<?xmlversion='1.0' encoding='utf-8'?>version="1.0" encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!ENTITY RFC2119 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC5280 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"> <!ENTITY RFC5480 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5480.xml"> <!ENTITY RFC8174 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"> ]>"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF"docName="draft-ietf-lamps-5480-ku-clarifications-03"category="std" consensus="true" docName="draft-ietf-lamps-5480-ku-clarifications-03" number="8813" updates="5480"ipr="trust200902">ipr="trust200902" obsoletes="" xml:lang="en" symRefs="true" sortRefs="true" tocInclude="true" version="3"> <!-- xml2rfc v2v3 conversion 2.44.0 --> <!-- Generated by id2xml 1.5.0 on 2020-05-19T19:13:04Z --><?rfc strict="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc text-list-symbols="o*+-"?> <?rfc toc="yes"?><front> <title abbrev="Clarifications forElliptic Curve Crypto">ClarificationsECC SPKI">Clarifications for Elliptic CurveCryptogtaphyCryptography Subject Public Key Information</title> <seriesInfo name="RFC" value="8813"/> <author initials="T." surname="Ito" fullname="Tadahiko Ito"> <organization>SECOM CO., LTD.</organization><address><email>tadahiko.ito.public@gmail.com</email><address> <email>tadahiko.ito.public@gmail.com</email> </address> </author> <author initials="S." surname="Turner" fullname="Sean Turner"> <organization>sn3rd</organization><address><email>sean@sn3rd.com</email><address> <email>sean@sn3rd.com</email> </address> </author> <dateyear="2020" month="May"/>month="August" year="2020"/> <workgroup>LAMPS</workgroup><abstract><t><keyword>PKIX</keyword> <keyword>X.509</keyword> <abstract> <t> This document updates RFC 5480 to specify semantics for the keyEncipherment and dataEncipherment key usage bits when used in certificates that support Elliptic Curve Cryptography.</t> </abstract> </front> <middle> <sectiontitle="Introduction" anchor="sect-1"><t>anchor="sect-1" numbered="true" toc="default"> <name>Introduction</name> <t> <xreftarget="RFC5480"/>target="RFC5480" format="default"/> specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography. As part of these semantics, it defines what combinations are permissible for the values of the key usage extension <xreftarget="RFC5280"/>.target="RFC5280" format="default"/>. <xreftarget="RFC5480"/>target="RFC5480" format="default"/> specifies 7 of the 9 values; it makes no mention of the keyEncipherment and dataEncipherment key usage bits. This document corrects thisomission,omission by updatingSection 3 of<xreftarget="RFC5480"/>target="RFC5480" sectionFormat="of" section="3"/> to make it clear that neither keyEncipherment nor the dataEncipherment key usage bits are set for key agreement algorithms defined therein. The additions are to be made to the end of <xreftarget="sect-3"/>.</t>target="RFC5480" sectionFormat="of" section="3"/>.</t> </section> <sectiontitle="Terminology" anchor="sect-2"><t>anchor="sect-2" numbered="true" toc="default"> <name>Terminology</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> <sectiontitle="Updatesanchor="sect-3" numbered="true" toc="default"> <name>Updates to Section3" anchor="sect-3"><t>3</name> <t> If the keyUsage extension is present in a certificate that indicates id-ecPublicKey in SubjectPublicKeyInfo, then the following valuesMUST NOT<bcp14>MUST NOT</bcp14> be present:</t><figure><artwork><![CDATA[ keyEncipherment; and dataEncipherment. ]]></artwork> </figure><ul empty="true" spacing="compact"> <li>keyEncipherment; and</li> <li>dataEncipherment.</li> </ul> <t> If the keyUsage extension is present in a certificate that indicates id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following values alsoMUST NOT<bcp14>MUST NOT</bcp14> be present:</t><figure><artwork><![CDATA[ keyEncipherment; and dataEncipherment. ]]></artwork> </figure><ul empty="true" spacing="compact"> <li>keyEncipherment; and</li> <li>dataEncipherment.</li> </ul> </section> <sectiontitle="Security Considerations" anchor="sect-4"><t>anchor="sect-4" numbered="true" toc="default"> <name>Security Considerations</name> <t> This document introduces no new security considerations beyond those found in <xreftarget="RFC5480"/>.</t>target="RFC5480" format="default"/>.</t> </section> <sectiontitle="IANA Considerations" anchor="sect-5"><t> Thisanchor="sect-5" numbered="true" toc="default"> <name>IANA Considerations</name> <t>This documentmakeshas norequest of IANA.</t>IANA actions.</t> </section> </middle> <back><references title="Normative References"> &RFC2119; &RFC5280; &RFC5480; &RFC8174;<references> <name>Normative References</name> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5480.xml"/> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> </references> </back> </rfc>