Network Working Group T. Kunz Request for Comments: 5698 Fraunhofer SIT Category: Standards Track S. Okunick pawisda systems GmbH U. Pordesch Fraunhofer Gesellschaft November 2009
Network Working Group T. Kunz Request for Comments: 5698 Fraunhofer SIT Category: Standards Track S. Okunick pawisda systems GmbH U. Pordesch Fraunhofer Gesellschaft November 2009
Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC)
用于加密算法(DSSC)安全适用性的数据结构
Abstract
摘要
Since cryptographic algorithms can become weak over the years, it is necessary to evaluate their security suitability. When signing or verifying data, or when encrypting or decrypting data, these evaluations must be considered. This document specifies a data structure that enables an automated analysis of the security suitability of a given cryptographic algorithm at a given point of time, which may be in the past, the present, or the future.
由于密码算法可能会随着时间的推移变得很弱,因此有必要评估它们的安全适用性。签名或验证数据时,或加密或解密数据时,必须考虑这些评估。本文件规定了一种数据结构,该结构能够在给定时间点(可能是过去、现在或将来)对给定加密算法的安全适用性进行自动分析。
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括《信托法律条款》第4.e节中所述的简化BSD许可文本,并且提供BSD许可中所述的代码组件时不提供任何担保。
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。
Table of Contents
目录
1. Introduction ....................................................4 1.1. Motivation .................................................4 1.2. Terminology ................................................5 1.2.1. Conventions Used in This Document ...................5 1.3. Use Cases ..................................................5 2. Requirements and Assumptions ....................................5 2.1. Requirements ...............................................6 2.2. Assumptions ................................................6 3. Data Structures .................................................7 3.1. SecuritySuitabilityPolicy ..................................7 3.2. PolicyName .................................................8 3.3. Publisher ..................................................9 3.4. PolicyIssueDate ............................................9 3.5. NextUpdate .................................................9 3.6. Usage ......................................................9 3.7. Algorithm ..................................................9 3.8. AlgorithmIdentifier .......................................10 3.9. Evaluation ................................................10 3.10. Parameter ................................................11 3.11. Validity .................................................12 3.12. Information ..............................................12 3.13. Signature ................................................12 4. DSSC Policies ..................................................13 5. Definition of Parameters .......................................13 6. Processing .....................................................14 6.1. Inputs ....................................................14 6.2. Verify Policy .............................................14 6.3. Algorithm Evaluation ......................................15 6.4. Evaluation of Parameters ..................................15 6.5. Output ....................................................16 7. Security Considerations ........................................16 8. IANA Considerations ............................................18 9. References .....................................................23 9.1. Normative References ......................................23 9.2. Informative References ....................................24 Appendix A. DSSC and ERS .........................................27 A.1. Verification of Evidence Records Using DSSC (Informative) .............................................27 A.2. Storing DSSC Policies in Evidence Records (Normative) .....27 Appendix B. XML Schema (Normative) ...............................28 Appendix C. ASN.1 Module in 1988 Syntax (Informative) ............30 Appendix D. ASN.1 Module in 1997 Syntax (Normative) ..............32 Appendix E. Example ..............................................34
1. Introduction ....................................................4 1.1. Motivation .................................................4 1.2. Terminology ................................................5 1.2.1. Conventions Used in This Document ...................5 1.3. Use Cases ..................................................5 2. Requirements and Assumptions ....................................5 2.1. Requirements ...............................................6 2.2. Assumptions ................................................6 3. Data Structures .................................................7 3.1. SecuritySuitabilityPolicy ..................................7 3.2. PolicyName .................................................8 3.3. Publisher ..................................................9 3.4. PolicyIssueDate ............................................9 3.5. NextUpdate .................................................9 3.6. Usage ......................................................9 3.7. Algorithm ..................................................9 3.8. AlgorithmIdentifier .......................................10 3.9. Evaluation ................................................10 3.10. Parameter ................................................11 3.11. Validity .................................................12 3.12. Information ..............................................12 3.13. Signature ................................................12 4. DSSC Policies ..................................................13 5. Definition of Parameters .......................................13 6. Processing .....................................................14 6.1. Inputs ....................................................14 6.2. Verify Policy .............................................14 6.3. Algorithm Evaluation ......................................15 6.4. Evaluation of Parameters ..................................15 6.5. Output ....................................................16 7. Security Considerations ........................................16 8. IANA Considerations ............................................18 9. References .....................................................23 9.1. Normative References ......................................23 9.2. Informative References ....................................24 Appendix A. DSSC and ERS .........................................27 A.1. Verification of Evidence Records Using DSSC (Informative) .............................................27 A.2. Storing DSSC Policies in Evidence Records (Normative) .....27 Appendix B. XML Schema (Normative) ...............................28 Appendix C. ASN.1 Module in 1988 Syntax (Informative) ............30 Appendix D. ASN.1 Module in 1997 Syntax (Normative) ..............32 Appendix E. Example ..............................................34
Digital signatures can provide data integrity and authentication. They are based on cryptographic algorithms that are required to have certain security properties. For example, hash algorithms must be resistant to collisions, and in case of public key algorithms, computation of the private key that corresponds to a given public key must be infeasible. If algorithms lack the required properties, signatures could be forged, unless they are protected by a strong cryptographic algorithm.
