rfc9152xml2.original.xml   rfc9152.xml 
<?xml version='1.0' encoding='utf-8'?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2046 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF <!DOCTYPE rfc [
C.2046.xml"> <!ENTITY nbsp "&#160;">
<!ENTITY RFC2985 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF <!ENTITY zwsp "&#8203;">
C.2985.xml"> <!ENTITY nbhy "&#8209;">
<!ENTITY RFC2986 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF <!ENTITY wj "&#8288;">
C.2986.xml">
<!ENTITY RFC3739 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.3739.xml">
<!ENTITY RFC4108 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.4108.xml">
<!ENTITY RFC5274 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5274.xml">
<!ENTITY RFC5280 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5280.xml">
<!ENTITY RFC5652 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5652.xml">
<!ENTITY RFC5911 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5911.xml">
<!ENTITY RFC5912 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5912.xml">
<!ENTITY RFC5913 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5913.xml">
<!ENTITY RFC5915 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5915.xml">
<!ENTITY RFC5916 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5916.xml">
<!ENTITY RFC5917 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5917.xml">
<!ENTITY RFC5958 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5958.xml">
<!ENTITY RFC5959 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.5959.xml">
<!ENTITY RFC6010 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6010.xml">
<!ENTITY RFC6031 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6031.xml">
<!ENTITY RFC6032 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6032.xml">
<!ENTITY RFC6033 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6033.xml">
<!ENTITY RFC6160 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6160.xml">
<!ENTITY RFC6161 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6161.xml">
<!ENTITY RFC6162 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6162.xml">
<!ENTITY RFC6268 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6268.xml">
<!ENTITY RFC6402 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.6402.xml">
<!ENTITY RFC7030 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.7030.xml">
<!ENTITY RFC7191 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.7191.xml">
<!ENTITY RFC7192 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.7192.xml">
<!ENTITY RFC7292 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.7292.xml">
<!ENTITY RFC7906 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.7906.xml">
<!ENTITY RFC8295 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.8295.xml">
<!ENTITY RFC8603 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.8603.xml">
<!ENTITY RFC8755 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.8755.xml">
<!ENTITY RFC8756 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.8756.xml">
<!ENTITY I-D.cooley-cnsa-dtls-tls-profile SYSTEM "https://xml2rfc.ietf.org/publi
c/rfc/bibxml3/reference.I-D.cooley-cnsa-dtls-tls-profile.xml">
<!ENTITY RFC2119 SYSTEM "https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
C.2119.xml">
]> ]>
<rfc submissionType="IETF" docName="draft-turner-sodp-profile-08" category="info
" ipr="trust200902">
<!-- Generated by id2xml 1.5.0 on 2021-01-19T23:07:54Z -->
<?rfc strict="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc text-list-symbols="*o+-"?>
<?rfc toc="yes"?>
<front>
<title abbrev="The SODP (Secure Object Delivery Protoco">The SODP (Secure
Object Delivery Protocol) Server Interfaces: NSA's Profile for Delivery of Cert
ificates, CRLs, and Symmetric Keys to Clients</title>
<author initials="M." surname="Jenkins" fullname="Michael Jenkins">
<organization abbrev="NSA">National Security Agency</organization>
<address><email>mjjenki@cyber.nsa.gov</email>
</address>
</author>
<author initials="S." surname="Turner" fullname="Sean Turner"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-turner-sodp-profi
<organization>sn3rd</organization> le-08" number="9152" submissionType="independent" category="info" ipr="trust2009
<address><email>sean@sn3rd.com</email> 02" obsoletes="" updates="" xml:lang="en" symRefs="true" sortRefs="true" tocIncl
</address> ude="true" version="3">
</author>
<date year="2021" month="January"/> <!-- xml2rfc v2v3 conversion 3.5.0 -->
<abstract><t> <!-- Generated by id2xml 1.5.0 on 2021-01-19T23:07:54Z -->
This document specifies protocol interfaces profiled by the US NSA <front>
(United States National Security Agency) for NSS (National Security
System) servers that provide public key certificates, CRLs <title abbrev="SODP Server Interfaces">Secure Object Delivery
(Certificate Revocation Lists), and symmetric keys to NSS clients. Protocol (SODP) Server Interfaces: NSA's
Servers that support these interfaces are referred to as SODP (Secure Profile for Delivery of Certificates, Certificate Revocation Lists (CRLs),
Object Delivery Protocol) servers. The intended audience for this and Symmetric Keys to Clients
</title>
<seriesInfo name="RFC" value="9152"/>
<author initials="M." surname="Jenkins" fullname="Michael Jenkins">
<organization abbrev="NSA">National Security Agency</organization>
<address>
<email>mjjenki@cyber.nsa.gov</email>
</address>
</author>
<author initials="S." surname="Turner" fullname="Sean Turner">
<organization>sn3rd</organization>
<address>
<email>sean@sn3rd.com</email>
</address>
</author>
<date year="2022" month="April"/>
<keyword>CNSA</keyword>
<keyword>NSS</keyword>
<abstract>
<t>
This document specifies protocol interfaces profiled by the United States Nat
ional Security Agency (NSA) for National Security System (NSS) servers that prov
ide public key certificates, Certificate Revocation Lists (CRLs), and symmetric
keys to NSS clients.
Servers that support these interfaces are referred to as Secure
Object Delivery Protocol (SODP) servers. The intended audience for this
profile comprises developers of client devices that will obtain key profile comprises developers of client devices that will obtain key
management services from NSA-operated SODP servers. Interfaces management services from NSA-operated SODP servers. Interfaces
supported by SODP servers include: EST (Enrollment over Secure supported by SODP servers include Enrollment over Secure
Transport) and its extensions as well as CMC (Certificate Management Transport (EST) and its extensions as well as Certificate Management
over CMS (Cryptographic Message Syntax)).</t> over CMS (CMC).</t>
<t>
<t>
This profile applies to the capabilities, configuration, and operation of This profile applies to the capabilities, configuration, and operation of
all components of US National Security Systems (SP 800-59). It is also all components of US National Security Systems (SP 800-59). It is also
appropriate for other US Government systems that process high-value appropriate for other US Government systems that process high-value
information. It is made publicly available for use by developers and information. It is made publicly available for use by developers and
operators of these and any other system deployments.</t> operators of these and any other system deployments.</t>
</abstract>
</abstract> </front>
</front> <middle>
<section anchor="sect-1" numbered="true" toc="default">
<middle> <name>Introduction</name>
<section title="Introduction" anchor="sect-1"><t> <t>
This document specifies protocol interfaces profiled by the US NSA This document specifies protocol interfaces profiled by the United States Nat
(United States National Security Agency) for NSS (National Security ional Security Agency (NSA) for National Security
System) servers that provide public key certificates, CRLs System (NSS) servers that provide public key certificates, Certificate Revoca
(Certificate Revocation Lists), and symmetric keys to NSS clients. tion Lists (CRLs), and symmetric keys to NSS clients.
