
+ keyEncipherment and dataEncipherment key usage bits when used in
+ certificates that support Elliptic Curve Cryptography.
+
+Status of This Memo
+
+ This is an Internet Standards Track document.
+
+ This document is a product of the Internet Engineering Task Force
+ (IETF). It represents the consensus of the IETF community. It has
+ received public review and has been approved for publication by the
+ Internet Engineering Steering Group (IESG). Further information on
+ Internet Standards is available in Section 2 of RFC 7841.
+
+ Information about the current status of this document, any errata,
+ and how to provide feedback on it may be obtained at
+ https://www.rfc-editor.org/info/rfc8813.
+
+Copyright Notice
+
+ Copyright (c) 2020 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents
+ (https://trustee.ietf.org/license-info) in effect on the date of
+ publication of this document. Please review these documents
+ carefully, as they describe your rights and restrictions with respect
+ to this document. Code Components extracted from this document must
+ include Simplified BSD License text as described in Section 4.e of
+ the Trust Legal Provisions and are provided without warranty as
+ described in the Simplified BSD License.
+
+Table of Contents
+
+ 1. Introduction
+ 2. Terminology
+ 3. Updates to Section 3
+ 4. Security Considerations
+ 5. IANA Considerations
+ 6. Normative References
+ Authors' Addresses
+
+1. Introduction
+
+ [RFC5480] specifies the syntax and semantics for the Subject Public
+ Key Information field in certificates that support Elliptic Curve
+ Cryptography. As part of these semantics, it defines what
+ combinations are permissible for the values of the key usage
+ extension [RFC5280]. [RFC5480] specifies 7 of the 9 values; it makes
+ no mention of the keyEncipherment and dataEncipherment key usage
+ bits. This document corrects this omission by updating Section 3 of
+ [RFC5480] to make it clear that neither keyEncipherment nor the
+ dataEncipherment key usage bits are set for key agreement algorithms
+ defined therein. The additions are to be made to the end of
+ Section 3 of [RFC5480].
+
+2. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
+ "OPTIONAL" in this document are to be interpreted as described in
+ BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
+ capitals, as shown here.
+
+3. Updates to Section 3
+
+ If the keyUsage extension is present in a certificate that indicates
+ id-ecPublicKey in SubjectPublicKeyInfo, then the following values
+ MUST NOT be present:
+
+ keyEncipherment; and
+ dataEncipherment.
+
+ If the keyUsage extension is present in a certificate that indicates
+ id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following
+ values also MUST NOT be present:
+
+ keyEncipherment; and
+ dataEncipherment.
+
+4. Security Considerations
+
+ This document introduces no new security considerations beyond those
+ found in [RFC5480].
+
+5. IANA Considerations
+
+ This document has no IANA actions.
+
+6. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119,
+ DOI 10.17487/RFC2119, March 1997,
+ <https://www.rfc-editor.org/info/rfc2119>.
+
+ [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
+ Housley, R., and W. Polk, "Internet X.509 Public Key
+ Infrastructure Certificate and Certificate Revocation List
+ (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
+ <https://www.rfc-editor.org/info/rfc5280>.
+
+ [RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk,
+ "Elliptic Curve Cryptography Subject Public Key
+ Information", RFC 5480, DOI 10.17487/RFC5480, March 2009,
+ <https://www.rfc-editor.org/info/rfc5480>.
+
+ [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
+ 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
+ May 2017, <https://www.rfc-editor.org/info/rfc8174>.
+
+Authors' Addresses
+
+ Tadahiko Ito
+ SECOM CO., LTD.
+
+ Email: tadahiko.ito.public@gmail.com
+
+
+ Sean Turner
+ sn3rd
+
+ Email: sean@sn3rd.com