数字签名可以提供数据完整性和身份验证。它们基于需要具有某些安全属性的加密算法。例如,哈希算法必须能够抵抗冲突,对于公钥算法,与给定公钥对应的私钥的计算必须是不可行的。如果算法缺少所需的属性,则签名可能被伪造,除非它们受到强加密算法的保护。
Cryptographic algorithms that are used in signatures shall be selected to resist such attacks during their period of use. For signature keys included in public key certificates, this period of use is the validity period of the certificate. Cryptographic algorithms that are used for encryption shall resist such attacks during the period it is planned to keep the information confidential.
应选择用于签名的加密算法,以在其使用期间抵抗此类攻击。对于公钥证书中包含的签名密钥,此使用期限为证书的有效期。用于加密的加密算法应在计划保密期间抵抗此类攻击。
Only very few algorithms satisfy the security requirements. Besides, because of the increasing performance of computers and progresses in cryptography, algorithms or their parameters become insecure over the years. The hash algorithm MD5, for example, is unsuitable today for many purposes. A digital signature using a "weak" algorithm has no probative value, unless the "weak" algorithm has been protected by a strong algorithm before the time it was considered to be weak. Many kinds of digital signed data (including signed documents, timestamps, certificates, and revocation lists) are affected, particularly in the case of long-term archiving. Over long periods of time, it is assumed that the algorithms used in signatures become insecure.
只有极少数算法满足安全性要求。此外,由于计算机性能的提高和密码学的进步,算法或其参数多年来变得不安全。例如,散列算法MD5在许多方面都不适合今天的应用。使用“弱”算法的数字签名没有证明值,除非“弱”算法在被视为弱算法之前已受到强算法的保护。许多类型的数字签名数据(包括签名文档、时间戳、证书和吊销列表)都会受到影响,特别是在长期存档的情况下。在很长一段时间内,假设签名中使用的算法变得不安全。
For this reason, it is important to periodically evaluate an algorithm's fitness and to consider the results of these evaluations when creating and verifying signatures, or when maintaining the validity of signatures made in the past. One result is a projected validity period for the algorithm, i.e., a prediction of the period of time during which the algorithm is fit for use. This prediction can help to detect whether a weak algorithm is used in a signature and whether that signature has been properly protected in due time by another signature made using an algorithm that is suitable at the present point of time. Algorithm evaluations are made by expert committees. In Germany, the Federal Network Agency annually publishes evaluations of cryptographic algorithms [BNetzAg.2008]. Examples of other European and international evaluations are [ETSI-TS102176-1-2005] and [NIST.800-57-Part1.2006].
由于这个原因,重要的是周期性地评估算法的适合度,并在创建和验证签名时考虑这些评估的结果,或者在保持过去签名的有效性时。一个结果是算法的预测有效期,即预测算法适合使用的时间段。该预测有助于检测签名中是否使用了弱算法,以及该签名是否在适当的时候受到了另一个签名的适当保护,该签名使用了在当前时间点适用的算法。算法评估由专家委员会进行。在德国,联邦网络局每年发布加密算法评估[BNetzAg.2008]。其他欧洲和国际评估的例子有[ETSI-TS102176-1-2005]和[NIST.800-57-Part1.2006]。
These evaluations are published in documents intended to be read by humans. Therefore, to enable automated processing, it is necessary to define a data structure that expresses the content of the evaluations. This standardized data structure can be used for publication and can be interpreted by signature generation and verification tools. Algorithm evaluations are pooled in a security suitability policy. In this document, a data structure for a security suitability policy is specified. Therefore, the document provides a framework for expressing evaluations of cryptographic algorithms. This document does not attempt to catalog the security properties of cryptographic algorithms. Furthermore, no guidelines are made about which kind of algorithms shall be evaluated, for example, security suitability policies may be used to evaluate public key and hash algorithms, signature schemes, and encryption schemes.
这些评估发表在供人类阅读的文件中。因此,为了实现自动化处理,有必要定义一个表示评估内容的数据结构。这种标准化的数据结构可用于发布,并可由签名生成和验证工具进行解释。算法评估汇集在安全适用性策略中。本文件规定了安全适用性策略的数据结构。因此,本文档提供了一个表示密码算法评估的框架。本文档不尝试对加密算法的安全属性进行编目。此外,没有关于应评估哪种算法的指南,例如,安全适用性策略可用于评估公钥和散列算法、签名方案和加密方案。
Algorithm: A cryptographic algorithm, i.e., a public key or hash algorithm. For public key algorithms, this is the algorithm with its parameters, if any. Furthermore, the term "algorithm" is used for cryptographic schemes and for actually padding functions.
算法:加密算法,即公钥或哈希算法。对于公钥算法,这是带有参数的算法(如果有)。此外,术语“算法”用于加密方案和实际填充函数。
Operator: Instance that uses and interprets a policy, e.g., a signature-verification component.
运算符:使用和解释策略的实例,例如签名验证组件。
Policy: An abbreviation for security suitability policy.
策略:安全适用性策略的缩写。
Publisher: Instance that publishes the policy containing the evaluation of algorithms.
Publisher:发布包含算法评估的策略的实例。
Security suitability policy: The evaluation of cryptographic algorithms with regard to their security in a specific application area, e.g., signing or verifying data. The evaluation is published in an electronic format.
安全适用性政策:对密码算法在特定应用领域的安全性进行评估,例如,签署或验证数据。评估以电子格式发布。
Suitable algorithm: An algorithm that is evaluated against a policy and determined to be valid, i.e., resistant against attacks, at a particular point of time.