Servers that support these interfaces are referred to as SODP (Secure Servers that support these interfaces are referred to as Secure
Object Delivery Protocol) servers. The purpose of this document is Object Delivery Protocol (SODP) servers. The purpose of this document is
to indicate options from, and requirements additional to, the base to indicate options from, and requirements in addition to, the base
specifications listed in <xref target="sect-1.1"/> that are necessary for cli specifications listed in <xref target="sect-1.1" format="default"/> that are
ent necessary for client
interoperability with NSA-operated SODP servers. Clients are always interoperability with NSA-operated SODP servers. Clients are always
devices, and need not implement all of the interfaces specified devices and need not implement all of the interfaces specified
herein; clients are free to choose which interfaces to implement herein; clients are free to choose which interfaces to implement
based on their operational requirements. Interfaces supported by based on their operational requirements. Interfaces supported by
SODP servers include:</t> SODP servers include:</t>
<ul spacing="normal">
<li>Enrollment over Secure Transport (EST) <xref target="RFC7030" fo
rmat="default"/> and its
extensions <xref target="RFC8295" format="default"/>, and</li>
<li>Certificate Management over CMS (CMC) <xref target="RFC5274" for
mat="default"/> <xref target="RFC6402" format="default"/> for both Simple Public
Key
Infrastructure (PKI) requests and responses (i.e., PKCS#10 requests
and PKCS#7 responses) and Full PKI requests and responses.</li>
<t><list> </ul>
<t><list style="symbols"><t>EST (Enrollment over Secure Transport) <xref <t>
target="RFC7030"/> and its
extensions <xref target="RFC8295"/>, and</t>
<t>CMC (Certificate Management over CMS (Cryptographic Message
Syntax)) <xref target="RFC5274"/><xref target="RFC6402"/> for both Simple
PKI (Public Key
Infrastructure) requests and responses (i.e., PKCS#10 requests
and PKCS#7 responses) and Full PKI requests and responses.</t>
</list>
</t>
</list>
</t>
<t>
This profile applies to the capabilities, configuration, and operation of This profile applies to the capabilities, configuration, and operation of
all components of US National Security Systems <xref target="SP-800-59"/>. It is also all components of US National Security Systems <xref target="SP-800-59" forma t="default"/>. It is also
appropriate for other US Government systems that process high-value appropriate for other US Government systems that process high-value
information. It is made publicly available for use by developers and information. It is made publicly available for use by developers and
operators of these and any other system deployments.</t> operators of these and any other system deployments.</t>
<t>
<t> This profile conforms to the existing requirements of the NSA's
This profile conforms to the existing requirements of NSA's Commercial National Security Algorithms (CNSAs). As operational needs evolve
Commercial National Security Algorithms. As operational needs evolve
over time, this profile will be updated to incorporate new commercial over time, this profile will be updated to incorporate new commercial
algorithms and protocols as they are developed and approved for use.</t> algorithms and protocols as they are developed and approved for use.</t>
<section anchor="sect-1.1" numbered="true" toc="default">
<section title="Documents to be Familiar With" anchor="sect-1.1"> <name>Documents to be Familiar With</name>
<t>Familiarity with the follow specifications is assumed:
<t>Familiarity with the follow specifications is assumed: </t>
<ul spacing="normal">
<list style="symbols"> <li>EST and EST extensions: <xref target="RFC7030" format="default"/>
and <xref target="RFC8295" format="default"/></li>
<t>EST <xref target="RFC7030"/> and EST extensions <xref <li>PKI-related specifications: <xref target="RFC2986" format="default
target="RFC8295"/>;</t> "/>, <xref target="RFC3739" format="default"/>, <xref target="RFC5274" format="d
efault"/>, <xref target="RFC5280" format="default"/>, <xref target="RFC5912" for
<t>PKI-related specifications <xref target="RFC2986"/>, <xref mat="default"/>, <xref target="RFC5913" format="default"/>, <xref target="RFC591
target="RFC3739"/>, <xref target="RFC5274"/>, <xref 6" format="default"/>, <xref target="RFC5917" format="default"/>, <xref target="
target="RFC5280"/>, <xref target="RFC5912"/>, <xref RFC6010" format="default"/>, and <xref target="RFC6402" format="default"/></li>
target="RFC5913"/>, <xref target="RFC5916"/>, <xref <li>Key-format-related specifications: <xref target="RFC5915" format="
target="RFC5917"/>,<xref target="RFC6010"/>, and <xref default"/>, <xref target="RFC5958" format="default"/>, <xref target="RFC5959" fo
target="RFC6402"/>;</t> rmat="default"/>, <xref target="RFC6031" format="default"/>, <xref target="RFC60
32" format="default"/>, <xref target="RFC6160" format="default"/>, <xref target=
<t>Key-format-related specifications <xref target="RFC5915"/>, <xref "RFC6161" format="default"/>, <xref target="RFC6162" format="default"/>, <xref t
target="RFC5958"/>, <xref target="RFC5959"/>, <xref arget="RFC7191" format="default"/>, <xref target="RFC7192" format="default"/>, <
target="RFC6031"/>, <xref target="RFC6032"/>, <xref xref target="RFC7292" format="default"/>, and <xref target="RFC7906" format="def
target="RFC6160"/>, <xref target="RFC6161"/>, <xref ault"/></li>
target="RFC6162"/>, <xref target="RFC7191"/>, <xref <li>CMS-related (Cryptographic Message Syntax) documents: <xref target
target="RFC7192"/>, <xref target="RFC7292"/>, and <xref ="RFC5652" format="default"/> and <xref target="RFC6268" format="default"/></li>
target="RFC7906"/>;</t> <li>CNSA-related documents: <xref target="RFC8603" format="default"/>,
<xref target="RFC8755" format="default"/>, <xref target="RFC8756" format="defau
<t>CMS-related (Cryptographic Message Syntax) RFCs <xref lt"/>, and <xref target="RFC9151" format="default"/></li>
target="RFC5652"/>, <xref target="RFC6268"/>, and;</t> </ul>
<t>
<t>CNSA-related (Commercial National Security Algorithm) drafts
<xref target="RFC8603"/>, <xref target="RFC8755"/>, <xref
target="RFC8756"/>, and <xref
target="I-D.cooley-cnsa-dtls-tls-profile"/>.</t>
</list>
</t>
<t>
The requirements from RFCs apply throughout this profile and are The requirements from RFCs apply throughout this profile and are
generally not repeated here. This document is purposely written generally not repeated here. This document is purposely written
without <xref target="RFC2119"/> language.</t> without using the requirements language described in <xref target="RFC2119" f
ormat="default"/> and <xref target="RFC8174"/>.</t>
</section> </section>
<section anchor="sect-1.2" numbered="true" toc="default">
<section title="Document Organization" anchor="sect-1.2"> <name>Document Organization</name>
<t> The document is organized as follows:
<t> The document is organized as follows:
<list style="symbols">
<t>The remainder of this section describes the operational
environment used by clients to retrieve secure objects.</t>
<t><xref target="sect-2"/> specifies the ASN.1 (Abstract Syntax
Notation one) version used.</t>
<t><xref target="sect-3"/> specifies SODP's EST interface.</t>
<t><xref target="sect-4"/> specifies SODP's CMC interfaces; one
section each for Simple PKI requests/responses and Full PKI
requests/responses.</t>
<t>Sections 5-9 respectively specify TA, CA, and EE certificates </t>
as well as CRL.</t> <ul spacing="normal">
<li>The remainder of this section describes the operational
environment used by clients to retrieve secure objects.</li>
<li>
<xref target="sect-2" format="default"/> specifies the Abstract Synt
ax Notation One (ASN.1) version used.</li>
<li>
<xref target="sect-3" format="default"/> specifies SODP's EST interf
ace.</li>
</list> <li>
</t> <xref target="sect-4" format="default"/> specifies SODP's CMC interf
aces.
</li>
</section> <li>Sections <xref target="sect-5" format="counter"/>-<xref target="se
ct-7" format="counter"/> specify Trust Anchor (TA), Certification Authority (CA)
, and End-Entity (EE) certificates, respectively.
</li>
<li>Sections <xref target="sect-8" format="counter"/> and <xref target
="sect-9" format="counter"/> specify Relying Party Applications and CRL Profile,
respectively.</li>
</ul>
</section>
<section anchor="sect-1.3" numbered="true" toc="default">
<name>Environment</name>
<section title="Environment" anchor="sect-1.3"><t> <t>
The environment is Client-Server-based from which clients obtain Clients obtain
secure "objects" or "packages". Objects/packages vary based on the secure "objects" or "packages" from the client-server-based environment. Obj
SOA (Source of Authority) but all objects are "secured" minimally ects/packages vary based on the
Source of Authority (SOA), but all objects are "secured" minimally
through the use of one or more digital signatures and zero or more through the use of one or more digital signatures and zero or more
layers of encryption, as profiled in this document. An SOA is the layers of encryption, as profiled in this document. An SOA is the
authority for the creation of objects that the client will recognize authority for the creation of objects that the client will recognize
as valid. An SOA can delegate its authority to other actors; as valid. An SOA can delegate its authority to other actors;
delegation occurs through the issuance of certificates. An object or delegation occurs through the issuance of certificates. An object or
package is the generic term for certificates, certificate status package is the generic term for certificates, certificate status
information, and keys (both asymmetric and symmetric). All of the information, and keys (both asymmetric and symmetric). All of the
objects except for the certificates and certificate status objects except for the certificates and certificate status
information are directly encapsulated in and protected by CMS content information are directly encapsulated in and protected by CMS content
types. CMS content types that provide security are referred to as types. CMS content types that provide security are referred to as
CMS-protecting content types. All others are simply referred to as "CMS-protecting content types". All others are simply referred to as
CMS content types. All secured objects are distributed either as CMS "CMS content types". All secured objects are distributed either as CMS
packages or as part of a CMS package.</t> packages or as part of a CMS package.</t>
<t>
<t> In the example depicted in <xref target="ure-operating-environment-key-and-pk
In the following example depicted in Figure 1, there are two SOAs: i-sources-of-authority"/>, there are two SOAs:
one for symmetric keys, as depicted by the KTA (Key Trust Anchor), one for symmetric keys, as depicted by the Key Trust Anchor (KTA),
and one for public key certificates, as depicted by the PKI TA (Trust and one for public key certificates, as depicted by the PKI Trust
Anchor). The KTA is responsible for the creation and distribution of Anchor (TA). The KTA is responsible for the creation and distribution of
symmetric keys. The KTA delegates the creation and distribution symmetric keys. The KTA delegates the creation and distribution
responsibilities to separate entities through the issuance of responsibilities to separate entities through the issuance of
certificates to a KSA (Key Source Authority) and a KDA (Key certificates to a Key Source Authority (KSA) and a Key
Distribution Authority). The KSA generates the keys, digitally signs Distribution Authority (KDA). The KSA generates the keys, digitally signs
the keys, and encrypts the key for the end client using CMS content the keys, and encrypts the key for the end client using CMS content
types for each step. The KDA distributes the KSA-generated and - types for each step. The KDA distributes the KSA-generated and KSA-protected
protected key to the client; the key may also be signed by the KDA. key to the client; the key may also be signed by the KDA.