合适的算法:根据策略评估并确定在特定时间点有效(即抵抗攻击)的算法。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Some use cases for a security suitability policy are presented here.
这里介绍了安全适用性策略的一些用例。
Long-term archiving: The most important use case is long-term archiving of signed data. Algorithms or their parameters become insecure over long periods of time. Therefore, signatures of archived data and timestamps have to be periodically renewed. A policy provides information about suitable and threatened algorithms. Additionally, the policy assists in verifying archived as well as re-signed documents.
长期存档:最重要的用例是对签名数据的长期存档。算法或其参数在长时间内变得不安全。因此,存档数据的签名和时间戳必须定期更新。策略提供有关合适算法和受威胁算法的信息。此外,该策略有助于验证存档和重新签名的文档。
Services: Services may provide information about cryptographic algorithms. On the basis of a policy, a service is able to provide the date when an algorithm became insecure or presumably will become insecure, as well as information regarding which algorithms are presently valid. Verification tools or long-term archiving systems can request such services and therefore do not need to deal with the algorithm security by themselves.
服务:服务可以提供有关加密算法的信息。基于策略,服务能够提供算法变得不安全或可能变得不安全的日期,以及关于哪些算法当前有效的信息。验证工具或长期存档系统可以请求此类服务,因此无需自行处理算法安全性问题。
Long-term Archive Services (LTA) as defined in [RFC4810] may use the policy for signature renewal.
[RFC4810]中定义的长期存档服务(LTA)可使用该策略进行签名续订。
Signing and verifying: When signing documents or certificates, it must be assured that the algorithms used for signing or verifying are suitable. Accordingly, when verifying Cryptographic Message Syntax (CMS) [RFC5652] or XML signatures ([RFC3275], [ETSI-TS101903]), not only the validity of the certificates but also the validity of all involved algorithms may be checked.
签名和验证:在签署文档或证书时,必须确保用于签名或验证的算法是合适的。因此,当验证加密消息语法(CMS)[RFC5652]或XML签名([RFC3275],[ETSI-TS101903])时,不仅可以检查证书的有效性,还可以检查所有涉及算法的有效性。
Re-encryption: A security suitability policy can also be used to decide if encrypted documents must be re-encrypted because the encryption algorithm is no longer secure.
重新加密:还可以使用安全适用性策略来决定加密的文档是否必须重新加密,因为加密算法不再安全。
Section 2.1 describes general requirements for a data structure containing the security suitability of algorithms. In Section 2.2, assumptions are specified concerning both the design and the usage of the data structure.
第2.1节描述了包含算法安全适用性的数据结构的一般要求。在第2.2节中,规定了与数据结构的设计和使用有关的假设。
A policy contains a list of algorithms that have been evaluated by a publisher. An algorithm evaluation is described by its identifier, security constraints, and validity period. By these constraints, the requirements for algorithm properties must be defined, e.g., a public key algorithm is evaluated on the basis of its parameters.
策略包含已由发布者评估的算法列表。算法评估由其标识符、安全约束和有效期来描述。通过这些约束,必须定义对算法属性的要求,例如,根据其参数评估公钥算法。
Automatic interpretation: The data structure of the policy must allow automated evaluation of the security suitability of an algorithm.
自动解释:策略的数据结构必须允许自动评估算法的安全适用性。
Flexibility: The data structure must be flexible enough to support new algorithms. Future policy publications may include evaluations of algorithms that are currently unknown. It must be possible to add new algorithms with the corresponding security constraints in the data structure. Additionally, the data structure must be independent of the intended use, e.g., encryption, signing, verifying, and signature renewing. Thus, the data structure is usable in every use case.
灵活性:数据结构必须足够灵活,以支持新算法。未来的政策出版物可能包括对当前未知算法的评估。必须能够在数据结构中添加具有相应安全约束的新算法。此外,数据结构必须独立于预期用途,例如加密、签名、验证和签名更新。因此,数据结构在每个用例中都是可用的。
Source authentication: Policies may be published by different institutions, e.g., on the national or European Union (EU) level, whereas one policy needs not to be in agreement with the other one. Furthermore, organizations may undertake their own evaluations for internal purposes. For this reason a policy must be attributable to its publisher.
来源认证:政策可能由不同的机构发布,例如在国家或欧盟(EU)层面,而一项政策不需要与另一项政策一致。此外,各组织可出于内部目的自行进行评估。因此,策略必须归因于其发布者。
Integrity and authenticity: It must be possible to assure the integrity and authenticity of a published security suitability policy. Additionally, the date of issue must be identifiable.
完整性和真实性:必须能够确保已发布的安全适用性策略的完整性和真实性。此外,发行日期必须可识别。
It is assumed that a policy contains the evaluations of all currently known algorithms, including the expired ones.
假设策略包含所有当前已知算法的评估,包括过期算法。
An algorithm is suitable at a time of interest if it is contained in the current policy and the time of interest is within the validity period. Additionally, if the algorithm has any parameters, these parameters must meet the requirements defined in the security constraints.
如果算法包含在当前保单中,且感兴趣的时间在有效期内,则该算法适用于感兴趣的时间。此外,如果算法有任何参数,这些参数必须满足安全约束中定义的要求。
If an algorithm appears in a policy for the first time, it may be assumed that the algorithm has already been suitable in the past. Generally, algorithms are used in practice prior to evaluation.
如果算法第一次出现在策略中,则可以假定该算法在过去已经适用。通常,在评估之前,在实践中使用算法。
To avoid inconsistencies, multiple instances of the same algorithm are prohibited. The publisher must take care to prevent conflicts within a policy.
为避免不一致,禁止同一算法的多个实例。发布者必须注意防止策略内发生冲突。
Assertions made in the policy are suitable at least until the next policy is published.
策略中的断言至少在下一个策略发布之前是合适的。
Publishers may extend the lifetime of an algorithm prior to reaching the end of the algorithm's validity period by publishing a revised policy. Publishers should not resurrect algorithms that are expired at the time a revised policy is published.
发布者可以通过发布修改后的策略,在算法有效期结束之前延长算法的生存期。发布者不应恢复在发布修订策略时过期的算法。
This section describes the syntax of a security suitability policy defined as an XML schema [W3C.REC-xmlschema-1-20041028]. ASN.1 modules are defined in Appendix C and Appendix D. The schema uses the following XML namespace [W3C.REC-xml-names-20060816]:
本节介绍定义为XML模式的安全适用性策略的语法[W3C.REC-xmlschema-1-20041028]。ASN.1模块在附录C和附录D中定义。模式使用以下XML名称空间[W3C.REC-XML-names-20060816]:
urn:ietf:params:xml:ns:dssc
urn:ietf:params:xml:ns:dssc
Within this document, the prefix "dssc" is used for this namespace. The schema starts with the following schema definition:
在本文档中,前缀“dssc”用于此命名空间。架构以以下架构定义开始:
<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dssc="urn:ietf:params:xml:ns:dssc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:ietf:params:xml:ns:dssc" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dssc="urn:ietf:params:xml:ns:dssc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:ietf:params:xml:ns:dssc" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
The SecuritySuitabilityPolicy element is the root element of a policy. It has an optional id attribute, which MUST be used as a reference when signing the policy (Section 3.13). The optional lang attribute defines the language according to [RFC5646]. The language is applied to all human-readable text within the policy. If the lang attribute is omitted, the default language is English ("en"). The element is defined by the following schema:
SecuritySuitabilityPolicy元素是策略的根元素。它有一个可选的id属性,在签署策略时必须将其用作参考(第3.13节)。可选的lang属性根据[RFC5646]定义语言。该语言应用于策略中的所有人类可读文本。如果省略lang属性,则默认语言为英语(“en”)。元素由以下架构定义:
<xs:element name="SecuritySuitabilityPolicy" type="dssc:SecuritySuitabilityPolicyType"/> <xs:complexType name="SecuritySuitabilityPolicyType"> <xs:sequence> <xs:element ref="dssc:PolicyName"/> <xs:element ref="dssc:Publisher"/> <xs:element name="PolicyIssueDate" type="xs:dateTime"/> <xs:element name="NextUpdate" type="xs:dateTime" minOccurs="0"/> <xs:element name="Usage" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:Algorithm" maxOccurs="unbounded"/> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute name="version" type="xs:string" default="1"/> <xs:attribute name="lang" default="en"/> <xs:attribute name="id" type="xs:ID"/> </xs:complexType>
<xs:element name="SecuritySuitabilityPolicy" type="dssc:SecuritySuitabilityPolicyType"/> <xs:complexType name="SecuritySuitabilityPolicyType"> <xs:sequence> <xs:element ref="dssc:PolicyName"/> <xs:element ref="dssc:Publisher"/> <xs:element name="PolicyIssueDate" type="xs:dateTime"/> <xs:element name="NextUpdate" type="xs:dateTime" minOccurs="0"/> <xs:element name="Usage" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:Algorithm" maxOccurs="unbounded"/> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute name="version" type="xs:string" default="1"/> <xs:attribute name="lang" default="en"/> <xs:attribute name="id" type="xs:ID"/> </xs:complexType>
The PolicyName element contains an arbitrary name for the policy. The optional elements Object Identifier (OID) and Uniform Resource Identifier (URI) MAY be used for the identification of the policy. OIDs MUST be expressed in the dot notation.
PolicyName元素包含策略的任意名称。可选元素对象标识符(OID)和统一资源标识符(URI)可用于策略的标识。OID必须用点符号表示。
<xs:element name="PolicyName" type="dssc:PolicyNameType"/> <xs:complexType name="PolicyNameType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType>
<xs:element name="PolicyName" type="dssc:PolicyNameType"/> <xs:complexType name="PolicyNameType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType>
<xs:element name="Name" type="xs:string"/> <xs:element name="ObjectIdentifier"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="(\d+\.)+\d+"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="URI" type="xs:anyURI"/>
<xs:element name="Name" type="xs:string"/> <xs:element name="ObjectIdentifier"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="(\d+\.)+\d+"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="URI" type="xs:anyURI"/>
The Publisher element contains information about the publisher of the policy. It is composed of the name (e.g., name of institution), an optional address, and an optional URI. The Address element contains arbitrary free-format text not intended for automatic processing.
Publisher元素包含有关策略的发布者的信息。它由名称(例如机构名称)、可选地址和可选URI组成。Address元素包含不用于自动处理的任意自由格式文本。
<xs:element name="Publisher" type="dssc:PublisherType"/> <xs:complexType name="PublisherType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element name="Address" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType>
<xs:element name="Publisher" type="dssc:PublisherType"/> <xs:complexType name="PublisherType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element name="Address" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType>
The PolicyIssueDate element indicates the point of time when the policy was issued.