The resulting CMS package is provided to the client through the EST The resulting CMS package is provided to the client through the EST
extension's /symmetrickey service. The PKI TA is responsible for the extension's /symmetrickey service. The PKI TA is responsible for the
creation, distribution, and management of public key certificates. creation, distribution, and management of public key certificates.
The PKI TA delegates these responsibilities to CAs (Certification The PKI TA delegates these responsibilities to Certification
Authorities) and CAs in turn are responsible for creating, Authorities (CAs), and CAs, in turn, are responsible for creating,
distributing, and managing EEs (End-Entities) certificates; CAs distributing, and managing End-Entity (EE) certificates. CAs
distribute PKI-related information through the /cacerts, /crls, distribute PKI-related information through the /cacerts, /crls,
/eecerts, /fullcmc, /simpleenroll, /simplereenroll, and /csrattrs EST /eecerts, /fullcmc, /simpleenroll, /simplereenroll, and /csrattrs EST
and EST extension services.</t> and EST extension services.</t>
<figure anchor="ure-operating-environment-key-and-pki-sources-of-authori
<figure title="- Operating Environment (Key and PKI Sources of Authority) ty">
" anchor="ure-operating-environment-key-and-pki-sources-of-authority"><artwork>< <name>Operating Environment (Key and PKI Sources of Authority)</name>
![CDATA[ <artwork name="" type="" align="left" alt=""><![CDATA[
+-----+ +--------+ +-----+ +--------+
| KTA | | PKI TA | | KTA | | PKI TA |
+-----+ +--------+ +-----+ +--------+
| | | |
| Signs | Signs | Signs | Signs
| | | |
+-------------+ V +-------------+ V
| | +----+ | | +----+
V V | CA | V V | CA |
+-----+ +-----+ +----+ +-----+ +-----+ +----+
skipping to change at line 265 skipping to change at line 195
| | V V | | V V
| | +-------------+ +-------------+ | | +-------------+ +-------------+
| V | Certificate | | Certificate | | V | Certificate | | Certificate |
+---|-------------+ +-------------+ | Revocation | +---|-------------+ +-------------+ | Revocation |
| V | CMS Content | List | | V | CMS Content | List |
| +-------------+ | Types +-------------+ | +-------------+ | Types +-------------+
| | Key Package | | | | Key Package | |
| +-------------+ | | +-------------+ |
+-----------------+ +-----------------+
]]></artwork> ]]></artwork>
</figure> </figure>
<t> <t>
For clients that support the CMC interface and not the EST interface, For clients that support the CMC interface and not the EST interface,
the environment includes only the PKI TAs.</t> the environment includes only the PKI TAs.</t>
</section>
</section>
<section anchor="sect-2" numbered="true" toc="default">
<name>Abstract Syntax Notation One</name>
<t>
Implementations of this specification use the 2002/2008
ASN.1 version; 2002/2008 ASN.1 modules can be found in
<xref target="RFC5911" format="default"/>, <xref target="RFC5912" format="def
ault"/>, and <xref target="RFC6268" format="default"/> (use <xref target="RFC626
8"/> for the CMS syntax), while other specifications already include the 2002/20
08 ASN.1 along
with the 1988 ASN.1. See <xref target="RFC6268" sectionFormat="of" section="
1.1" /> for a discussion
about the differences between the 2002 and 2008 ASN.1 versions.</t>
</section>
<section anchor="sect-3" numbered="true" toc="default">
<name>EST Interface</name>
</section> <t>
Client options for EST <xref target="RFC7030" format="default"/> and EST exte
</section> nsions <xref target="RFC8295" format="default"/> are
<section title="Abstract Syntax Notation One" anchor="sect-2"><t>
Implementations of this specification use the '02/'08 ASN.1 (Abstract
Syntax Notation One) version; '02/'08 ASN.1 modules can be found in
<xref target="RFC5911"/>, <xref target="RFC5912"/>, and <xref target="RFC6268
"/> (use RFC 6268 for the CMS syntax)
while other specifications already include the '02/'08 ASN.1 along
with the '88 ASN.1. See Section 1.1 of <xref target="RFC6268"/> for a discus
sion
about the differences between the '02 and '08 ASN.1 versions.</t>
</section>
<section title="EST Interface" anchor="sect-3"><t>
EST <xref target="RFC7030"/> and EST extensions <xref target="RFC8295"/> clie
nt options are
specified in this section.</t> specified in this section.</t>
<section anchor="sect-3.1" numbered="true" toc="default">
<section title="Hypertext Transfer Protocol Layer" anchor="sect-3.1"><t> <name>Hypertext Transfer Protocol Layer</name>
<t>
Clients that receive redirection responses (3xx status codes) will Clients that receive redirection responses (3xx status codes) will
terminate the connection (<xref target="RFC7030"/>, Section 3.2.1).</t> terminate the connection (<xref target="RFC7030" sectionFormat="comma" sectio
n="3.2.1"/>).</t>
<t> <t>
Per Section 2.2 of <xref target="RFC8295"/>, clients indicate the format Per <xref target="RFC8295" sectionFormat="of" section="2.2"/>, clients indica
te the format
("application/xml" or "application/json") of the PAL information ("application/xml" or "application/json") of the PAL information
(<xref target="RFC8295"/>, Section 2.1.1) via the HTTP Accept header.</t> (<xref target="RFC8295" sectionFormat="comma" section="2.1.1"/>) via the HTTP
Accept header.</t>
</section> </section>
<section anchor="sect-3.2" numbered="true" toc="default">
<section title="Transport Layer Security" anchor="sect-3.2"><t> <name>Transport Layer Security</name>
<t>
TLS implementations are configured as specified in TLS implementations are configured as specified in
<xref target="I-D.cooley-cnsa-dtls-tls-profile"/>; the notable exception is t hat only EC-based <xref target="RFC9151" format="default"/>; the notable exception is that only EC-based
algorithms are used.</t> algorithms are used.</t>
</section>
<section anchor="sect-3.3" numbered="true" toc="default">
<name>Eligibility</name>
</section> <t>
At the EST interface, servers only enroll clients that they have
<section title="Eligibility" anchor="sect-3.3"><t> established a prior relationship with independently of
At the EST interface, servers enroll only clients that they have a the EST service. To accomplish this, client owners/operators
prior established relationship with, established independently of interact in person with the human acting as the Registration
the EST service. To accomplish this, client owners/operators Authority (RA) to ensure the information included in the transmitted
interact in person with the human acting as the RA (Registration certificate request, which is sometimes called a Certificate
Authority) to ensure the information included in the transmitted Signing Request (CSR), is associated with a client. The mechanism by
certificate request, which is sometimes called a CSR (Certificate which the owner/operator interacts with the RA as well as
Signing Request), is associated with a client. The mechanism by
which the owner/operator interact with the RA as well as
the information provided is beyond the scope of this document. The the information provided is beyond the scope of this document. The
information exchanged by the owner/operator might be something as information exchanged by the owner/operator might be something as
simple as the subject name included in the to-be sent CSR or a copy simple as the subject name included in the CSR to be sent or a copy
of the certificate that will be used to verify the certificate of the certificate that will be used to verify the certificate
request, provided out-of-band.</t> request, which is provided out of band.</t>
</section>
</section> <section anchor="sect-3.4" numbered="true" toc="default">
<name>Authentication</name>
<section title="Authentication" anchor="sect-3.4"><t> <t>
Mutual authentication occurs via "Certificate TLS Authentication" Mutual authentication occurs via "Certificate TLS Authentication"
(<xref target="RFC7030"/>, Section 2.1). Clients provide their certificate t o (<xref target="RFC7030" sectionFormat="comma" section="2.2.1"/>). Clients pr ovide their certificate to
servers in the TLS Certificate message, which is sent in response to servers in the TLS Certificate message, which is sent in response to
the server's TLS Certificate Request message. Both servers and the server's TLS Certificate Request message. Both servers and
clients reject all attempts to authenticate based on certificates clients reject all attempts to authenticate based on certificates
that cannot be validated back to an installed TA.</t> that cannot be validated back to an installed TA.</t>
</section>
</section> <section anchor="sect-3.5" numbered="true" toc="default">
<name>Authorization</name>
<section title="Authorization" anchor="sect-3.5"><t> <t>
Clients always use an explicit TA database (<xref target="RFC7030"/>, <xref t Clients always use an explicit TA database (<xref target="RFC7030" sectionFor
arget="sect-3.6.1"/>). At a minimum, clients support two TAs; one for the PKI a mat="comma" section="3.6.1"/>). At a minimum, clients support two TAs: one for
nd the PKI and
one for symmetric keys.</t> one for symmetric keys.</t>
<t>
<t>
Clients check that the server's certificate includes the id-kp-cmcRA Clients check that the server's certificate includes the id-kp-cmcRA
EKU (Extended Key Usage) value (<xref target="RFC6402"/>, Section 2.10).</t> Extended Key Usage (EKU) value (<xref target="RFC6402" sectionFormat="comma" section="2.10"/>).</t>
<t> <t>
Clients that support processing the CMS Content Constraints extension Clients that support processing of the CMS Content Constraints extension
<xref target="RFC6010"/> ensure returned CMS content is from an SOA or is fro <xref target="RFC6010" format="default"/> ensure returned CMS content is from
m an an SOA or an
entity authorized by an SOA for that CMS content; see Section 6.0 for entity authorized by an SOA for that CMS content; see <xref target="sect-7.1"
/> for
SOA certificates.</t> SOA certificates.</t>
</section>
</section> <section anchor="sect-3.6" numbered="true" toc="default">
<name>EST and EST Extensions</name>
<section title="EST and EST Extensions" anchor="sect-3.6"><t> <t>
This section profiles SODP's EST <xref target="RFC7030"/> and EST Extensions This section profiles SODP's interfaces for EST <xref target="RFC7030" format
<xref target="RFC8295"/> interfaces.</t> ="default"/> and EST extensions
<xref target="RFC8295" format="default"/>.</t>
<section title="/pal" anchor="sect-3.6.1"><t> <section anchor="sect-3.6.1" numbered="true" toc="default">
The PAL (Package Availability List) is limited to 32 entries, where <name>/pal</name>
the 32nd PAL entry links to an additional PAL (i.e., is PAL Package <t>
The Package Availability List (PAL) is limited to 32 entries, where
the 32nd PAL entry links to an additional PAL (i.e., PAL Package
Type 0001).</t> Type 0001).</t>
<t>
<t> The PAL is XML <xref target="XML" format="default"/>.</t>
The PAL is XML <xref target="XML"/>.</t> </section>
<section anchor="sect-3.6.2" numbered="true" toc="default">
</section> <name>/cacerts</name>
<t>
<section title="/cacerts" anchor="sect-3.6.2"><t>
The CA certificates located in the explicit TA database are The CA certificates located in the explicit TA database are
distributed to the client when it is registered. This TA distributed to the client when it is registered. This TA
distribution mechanism is out-of-scope.</t> distribution mechanism is out of scope.</t>
<t>
<t>
CA certificates provided through this service are as specified in CA certificates provided through this service are as specified in
Sections 5 and 6 of this document.</t> Sections <xref target="sect-5" format="counter"/> and <xref target="sect-6" f
ormat="counter"/> of this document.</t>
</section> </section>
<section anchor="sect-3.6.3" numbered="true" toc="default">
<section title="/simpleenroll" anchor="sect-3.6.3"><t> <name>/simpleenroll</name>
CSRs follow the specifications in Section 4.2 of <xref target="RFC8756"/>, <t>
except that the CMC-specific Change Subject Name and CSRs follow the specifications in <xref target="RFC8756" sectionFormat="of" s
the POP Link Witness V2 attributes do not apply. Second, only ection="4.2"/>,
except that the CMC-specific ChangeSubjectName and
the POP Link Witness V2 attributes do not apply. Only
EC-based algorithms are used.</t> EC-based algorithms are used.</t>
<t>
<t>
Client certificates provided through this service are as specified in Client certificates provided through this service are as specified in
Section 7 of this document.</t> <xref target="sect-7"/> of this document.</t>
<t>
<t> The HTTP content type of "text/plain" (<xref target="RFC2046" sectionFormat="
The HTTP content-type of "text/plain" (<xref target="RFC2046"/>, <xref target comma" section="4.1"/>) is
="sect-4.1"/>) is used to return human-readable errors.</t>
used to return human readable errors.</t> </section>
<section anchor="sect-3.6.4" numbered="true" toc="default">
</section> <name>/simplereenroll</name>
<t>
<section title="/simplereenroll" anchor="sect-3.6.4"><t>
There are no additional requirements for requests beyond those There are no additional requirements for requests beyond those
specified in Sections 3.4 and 3.6.3 of this document.</t> specified in Sections <xref target="sect-3.4" format="counter"/> and <xref ta
rget="sect-3.6.3" format="counter"/> of this document.</t>
<t> <t>
The HTTP content-type of "text/plain" (<xref target="RFC2046"/>, <xref target The HTTP content type of "text/plain" (<xref target="RFC2046" sectionFormat="
="sect-4.1"/>) is comma" section="4.1"/>) is
used to return human readable errors.</t> used to return human-readable errors.</t>
</section>
</section> <section anchor="sect-3.6.5" numbered="true" toc="default">
<name>/fullcmc</name>
<section title="/fullcmc" anchor="sect-3.6.5"><t> <t>
Requests are as specified in <xref target="RFC8756"/> with the notable Requests are as specified in <xref target="RFC8756" format="default"/> with t
he notable
exception that only EC-based algorithms are used.</t> exception that only EC-based algorithms are used.</t>
<t>
<t>
Additional attributes for returned CMS packages can be found in Additional attributes for returned CMS packages can be found in
<xref target="RFC7906"/>.</t> <xref target="RFC7906" format="default"/>.</t>
<t>
<t>
Certificates provided through this service are as specified in Certificates provided through this service are as specified in
Section 7 of this document.</t> <xref target="sect-7"/> of this document.</t>
</section>
</section> <section anchor="sect-3.6.6" numbered="true" toc="default">
<name>/serverkeygen</name>
<section title="/serverkeygen" anchor="sect-3.6.6"><t> <t>
PKCS#12 <xref target="RFC7292"/>, sometimes referred to as "PFX" (Personal PKCS#12 <xref target="RFC7292" format="default"/> -- sometimes referred to as
inFormation eXchange), "P12", and "PKCS#12" files, are used to "PFX" (Personal
Information Exchange) or "P12" -- is used to
provide server-generated asymmetric private keys and the associated provide server-generated asymmetric private keys and the associated
certificate to clients. This interface is a one-way interface as the certificate to clients. This interface is a one-way interface as the
RA requests these from the server.</t> RA requests these from the server.</t>
<t>
<t> PFXs <xref target="RFC7292" format="default"/> are exchanged using both passw
PFXs <xref target="RFC7292"/> are exchanged using both password privacy mode ord privacy mode and
and
integrity password mode. The PRF algorithm for PBKDF2 (the KDF for integrity password mode. The PRF algorithm for PBKDF2 (the KDF for
PBES2 and PBMAC1) is HMAC-SHA-384 and the PBES2 encryption scheme is PBES2 and PBMAC1) is HMAC-SHA-384, and the PBES2 encryption scheme is
AES-256.</t> AES-256.</t>
<t>
<t> The HTTP content type of "text/plain" (<xref target="RFC2046" sectionFormat="
The HTTP content-type of "text/plain" (<xref target="RFC2046"/>, <xref target comma" section="4.1"/>) is
="sect-4.1"/>) is used to return human-readable errors.</t>
used to return human readable errors.</t> <t>
<t>
/serverkeygen/return is not supported at this time.</t> /serverkeygen/return is not supported at this time.</t>
</section>