PolicyIssueDate元素指示发布策略的时间点。
The optional NextUpdate element MAY be used to indicate when the next policy will be issued.
可选的NextUpdate元素可用于指示下一个策略的发布时间。
The optional Usage element determines the intended use of the policy (e.g., certificate validation, signing and verifying documents). The element contains free-format text intended only for human readability.
可选使用元素确定策略的预期用途(例如,证书验证、签名和验证文档)。该元素包含仅用于人类可读性的自由格式文本。
A security suitability policy MUST contain at least one Algorithm element. An algorithm is identified by an AlgorithmIdentifier element. Additionally, the Algorithm element contains all evaluations of the specific cryptographic algorithm. More than one evaluation may be necessary if the evaluation depends on the parameter constraints. The optional Information element MAY be used to provide additional information like references on algorithm specifications. In order to give the option to extend the Algorithm element, it additionally contains a wildcard. The Algorithm element is defined by the following schema:
安全适用性策略必须至少包含一个算法元素。算法由算法标识符元素标识。此外,Algorithm元素包含特定加密算法的所有评估。如果评估取决于参数约束,则可能需要进行多个评估。可选信息元素可用于提供附加信息,如算法规范的参考。为了提供扩展算法元素的选项,它还包含一个通配符。算法元素由以下架构定义:
<xs:element name="Algorithm" type="dssc:AlgorithmType"/> <xs:complexType name="AlgorithmType"> <xs:sequence> <xs:element ref="dssc:AlgorithmIdentifier"/> <xs:element ref="dssc:Evaluation" maxOccurs="unbounded"/> <xs:element ref="dssc:Information" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType>
<xs:element name="Algorithm" type="dssc:AlgorithmType"/> <xs:complexType name="AlgorithmType"> <xs:sequence> <xs:element ref="dssc:AlgorithmIdentifier"/> <xs:element ref="dssc:Evaluation" maxOccurs="unbounded"/> <xs:element ref="dssc:Information" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType>
The AlgorithmIdentifier element is used to identify a cryptographic algorithm. It consists of the algorithm name, at least one OID, and optional URIs. The algorithm name is not intended to be parsed by automatic processes. It is only intended to be read by humans. The OID MUST be expressed in dot notation (e.g., "1.3.14.3.2.26"). The element is defined as follows:
AlgorithmIdentifier元素用于识别加密算法。它由算法名称、至少一个OID和可选URI组成。算法名称不打算由自动进程解析。它只供人类阅读。OID必须用点符号表示(例如,“1.3.14.3.2.26”)。该元素定义如下:
<xs:element name="AlgorithmIdentifier" type="dssc:AlgorithmIdentifierType"/> <xs:complexType name="AlgorithmIdentifierType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" maxOccurs="unbounded"/> <xs:element ref="dssc:URI" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
<xs:element name="AlgorithmIdentifier" type="dssc:AlgorithmIdentifierType"/> <xs:complexType name="AlgorithmIdentifierType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" maxOccurs="unbounded"/> <xs:element ref="dssc:URI" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
The Evaluation element contains the evaluation of one cryptographic algorithm in dependence of its parameter constraints. For example, the suitability of the RSA algorithm depends on the modulus length (RSA with a modulus length of 1024 may have another suitability period as RSA with a modulus length of 2048). Current hash algorithms like SHA-1 or RIPEMD-160 do not have any parameters. Therefore, the Parameter element is optional. The suitability of the algorithm is expressed by a validity period, which is defined by the Validity element. An optional wildcard MAY be used to extend the Evaluation element.
评估元素包含一个密码算法的评估,该评估依赖于其参数约束。例如,RSA算法的适用性取决于模长度(模长度为1024的RSA可能与模长度为2048的RSA具有另一个适用期)。当前的散列算法,如SHA-1或RIPEMD-160没有任何参数。因此,参数元素是可选的。算法的适用性由有效期表示,有效期由有效性元素定义。可选通配符可用于扩展求值元素。
<xs:element name="Evaluation" type="dssc:EvaluationType"/> <xs:complexType name="EvaluationType"> <xs:sequence> <xs:element ref="dssc:Parameter" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="dssc:Validity"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType>
<xs:element name="Evaluation" type="dssc:EvaluationType"/> <xs:complexType name="EvaluationType"> <xs:sequence> <xs:element ref="dssc:Parameter" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="dssc:Validity"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType>
The Parameter element is used to express constraints on algorithm-specific parameters.
参数元素用于表示算法特定参数的约束。
The Parameter element has a name attribute, which holds the name of the parameter (e.g., "moduluslength" for RSA [RFC3447]). Section 5 defines parameter names for currently known public key algorithms; these parameter names SHOULD be used. For the actual parameter, a range of values or an exact value may be defined. These constraints are expressed by the following elements:
Parameter元素有一个name属性,它保存参数的名称(例如,对于RSA[RFC3447])。第5节定义了当前已知公钥算法的参数名称;应使用这些参数名称。对于实际参数,可以定义值的范围或精确值。这些约束由以下元素表示:
Min: The Min element defines the minimum value of the parameter. That means values equal or greater than the given value meet the requirements.
Min:Min元素定义参数的最小值。这意味着等于或大于给定值的值符合要求。
Max: The Max element defines the maximum value the parameter may take.
Max:Max元素定义参数可能采用的最大值。
At least one of both elements MUST be set to define a range of values. A range MAY also be specified by a combination of both elements, whereas the value of the Min element MUST be less than or equal to the value of the Max element. The parameter may have any value within the defined range, including the minimum and maximum values. An exact value is expressed by using the same value in both the Min and the Max element.
必须至少设置两个元素中的一个以定义一个值范围。范围也可以由两个元素的组合指定,而最小元素的值必须小于或等于最大元素的值。参数可以具有定义范围内的任何值,包括最小值和最大值。精确值通过在“最小”和“最大”元素中使用相同的值来表示。
These constraints are sufficient for all current algorithms. If future algorithms need constraints that cannot be expressed by the elements above, an arbitrary XML structure MAY be inserted that meets the new constraints. For this reason, the Parameter element contains a wildcard. A parameter MUST contain at least one constraint. The schema for the Parameter element is as follows:
这些约束对于所有当前算法都是足够的。如果未来的算法需要无法由上述元素表示的约束,则可以插入满足新约束的任意XML结构。因此,Parameter元素包含一个通配符。参数必须至少包含一个约束。Parameter元素的架构如下所示:
<xs:element name="Parameter" type="dssc:ParameterType"/> <xs:complexType name="ParameterType"> <xs:sequence> <xs:element name="Min" type="xs:int" minOccurs="0"/> <xs:element name="Max" type="xs:int" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required"/> </xs:complexType>
<xs:element name="Parameter" type="dssc:ParameterType"/> <xs:complexType name="ParameterType"> <xs:sequence> <xs:element name="Min" type="xs:int" minOccurs="0"/> <xs:element name="Max" type="xs:int" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required"/> </xs:complexType>
The Validity element is used to define the period of the (predicted) suitability of the algorithm. It is composed of an optional start date and an optional end date. Defining no end date means the algorithm has an open-end validity. Of course, this may be restricted by a future policy that sets an end date for the algorithm. If the end of the validity period is in the past, the algorithm was suitable until that end date. The element is defined by the following schema:
有效性元素用于定义算法(预测)适用性的周期。它由一个可选的开始日期和一个可选的结束日期组成。定义无结束日期意味着算法具有开放式有效性。当然,这可能受到为算法设置结束日期的未来策略的限制。如果有效期的结束时间是过去,则该算法在该结束日期之前适用。元素由以下架构定义:
<xs:element name="Validity" type="dssc:ValidityType"/> <xs:complexType name="ValidityType"> <xs:sequence> <xs:element name="Start" type="xs:date" minOccurs="0"/> <xs:element name="End" type="xs:date" minOccurs="0"/> </xs:sequence> </xs:complexType>
<xs:element name="Validity" type="dssc:ValidityType"/> <xs:complexType name="ValidityType"> <xs:sequence> <xs:element name="Start" type="xs:date" minOccurs="0"/> <xs:element name="End" type="xs:date" minOccurs="0"/> </xs:sequence> </xs:complexType>
The Information element MAY be used to give additional textual information about the algorithm or the evaluation, e.g., references on algorithm specifications. The element is defined as follows:
信息元素可用于提供关于算法或评估的附加文本信息,例如,关于算法规范的参考。该元素定义如下:
<xs:element name="Information" type="dssc:InformationType"/> <xs:complexType name="InformationType"> <xs:sequence> <xs:element name="Text" type="xs:string" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
<xs:element name="Information" type="dssc:InformationType"/> <xs:complexType name="InformationType"> <xs:sequence> <xs:element name="Text" type="xs:string" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType>
The optional Signature element MAY be used to guarantee the integrity and authenticity of the policy. It is an XML signature specified in [RFC3275]. The signature MUST relate to the SecuritySuitabilityPolicy element. If the Signature element is set, the SecuritySuitabilityPolicy element MUST have the optional id attribute. This attribute MUST be used to reference the SecuritySuitabilityPolicy element within the Signature element. Since it is an enveloped signature, the signature MUST use the transformation algorithm identified by the following URI:
可选签名元素可用于保证策略的完整性和真实性。它是[RFC3275]中指定的XML签名。签名必须与SecuritySuitabilityPolicy元素相关。如果设置了Signature元素,则SecuritySuitabilityPolicy元素必须具有可选的id属性。此属性必须用于引用Signature元素中的SecuritySuitabilityPolicy元素。由于它是一个封装签名,因此签名必须使用由以下URI标识的转换算法:
http://www.w3.org/2000/09/xmldsig#enveloped-signature
http://www.w3.org/2000/09/xmldsig#enveloped-signature
DSSC policies MUST be expressed either in XML or ASN.1. However, in order to reach interoperability, DSSC policies SHOULD be published in both XML and ASN.1.