<section anchor="sect-3.6.7" numbered="true" toc="default">
<name>/csrattrs</name>
</section> <t>
Clients use this service to retrieve partially filled PKIRequests
<section title="/csrattrs" anchor="sect-3.6.7"><t> with no public key or proof-of-possession signature,
Clients use this service to retrieve partially filled PKIRequests: i.e., their values are set to zero length, either a zero length BIT
PKIRequests with no public key or proof-of-possession signature, STRING or OCTET STRING. The pKCS7PDU attribute, defined in
i.e., their values are set to zero length either a zero length BIT <xref target="RFC2985" format="default"/>, includes the partially filled PKIR
STRING or OCTET STRING. The pKCS7PDU attribute, defined in equest as the only
<xref target="RFC2985"/>, includes the partially filled PKIRequest as the onl
y
element in the CsrAttrs sequence. Even though the CsrAttrs syntax is element in the CsrAttrs sequence. Even though the CsrAttrs syntax is
defined as a set, there is only ever exactly one instance of values defined as a set, there is only ever exactly one instance of values
present.</t> present.</t>
</section>
</section> <section anchor="sect-3.6.8" numbered="true" toc="default">
<name>/crls</name>
<section title="/crls" anchor="sect-3.6.8"><t> <t>
CRLs provided through this service are as specified in Section 9 of CRLs provided through this service are as specified in <xref target="sect-9"/
> of
this document.</t> this document.</t>
</section>
<section anchor="sect-3.6.9" numbered="true" toc="default">
<name>/symmetrickeys</name>
</section> <t>
Clients that claim to support SODP interoperation will be able to process
the following messages from an SODP server: </t>
<section title="/symmetrickeys" anchor="sect-3.6.9"><t> <ul>
Clients that claim to support SODP-interoperation will be able to process <li>additional encryption and origin
the following messages from a SODP server: additional encryption and origin authentication (<xref target="RFC8295" sectionFormat="comma" section="5"/>);
authentication (<xref target="RFC8295"/>, <xref target="sect-5"/>); server-pr and
ovided Symmetric Key </li>
Content Type <xref target="RFC6032"/> encapsulated in an Encrypted Key Conten <li>server-provided Symmetric Key
t Type using Content Type <xref target="RFC6032" format="default"/> encapsulated in an Enc
the EnvelopedData choice <xref target="RFC6033"/> with a SOA certificate that rypted Key Content Type using
includes the the EnvelopedData choice <xref target="RFC6033" format="default"/> with an SO
CMS Content Constraints extension (see <xref target="sect-7.1"/>).</t> A certificate that includes the
CMS Content Constraints extension (see <xref target="sect-7.1" format="defaul
t"/>).</li>
</ul>
<t> <t>
Client-supported algorithms to decrypt the server-returned symmetric Client-supported algorithms to decrypt the server-returned symmetric
key are as follows: key are as follows:
</t>
<list style="hanging" hangIndent="6"> <ul>
<li>Message Digest: See <xref target="RFC8755" sectionFormat="of" se
<t hangText="Message Digest:"> See Section 5 of <xref ction="4"/>.</li>
target="RFC8755"/>.</t> <li>Digital Signature Algorithm: See <xref target="RFC8755" sectionF
ormat="of" section="5"/>.</li>
<t hangText="Digital Signature Algorithm:"> See Section 6.1 of <xref <li>Key Agreement: See <xref target="RFC8755" sectionFormat="of" sec
target="RFC8755"/>.</t> tion="6.1"/>.</li>
<li>Key Wrap: AES-256 Key Wrap with Padding <xref target="RFC6033"
<t hangText="Key Agreement:"> See Section 7.1 of <xref format="default"/> is used. AES-128 Key Wrap with Padding is not
target="RFC8755"/>.</t> used.</li>
<li>Content Encryption: AES-256 Key Wrap with Padding <xref
<t hangText="Key Wrap:"> AES-256 Key Wrap with Padding <xref target="RFC6033" format="default"/> is used. AES-128 Key Wrap with
target="RFC6033"/> is used. AES-128 Key Wrap with Padding is not Padding is not used.</li>
used.</t> </ul>
<t>
<t hangText="Content Encryption:"> AES-256 Key Wrap with Padding <xref
target="RFC6033"/> is used. AES-128 Key Wrap with Padding is not
used.</t>
</list>
</t>
<t>
/symmetrickeys/return is not used at this time.</t> /symmetrickeys/return is not used at this time.</t>
</section>
<section anchor="sect-3.6.10" numbered="true" toc="default">
<name>/eecerts, /firmware, /tamp</name>
<t>
/eecerts, /firmware, and /tamp are not used at this time.</t>
</section>
</section>
</section>
<section anchor="sect-4" numbered="true" toc="default">
<name>CMC Interface</name>
<t>
Client options for CMC <xref target="RFC5274" format="default"/> <xref target
="RFC6402" format="default"/> are specified in this section.</t>
<section anchor="sect-4.1" numbered="true" toc="default">
<name>RFC 5273 Transport Protocols</name>
</section> <t>
Clients only use the HTTPS-based transport. The TLS implementation
<section title="/eecerts, /firmware, /tamp" anchor="sect-3.6.10"><t> and configuration are as specified in <xref target="RFC9151" format="default"
/eecerts, /firmware, /tamp are not used at this time.</t> />, with the
notable exception that only EC-based algorithms are used.</t>
</section> <t>
</section>
</section>
<section title="CMC Interface" anchor="sect-4"><t>
CMC <xref target="RFC5274"/><xref target="RFC6402"/> clients options are spec
ified in this section.</t>
<section title="RFC 5273 Transport Protocols" anchor="sect-4.1"><t>
Clients use only the HTTPS-based transport; the TLS implementation
and configuration is as specified in <xref target="I-D.cooley-cnsa-dtls-tls-p
rofile"/>; the
notable exceptions are that only EC-based algorithms are used.</t>
<t>
Clients that receive HTTP redirection responses (3xx status codes) Clients that receive HTTP redirection responses (3xx status codes)
will terminate the connection (<xref target="RFC7030"/>, Section 3.2.1).</t> will terminate the connection (<xref target="RFC7030" sectionFormat="comma" s
ection="3.2.1"/>).</t>
</section> </section>
<section anchor="sect-4.2" numbered="true" toc="default">
<section title="Eligibility" anchor="sect-4.2"><t> <name>Eligibility</name>
At the CMC interface, servers enroll only clients that they have a <t>
prior established relationship with, established independently of At the CMC interface, servers only enroll clients that they have
the EST service. To accomplish this, client owners/operators established a prior relationship with independently of
interact in person with the human acting as the RA (Registration the EST service. To accomplish this, client owners/operators
Authority) to ensure the information included in the transmitted interact in person with the human acting as the Registration
certificate request, which is sometimes called a CSR (Certificate Authority (RA) to ensure the information included in the transmitted
Signing Request), is associated with a client. The mechanism by certificate request, which is sometimes called a Certificate
which the owner/operator interact with the RA as well as the Signing Request (CSR), is associated with a client. The mechanism by
which the owner/operator interacts with the RA as well as the
information provided is beyond the scope of this document. The information provided is beyond the scope of this document. The
information exchanged by the owner/operator might be something as information exchanged by the owner/operator might be something as
simple as the subject name included in the to-be sent CSR or a copy simple as the subject name included in the CSR to be sent or a copy
of the certificate that will be used to verify the certificate of the certificate that will be used to verify the certificate
request, provided out-of-band.</t> request, which is provided out of band.</t>
</section>
</section> <section anchor="sect-4.3" numbered="true" toc="default">
<name>Authentication</name>
<section title="Authentication" anchor="sect-4.3"><t> <t>
Mutual authentication occurs via client and server signing of CMC Mutual authentication occurs via client and server signing of CMC
protocol elements, as required by <xref target="RFC8756"/>. All such protocol elements, as required by <xref target="RFC8756" format="default"/>.
signatures must be validated against an installed TA; any that fail All such
signatures are validated against an installed TA; any that fail
validation are rejected.</t> validation are rejected.</t>
</section>
</section> <section anchor="sect-4.4" numbered="true" toc="default">
<name>Authorization</name>
<section title="Authorization" anchor="sect-4.4"><t> <t>
Clients support the simultaneous presence of as many TAs as are Clients support the simultaneous presence of as many TAs as are
required for all of the functions of the client, and only these TAs.</t> required for all of the functions of the client, and only these TAs.</t>
<t>
<t>
Clients check that the server's certificate includes the id-kp-cmcRA Clients check that the server's certificate includes the id-kp-cmcRA
EKU (Extended Key Usage) value <xref target="RFC6402"/>, Section 2.10.</t> Extended Key Usage (EKU) value (<xref target="RFC6402" sectionFormat="comma"
section="2.10"/>).</t>
<t> <t>
Clients that support processing the CMS Content Constraints extension Clients that support processing of the CMS Content Constraints extension
<xref target="RFC6010"/> ensure returned CMS content is from an SOA or is fro <xref target="RFC6010" format="default"/> ensure returned CMS content is from
m an an SOA or an
entity authorized by an SOA for that CMS content; see Section 6.0 for entity authorized by an SOA for that CMS content; see <xref target="sect-7.1"
SOA certificates</t> /> for
SOA certificates.</t>
</section>
<section title="Full PKI Requests/Responses" anchor="sect-4.5"><t> </section>
Requests are as specified in <xref target="RFC8756"/> with the notable <section anchor="sect-4.5" numbered="true" toc="default">
<name>Full PKI Requests/Responses</name>
<t>
Requests are as specified in <xref target="RFC8756" format="default"/> with t
he notable
exception that only EC-based algorithms are used.</t> exception that only EC-based algorithms are used.</t>
<t> <t>
Additional attributes for returned CMC packages can be found in Additional attributes for returned CMS packages can be found in
<xref target="RFC7906"/>.</t> <xref target="RFC7906" format="default"/>.</t>
<t>
<t> Certificates provided through this service are as specified in <xref target="
Certificates provided through this service are as specified in sect-7"/> of this document.</t>
Section 7 of this document.</t> </section>
</section>
</section> <section anchor="sect-5" numbered="true" toc="default">
<name>Trust Anchor Profile</name>
</section> <t>
Clients are free to store the TA in the format of their choosing;
<section title="Trust Anchor Profile" anchor="sect-5"><t>
Clients are free to store the TA in format of their choosing;
however, servers provide TA information in the form of self-signed CA however, servers provide TA information in the form of self-signed CA
certificates. This section documents requirements for self-signed certificates. This section documents requirements for self-signed
certificates in addition to those specified in <xref target="RFC8603"/>, whic certificates in addition to those specified in <xref target="RFC8603" format=
h in "default"/>, which in
turn specifies requirements in addition to those in <xref target="RFC5280"/>. turn specifies requirements in addition to those in <xref target="RFC5280" fo
</t> rmat="default"/>.</t>
<t>
<t>
Only EC-based algorithms are used.</t> Only EC-based algorithms are used.</t>
<t>
<t>
Issuer and subject names are composed of only the following naming Issuer and subject names are composed of only the following naming
attributes: country name, domain component, organization name, attributes: country name, domain component, organization name,
organizational unit name, common name, state or province name, organizational unit name, common name, state or province name,
distinguished name qualifier, and serial number.</t> distinguished name qualifier, and serial number.</t>
<t>
<t>
In the Subject Key Identifier extension, the keyIdentifier is the 64 In the Subject Key Identifier extension, the keyIdentifier is the 64
low-order bits of the subject's subjectPublicKey field.</t> low-order bits of the subject's subjectPublicKey field.</t>
<t>
<t>
In the Key Usage extension, the nonRepudiation bit is never set.</t> In the Key Usage extension, the nonRepudiation bit is never set.</t>
</section>
</section> <section anchor="sect-6" numbered="true" toc="default">
<name>Non-Self-Signed Certification Authority Certificate Profile</name>
<section title="Non-Self-Signed Certification Authority Certificate Profi <t>
le" anchor="sect-6"><t> This section documents requirements for non-self-signed CA
This section documents requirements for non-self signed CA certificates in addition to those specified in <xref target="RFC8603" format=
certificates in addition to those specified in <xref target="RFC8603"/>, whic "default"/>, which in
h in turn specifies requirements in addition to those in <xref target="RFC5280" fo
turn specifies requirements in addition to those in <xref target="RFC5280"/>. rmat="default"/>.</t>
</t> <t>
<t>
Only EC-based algorithms are used.</t> Only EC-based algorithms are used.</t>
<t>
<t>
Subject names are composed of only the following naming attributes: Subject names are composed of only the following naming attributes:
country name, domain component, organization name, organizational country name, domain component, organization name, organizational
unit name, common name, state or province name, distinguished name unit name, common name, state or province name, distinguished name
qualifier, and serial number.</t> qualifier, and serial number.</t>
<t>
<t>
In the Authority Key Identifier extension, the keyIdentifier choice In the Authority Key Identifier extension, the keyIdentifier choice
is always used. The keyIdentifier is the 64 low-order bits of the is always used. The keyIdentifier is the 64 low-order bits of the
issuer's subjectPublicKey field.</t> issuer's subjectPublicKey field.</t>
<t>
<t>
In the Subject Key Identifier extension, the keyIdentifier is the 64 In the Subject Key Identifier extension, the keyIdentifier is the 64
low-order bits of the subject's subjectPublicKey field.</t> low-order bits of the subject's subjectPublicKey field.</t>
<t>
<t>
In the Key Usage extension, the nonRepudiation bit is never set.</t> In the Key Usage extension, the nonRepudiation bit is never set.</t>
<t>
<t> The Certificate Policies extension is always included, and
The Certificate Policies extension is always included and
policyQualifiers are never used.</t> policyQualifiers are never used.</t>
<t>Non-self-signed CA certificates can also include the following:</t>
<t>Non-self-signed CA certificates can also include the following:</t> <dl newline="false" spacing="normal" indent="3">
<dt>Name Constraints:</dt>
<t><list style="hanging" hangIndent="6"> <dd> permittedSubtrees constraints are
included, and excludedSubstree constraints are not. Of the
<t hangText="Name Constraints:"> permittedSubtrees constraints are
included and excludedSubstree constraints are not. Of the
GeneralName choices, issuers support the following: rfc822Name, GeneralName choices, issuers support the following: rfc822Name,
dNSName, uniformResourceIdentifier, and iPAddress (both IPv4 and dNSName, uniformResourceIdentifier, and iPAddress (both IPv4 and
IPv6) as well as hardwareModuleName, which is defined in <xref IPv6) as well as hardwareModuleName, which is defined in <xref target="
target="RFC4108"/>. Note that rfc822Name, dNSName, and RFC4108" format="default"/>. Note that rfc822Name, dNSName, and
uniformResourceIdentifier are defined as IA5 strings and the uniformResourceIdentifier are defined as IA5 strings, and the
character sets allowed is not uniform amongst these three name character sets allowed are not uniform amongst these three name
forms.</t> forms.</dd>
<dt>CRL Distribution Points:</dt>
<t hangText="CRL Distribution Points:"> A distributionPoint is <dd> A distributionPoint is
always the fullName choice; the uniformResourceIdentifier always the fullName choice. The uniformResourceIdentifier
GeneralName choice is always included but others can also be used as GeneralName choice is always included, but others can also be used as
long as the first element in the sequence of CRLDistributionPoints long as the first element in the sequence of CRLDistributionPoints
is the uniformResourceIdentifier choice; the reasons and CRLIssuer is the uniformResourceIdentifier choice. The reasons and cRLIssuer
fields are never populated. This extension is never marked fields are never populated. This extension is never marked as
critical.</t> critical.</dd>
<dt>Authority Information Access:</dt>
<t hangText="Authority Information Access:"> Only one instance of <dd> Only one instance of
AccessDescription is included. accessMethod is id-caIssuers and AccessDescription is included. accessMethod is id-caIssuers, and
accessLocation's GeneralName is always the uniformResourceIdentifier accessLocation's GeneralName is always the uniformResourceIdentifier