DSSC策略必须用XML或ASN.1表示。然而,为了实现互操作性,DSSC策略应该以XML和ASN.1两种格式发布。
In the case of XML, a DSSC policy is an XML document that MUST be well-formed and SHOULD be valid. XML-encoded DSSC policies MUST be based on XML 1.0 [W3C.REC-xml-20081126] and MUST be encoded using UTF-8 [RFC3629]. This specification makes use of XML namespaces [W3C.REC-xml-names-20060816] for identifying DSSC policies. The namespace URI for elements defined by this specification is a URN [RFC2141] using the namespace prefix "dssc". This URN is:
在XML的情况下,DSSC策略是一个XML文档,它必须格式良好并且应该是有效的。XML编码的DSSC策略必须基于XML 1.0[W3C.REC-XML-20081126],并且必须使用UTF-8[RFC3629]进行编码。本规范使用XML名称空间[W3C.REC-XML-names-20060816]来标识DSSC策略。本规范定义的元素的名称空间URI是使用名称空间前缀“dssc”的URN[RFC2141]。这个骨灰盒是:
urn:ietf:params:xml:ns:dssc
urn:ietf:params:xml:ns:dssc
XML-encoded DSSC policies are identified with the MIME type "application/dssc+xml" and are instances of the XML schema [W3C.REC-xmlschema-1-20041028] defined in Appendix B.
XML编码的DSSC策略由MIME类型“application/DSSC+XML”标识,是附录B中定义的XML模式[W3C.REC-xmlschema-1-20041028]的实例。
A file containing a DSSC policy in ASN.1 representation (for specification of ASN.1 refer to [CCITT.x208.1988], [CCITT.x209.1988], [CCITT.x680.2002] and [CCITT.x690.2002]) MUST contain only the DER encoding of one DSSC policy, i.e., there MUST NOT be extraneous header or trailer information in the file. ASN.1-based DSSC policies are identified with the MIME type "application/dssc+der". Appropriate ASN.1 modules are defined in Appendices C (1988-ASN.1 syntax) and D (1997-ASN.1 syntax).
包含ASN.1表示形式的DSSC策略的文件(有关ASN.1的规范,请参阅[CCITT.x208.1988]、[CCITT.x209.1988]、[CCITT.x680.2002]和[CCITT.x690.2002])必须仅包含一个DSSC策略的DER编码,即文件中不得有无关的头或尾信息。基于ASN.1的DSSC策略由MIME类型“application/DSSC+der”标识。附录C(1988-ASN.1语法)和D(1997-ASN.1语法)中定义了适当的ASN.1模块。
This section defines the parameter names for the currently known public key algorithms. The following parameters also refer to cryptographic schemes based on these public key algorithms (e.g., the PKCS#1 v1.5 signature scheme SHA-256 with RSA [RFC3447]).
本节定义了当前已知公钥算法的参数名称。以下参数还涉及基于这些公钥算法的加密方案(例如,PKCS#1 v1.5签名方案SHA-256和RSA[RFC3447])。
The parameter of RSA [RFC3447] SHOULD be named "moduluslength".
RSA[RFC3447]的参数应命名为“ModulesLength”。
The parameters for the Digital Signature Algorithm (DSA) [FIPS186-2] SHOULD be "plength" and "qlength".
数字签名算法(DSA)[FIPS186-2]的参数应为“plength”和“qlength”。
These parameter names have been registered by IANA (see Section 8). It may be necessary to register further algorithms not given in this section (in particular, future algorithms). The process for registering parameter names of further algorithms is described in Section 8. Publishers of policies SHOULD use these parameter names so that the correct interpretation is guaranteed.
IANA已经注册了这些参数名称(见第8节)。可能需要注册本节中未给出的其他算法(特别是未来的算法)。第8节描述了注册进一步算法的参数名称的过程。策略的发布者应该使用这些参数名称,以便保证正确的解释。
Evaluation of an algorithm's security suitability is described in three parts: verification of the policy, determination of algorithm validity, and evaluation of algorithm parameters, if any.
算法安全适用性的评估分为三个部分:策略验证、算法有效性的确定和算法参数的评估(如果有)。
In the following sections, a process is described
在以下各节中,将描述一个过程
o to determine if an algorithm was suitable at a particular point of time, and
o 确定算法在特定时间点是否适用,以及
o to determine until what time an algorithm was or will be suitable.
o 确定算法适用或将适用的时间。
To determine the security suitability of an algorithm, the following information is required:
要确定算法的安全适用性,需要以下信息:
o Policy
o 政策
o Current time
o 当前时间
o Algorithm identifier and parameter constraints (if associated)
o 算法标识符和参数约束(如果关联)
o Time of interest (optional). Providing no time of interest means determination of the validity end date of the algorithm.
o 感兴趣的时间(可选)。不提供感兴趣的时间意味着确定算法的有效结束日期。
The signature on the policy SHOULD be verified and a certification path from the policy signer's certificate to a current trust anchor SHOULD be constructed and validated [RFC5280]. The algorithms used to verify the digital signature and validate the certification path MUST be suitable per the contents of the policy being verified. If signature verification fails, certification path validation fails or an unsuitable algorithm is required to perform these checks, then the policy MUST be rejected.
应验证策略上的签名,并应构造和验证从策略签名者证书到当前信任锚点的证书路径[RFC5280]。用于验证数字签名和验证认证路径的算法必须适合被验证策略的内容。如果签名验证失败、证书路径验证失败或需要不合适的算法来执行这些检查,则必须拒绝策略。
The nextUpdate time in the policy MUST be either greater than the current time or absent. If the nextUpdate time is less than the current time, the policy MUST be rejected.
策略中的nextUpdate时间必须大于当前时间或不存在。如果nextUpdate时间小于当前时间,则必须拒绝策略。
To determine the validity period of an algorithm, locate the Algorithm element in the policy that corresponds to the algorithm identifier provided as input. The Algorithm element is located by comparing the OID in the element to the OID included in the algorithm identifier provided as input.