choice.</t> choice.</dd>
<dt>Extended Key Usage:</dt>
<t hangText="Extended Key Usage:"> EST servers and RAs include the <dd> EST servers and RAs include the
id-kp-cmcRA EKU and the CAs include the id-kp-cmcCA, which are both id-kp-cmcRA EKU, and the CAs include the id-kp-cmcCA, which are both
specified in <xref target="RFC6402"/>.</t> specified in <xref target="RFC6402" format="default"/>.</dd>
</dl>
</list>
</t>
<t> <t>
Issuers include the Authority Clearance Constraints extension <xref target="R Issuers include the Authority Clearance Constraints extension <xref target="R
FC5913"/> in FC5913" format="default"/> in
non-self-signed CA certificates that are issued to non-SOAs; values for the non-self-signed CA certificates that are issued to non-SOAs; values for the
CP (Certificate Policy) OID (Object IDentifier) and the supported classList Certificate Policy (CP) Object Identifier (OID) and the supported classList
values are found in the Issuer's CP. Criticality is determined by the values are found in the issuer's CP. Criticality is determined by the
issuer and a securityCategories is never included. Only one instance of issuer, and a securityCategories is never included. Only one instance of
Clearance is generated in the AuthorityClearanceConstraints sequence.</t> Clearance is generated in the AuthorityClearanceConstraints sequence.</t>
<t>
<t>
Issuers include a critical CMS Content Constraints extension Issuers include a critical CMS Content Constraints extension
<xref target="RFC6010"/> in CA certificates used to issue SOA certificates; <xref target="RFC6010" format="default"/> in CA certificates used to issue SO A certificates;
this is necessary to enable enforcement of scope of the SOA this is necessary to enable enforcement of scope of the SOA
authority. The content types included depend on the packages the authority. The content types included depend on the packages the
SOA sources, but include key packages (i.e., Encrypted Key Packages, SOA sources but include key packages (i.e., Encrypted Key Packages,
Symmetric Key Packages, and Asymmetric Key Packages).</t> Symmetric Key Packages, and Asymmetric Key Packages).</t>
</section>
</section> <section anchor="sect-7" numbered="true" toc="default">
<name>End-Entity Certificate Profile</name>
<section title="End-Entity Certificate Profile" anchor="sect-7"><t> <t>
This section documents requirements for EE signature and key This section documents requirements for EE signature and key
establishment certificates in addition to those listed in <xref target="RFC86 03"/>, establishment certificates in addition to those listed in <xref target="RFC86 03" format="default"/>,
which in turn specifies requirements in addition to those in which in turn specifies requirements in addition to those in
<xref target="RFC5280"/>.</t> <xref target="RFC5280" format="default"/>.</t>
<t>
<t>
Only EC-based algorithms are used.</t> Only EC-based algorithms are used.</t>
<t>
<t>
Subject names are composed of the following naming attributes: Subject names are composed of the following naming attributes:
country name, domain component, organization name, organizational country name, domain component, organization name, organizational
unit name, common name, state or province name, distinguished name unit name, common name, state or province name, distinguished name
qualifier, and serial number.</t> qualifier, and serial number.</t>
<t>
<t>
In the Authority Key Identifier extension, the keyIdentifier choice In the Authority Key Identifier extension, the keyIdentifier choice
is always used. The keyIdentifier is the 64 low-order bits of the is always used. The keyIdentifier is the 64 low-order bits of the
issuer's subjectPublicKey field.</t> issuer's subjectPublicKey field.</t>
<t>
<t>
In the Subject Key Identifier extension, the keyIdentifier is the 64 In the Subject Key Identifier extension, the keyIdentifier is the 64
low-order bits of the subject's subjectPublicKey field.</t> low-order bits of the subject's subjectPublicKey field.</t>
<t>
<t>
In the Key Usage extension, signature certificates only assert In the Key Usage extension, signature certificates only assert
digitalSignature and key establishment certificates only assert digitalSignature, and key establishment certificates only assert
keyAgreement.</t> keyAgreement.</t>
<t>
<t> The Certificate Policies extension is always included, and
The Certificate Policies extension is always included and
policyQualifiers are never used.</t> policyQualifiers are never used.</t>
<t>
<t>
When included, the non-critical CRL Distribution Point extension's When included, the non-critical CRL Distribution Point extension's
distributionPoint is always identified by the fullName choice; the distributionPoint is always identified by the fullName choice. The
uniformResourceIdentifier GeneralName choice is always included but uniformResourceIdentifier GeneralName choice is always included, but
others can also be used as long as the first element in the sequence others can also be used as long as the first element in the sequence
of distribution points is the URI choice and it is an HTTP/HTTPS of distribution points is the URI choice and it is an HTTP/HTTPS
scheme; the reasons and cRLIssuer fields are never populated.</t> scheme. The reasons and cRLIssuer fields are never populated.</t>
<t>
<t>
The following subsections provide additional requirements for the The following subsections provide additional requirements for the
different types of EE certificates.</t> different types of EE certificates.</t>
<section anchor="sect-7.1" numbered="true" toc="default">
<section title="Source of Authority Certificate Profile" anchor="sect-7.1 <name>Source of Authority Certificate Profile</name>
"><t> <t>
This section specifies the format for SOA certificates, i.e., This section specifies the format for SOA certificates, i.e., certificates
certificates issued to those entities that are authorized to create, issued to those entities that are authorized to create, digitally sign,
digitally sign, encrypt, and distribute key packages; these encrypt, and distribute packages; these certificates are issued by non-PKI
certificates are issued by non-PKI TAs.</t> TAs.</t>
<t>
<t>
The Subject Alternative Name extension is always included. The The Subject Alternative Name extension is always included. The
following choices are supported rfc822Name, dnsName, ediPartyName, following choices are supported: rfc822Name, dNSName, ediPartyName,
uniformResourceIdentifier, or ipAddress (both IPv4 and IPv6). This uniformResourceIdentifier, or iPAddress (both IPv4 and IPv6). This
extension is never critical.</t> extension is never critical.</t>
<t>
<t> A critical CMS Content Constraints extension <xref target="RFC6010" format="d
A critical CMS Content Constraints extension <xref target="RFC6010"/> is incl efault"/> is included in
uded in
SOA signature certificates. The content types included depend on the SOA signature certificates. The content types included depend on the
packages the SOA sources (e.g., Encrypted Key Packages, Symmetric Key packages the SOA sources (e.g., Encrypted Key Packages, Symmetric Key
Packages, Asymmetric Key Packages).</t> Packages, and Asymmetric Key Packages).</t>
</section>
</section> <section anchor="sect-7.2" numbered="true" toc="default">
<name>Client Certificate Profile</name>
<section title="Client Certificate Profile" anchor="sect-7.2"><t> <t>
This section specifies the format for certificates issued to clients.</t> This section specifies the format for certificates issued to clients.</t>
<t>
<t>
A non-critical Subject Directory Attributes extension is always A non-critical Subject Directory Attributes extension is always
included with the following attributes: included with the following attributes:
<list style="symbols"> </t>
<ul spacing="normal">
<t>Device Owner <xref target="RFC5916"/></t> <li>Device Owner <xref target="RFC5916" format="default"/></li>
<li>Clearance Sponsor <xref target="RFC5917" format="default"/></li>
<t>Clearance Sponsor <xref target="RFC5917"/></t> <li>Clearance <xref target="RFC5913" format="default"/></li>
</ul>
<t>Clearance <xref target="RFC5913"/></t> <t>
</list>
</t>
<t>
The following extensions are also included at the discretion of the The following extensions are also included at the discretion of the
CA: CA:
<list style="symbols"> </t>
<t>The Authority Information Access extension with only one instance
of the accessMethod id-caIssuers and the accessLocation's
GeneralName using the uniformResourceIdentifier choice.</t>
<t>A non-critical Subject Alternative Name extension that includes
the hardwareModuleName form <xref target="RFC4108"/>, rfc822Name, or
uniformResourceIdentifier.</t>
<t>A critical Subject Alternative Name extension that includes: <ul spacing="normal">
<li> The Authority Information Access extension with only one instance
of
AccessDescription included. accessMethod is id-caIssuers, and
accessLocation’s GeneralName is always the uniformResourceIdentifier
choice.
</li>
<li>A non-critical Subject Alternative Name extension that includes
the hardwareModuleName form <xref target="RFC4108" format="default"/>,
rfc822Name, or
uniformResourceIdentifier.</li>
<li>A critical Subject Alternative Name extension that includes
dNSName, rfc822Name, ediPartyName, uniformResourceIdentifier, or dNSName, rfc822Name, ediPartyName, uniformResourceIdentifier, or
ipAddress (both IPv4 and IPv6).</t> iPAddress (both IPv4 and IPv6).</li>
</ul>
</list> </section>
</t> </section>
<section anchor="sect-8" numbered="true" toc="default">
</section> <name>Relying Party Applications</name>
<t>
</section> This section documents requirements for Relying Parties (RPs) in
addition to those listed in <xref target="RFC8603" format="default"/>, which
<section title="Relying Party Applications" anchor="sect-8"><t> in turn specifies
This section documents requirements for RPs (Relying Parties) in requirements in addition to those in <xref target="RFC5280" format="default"/
addition to those listed in <xref target="RFC8603"/>, which in turn specifies >.</t>
requirements in addition to those in <xref target="RFC5280"/>.</t> <t>
<t>
Only EC-based algorithms are used.</t> Only EC-based algorithms are used.</t>
<t>
<t>
RPs support the Authority Key Identifier and the Subject Key RPs support the Authority Key Identifier and the Subject Key
Identifier extensions.</t> Identifier extensions.</t>
<t>
<t>
RPs should support the following extensions: CRL Distribution Points, RPs should support the following extensions: CRL Distribution Points,
Authority Information Access, Subject Directory Attribute, Authority Authority Information Access, Subject Directory Attribute, Authority
Clearance Constraints, and CMS Content Constraints extensions.</t> Clearance Constraints, and CMS Content Constraints.</t>
<t>
<t>
Within the Subject Directory Attribute extension, RPs should support Within the Subject Directory Attribute extension, RPs should support
the Clearance Sponsor, Clearance, and Device Owner attributes.</t> the Clearance Sponsor, Clearance, and Device Owner attributes.</t>
<t>
<t>
RPs support the id-kp-cmcRA and id-kp-cmcCA EKUs.</t> RPs support the id-kp-cmcRA and id-kp-cmcCA EKUs.</t>
<t>
<t>
Failure to support extensions in this section might limit the Failure to support extensions in this section might limit the
suitability of a device for certain applications.</t> suitability of a device for certain applications.</t>
</section>
</section> <section anchor="sect-9" numbered="true" toc="default">
<name>CRL Profile</name>
<section title="CRL Profile" anchor="sect-9"><t> <t>
This section documents requirements for CRLs in addition to those This section documents requirements for CRLs in addition to those
listed in <xref target="RFC8603"/>, which in turn specifies requirements in a listed in <xref target="RFC8603" format="default"/>, which in turn specifies
ddition requirements in addition
to those in <xref target="RFC5280"/>.</t> to those in <xref target="RFC5280" format="default"/>.</t>
<t>
<t>
Only EC-based algorithms are used.</t> Only EC-based algorithms are used.</t>
<t>
<t>
Two types of CRLs are produced: complete base CRLs and partitioned Two types of CRLs are produced: complete base CRLs and partitioned
base CRLs.</t> base CRLs.</t>
<t>
<t> crlEntryExtensions are never included, and the reasons and cRLIssuer
crlEntryExtensions are never included and the reasons and cRLIssuer
fields are never populated.</t> fields are never populated.</t>
<t>All CRLs include the following CRL extensions:
<t>All CRLs include the following CRL extensions: </t>
<ul spacing="normal">
<list style="symbols"> <li>The Authority Key Identifier extension: The keyIdentifier is the
64 low-order bits of the issuer's subjectPublicKey field.</li>
<t>The Authority Key Identifier extension: The keyIdentifier is the <li>As per <xref target="RFC5280" format="default"/>, the CRL Number ext
64 low-order bits of the issuer's subjectPublicKey field.</t> ension.</li>
</ul>
<t>As per <xref target="RFC5280"/>, the CRL Number extension.</t>
</list></t>
<t> <t>
The only other extension included in partitioned base CRLs is the The only other extension included in partitioned base CRLs is the
Issuing Distribution Point extension. The distributionPoint is Issuing Distribution Point extension. The distributionPoint is
always identified by the fullName choice; the always identified by the fullName choice. The
uniformResourceIdenifier GeneralName choice is always included but uniformResourceIdentifier GeneralName choice is always included, but
others can also be used as long as the first element in the sequence others can also be used as long as the first element in the sequence
of distribution points is the uniformResourceIdenifier choice and the of distribution points is the uniformResourceIdentifier choice and the
scheme is an HTTP/HTTPS scheme; all other fields are omitted.</t> scheme is an HTTP/HTTPS scheme. All other fields are omitted.</t>
</section>
</section> <section anchor="sect-10" numbered="true" toc="default">
<name>IANA Considerations</name>
<section title="IANA Considerations" anchor="sect-10"><t> <t>
None.</t> This document has no IANA actions.</t>
</section>
</section> <section anchor="sect-11" numbered="true" toc="default">
<name>Security Considerations</name>
<section title="Security Considerations" anchor="sect-11"><t> <t>
This entire document is about security. This document profiles the This entire document is about security. This document profiles the
use of many protocols and services: EST, CMC, and PKCS#10/#7/#12 as use of many protocols and services: EST, CMC, and PKCS#10/#7/#12 as
well as certificates, CRLs, and their extensions <xref target="RFC5280"/>. T well as certificates, CRLs, and their extensions <xref target="RFC5280" forma
hese t="default"/>.
have been referred to throughout this document and those These have been cited throughout this document, and the
specifications should be consulted for security considerations specifications identified by those citations should be consulted
related to implemented protocol and services.</t> for security considerations related to implemented protocols
and services.</t>
</section> </section>
</middle>
</middle> <back>
<references>
<name>References</name>
<references>
<name>Normative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2046.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2985.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2986.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.3739.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.4108.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5274.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5280.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5652.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5911.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5912.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5913.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5915.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5916.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5917.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5958.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5959.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6010.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6031.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6032.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6033.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6160.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6161.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6162.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6268.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.6402.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7030.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7191.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7192.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7292.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7906.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8295.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8603.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8755.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8756.xml"/>
<back> <reference anchor="XML" target="https://www.w3.org/TR/2008/REC-xml-20081
<references title="Normative References"> 126/">
&RFC2046; <front>
&RFC2985; <title>Extensible Markup Language (XML) 1.0 (Fifth Edition)</title>
&RFC2986; <author initials="T." surname="Bray" fullname="Tim Bray">
&RFC3739;
&RFC4108;
&RFC5274;
&RFC5280;
&RFC5652;
&RFC5911;
&RFC5912;
&RFC5913;
&RFC5915;
&RFC5916;
&RFC5917;
&RFC5958;
&RFC5959;
&RFC6010;
&RFC6031;
&RFC6032;
&RFC6033;
&RFC6160;
&RFC6161;
&RFC6162;
&RFC6268;
&RFC6402;
&RFC7030;
&RFC7191;
&RFC7192;
&RFC7292;
&RFC7906;
&RFC8295;
&RFC8603;
&RFC8755;
&RFC8756;
<reference anchor="XML" target="https://www.w3.org/TR/2008/REC-xml-200811
26/"><front>
<title>Extensible Markup Language (XML) 1.0 (Fifth Edition)</title>
<author initials="T." surname="Bray" fullname="T. Bray">
</author> </author>
<author initials="J." surname="Paoli" fullname="Jean Paoli">
<author initials="J." surname="Paoli" fullname="J. Paoli">
</author> </author>
<author initials="C.M." surname="Sperberg-McQueen" fullname="C.M. Sp
<author initials="M." surname="Sperberg-McQueen" fullname="M. Sperberg-Mc erberg-McQueen">
Queen">
</author> </author>
<author initials="E." surname="Maler" fullname="Eve Maler">
<author initials="E." surname="Maler" fullname="E. Maler">
</author> </author>
<author initials="F." surname="Yergeau" fullname="François Yergeau">
<author initials="F." surname="Yergeau" fullname="F. Yergeau">
</author> </author>
<date month="November" year="2008"/>
</front>
<seriesInfo name="World Wide Web Consortium Recommendation" value="REC-
xml-20081126"/>
</reference>
<date month="November" year="2008"/> <reference anchor="SP-800-59" target="https://csrc.nist.gov/publications
</front> /detail/sp/800-59/final">
<front>
<title>Guideline for Identifying an Information System as a National
Security System</title>
<author>
<organization>National Institute of Standards and Technology</orga
nization>
</author>
<date month="August" year="2003"/>
</front>
<seriesInfo name="DOI" value="10.6028/NIST.SP.800-59"/>
<seriesInfo name="NIST Special Publication" value="800-59"/>
</reference>
<seriesInfo name="World" value="Wide Web Consortium Recommendation REC-xm <reference anchor='RFC9151' target="https://www.rfc-editor.org/info/rfc9151">
l-20081126"/> <front>
</reference> <title>Commercial National Security Algorithm (CNSA) Suite Profile for TLS and D
<reference anchor="SP-800-59" target="https://csrc.nist.gov/publications/ TLS 1.2 and 1.3</title>
detail/sp/800-59/final"><front>
<title>Guideline for Identifying an Information System as a National Secu
rity System</title>
<author>
<organization>National Institute of Standards and Technology</organizatio
n>
</author>
<date month="August" year="2003"/> <author initials='D.' surname='Cooley' fullname='Dorothy Cooley'>
</front> <organization />
</author>
<seriesInfo name="SP" value="800-59"/> <date month='April' year='2022' />
</reference> </front>
&I-D.cooley-cnsa-dtls-tls-profile; <seriesInfo name="RFC" value="9151"/>
</references> <seriesInfo name="DOI" value="10.17487/RFC9151"/>
<references title="Informative References"> </reference>
&RFC2119;
</references>
</back>
</rfc> </references>
<references>
<name>Informative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2119.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8174.xml"/>
</references>
</references>
</back>
</rfc>
 End of changes. 142 change blocks. 
788 lines changed or deleted 724 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/