要确定算法的有效期,请在策略中找到与作为输入提供的算法标识符相对应的算法元素。通过将元素中的OID与作为输入提供的算法标识符中包含的OID进行比较来定位算法元素。
If no matching Algorithm element is found, then the algorithm is unknown.
如果未找到匹配的算法元素,则该算法未知。
If the time of interest was provided as input, the validity of each Evaluation element MUST be checked in order to determine if the algorithm was suitable at the time of interest. For each Evaluation element:
如果提供了感兴趣的时间作为输入,则必须检查每个评估元素的有效性,以确定算法在感兴趣的时间是否合适。对于每个评价要素:
o Confirm the Start time is either less than the time of interest or absent. Discard the entry if the Start time is present and greater than the time of interest.
o 确认开始时间小于关注时间或不存在。如果开始时间存在且大于关注时间,则放弃该条目。
o Confirm the End time is either greater than the time of interest or absent. Discard the entry if the End time is present and less than the time of interest.
o 确认结束时间大于关注时间或不存在。如果结束时间存在且小于关注时间,则放弃该条目。
If all Evaluation elements were rejected, the algorithm is not suitable according to the policy.
如果所有评估元素都被拒绝,则根据策略,该算法不适用。
Any entries not rejected will be used for the evaluation of the parameters, if any.
任何未被拒绝的条目将用于参数评估(如有)。
Any necessary parameters of the entries not rejected MUST be evaluated within the context of the type and usage of the algorithm. Details of parameter evaluation are defined on a per-algorithm basis.
未被拒绝的条目的任何必要参数必须在算法的类型和用法的上下文中进行评估。参数评估的详细信息按算法定义。
To evaluate the parameters, the Parameter elements of each Evaluation element that has not been rejected in the process described in Section 6.3 MUST be checked. For each Parameter element:
为了评估参数,必须检查在第6.3节所述过程中未被拒绝的每个评估元素的参数元素。对于每个参数元素:
o Confirm that the parameter was provided as input. Discard the Evaluation element if the parameter does not match to any of the parameters provided as input.
o 确认参数已作为输入提供。如果参数与作为输入提供的任何参数不匹配,则放弃评估元素。
o If the Parameter element has a Min element, confirm that the parameter value is less than or equal to the corresponding parameter provided as input. Discard the Evaluation element if the parameter value does not meet the constraint.
o 如果参数元素具有最小元素,请确认参数值小于或等于作为输入提供的相应参数。如果参数值不满足约束,则放弃求值元素。
o If the Parameter element has a Max element, confirm that the parameter value is greater than or equal to the corresponding parameter provided as input. Discard the Evaluation element if the parameter value does not meet the constraint.
o 如果参数元素具有Max元素,请确认参数值大于或等于作为输入提供的相应参数。如果参数值不满足约束,则放弃求值元素。
o If the Parameter has another constraint, confirm that the value of the corresponding parameter provided as input meets this constraint. If it does not or if the constraint is unrecognized, discard the Evaluation element.
o 如果参数有其他约束,请确认作为输入提供的相应参数的值符合此约束。如果没有,或者约束无法识别,则放弃求值元素。
If all Evaluation elements were rejected, the algorithm is not suitable according to the policy.
如果所有评估元素都被拒绝,则根据策略,该算法不适用。
Any entries not rejected will be provided as output.
任何未被拒绝的条目将作为输出提供。
If the algorithm is not in the policy, return an error "algorithm unknown".
如果算法不在策略中,则返回错误“algorithm unknown”。
If no time of interest was provided as input, return the maximum End time of the Evaluation elements that were not discarded. If at least one End time of these Evaluation elements is absent, return "algorithm has an indefinite End time".
如果没有提供感兴趣的时间作为输入,则返回未放弃的评估元素的最大结束时间。如果这些评估元素中至少有一个结束时间不存在,则返回“算法有一个不确定的结束时间”。
Otherwise, if the algorithm is not suitable relative to the time of interest, return an error "algorithm unsuitable".
否则,如果算法相对于感兴趣的时间不合适,则返回一个错误“algorithm Unpostable”。
If the algorithm is suitable relative to the time of interest, return the Evaluation elements that were not discarded.
如果算法相对于感兴趣的时间是合适的,则返回未丢弃的评估元素。
The policy for an algorithm's security suitability has a great impact on the quality of the results of signature generation and verification operations. If an algorithm is incorrectly evaluated against a policy, signatures with a low probative force could be created or verification results could be incorrect. The following security considerations have been identified:
算法的安全适用性策略对签名生成和验证操作结果的质量有很大影响。如果针对策略错误地评估了算法,则可能会创建具有低证明力的签名,或者验证结果可能不正确。已确定以下安全注意事项:
1. Publishers MUST ensure unauthorized manipulation of any security suitability is not possible prior to a policy being signed and published. There is no mechanism provided to revoke a policy after publication. Since the algorithm evaluations change infrequently, the lifespan of a policy should be carefully considered prior to publication.
1. 发布者必须确保在签署和发布策略之前,不可能对任何安全适用性进行未经授权的操纵。没有提供在发布后撤消策略的机制。由于算法评估很少更改,因此在发布策略之前应仔细考虑策略的生命周期。
2. Operators SHOULD only accept policies issued by a trusted publisher. Furthermore, the validity of the certificate used to sign the policy SHOULD be verifiable by Certificate Revocation List (CRL) [RFC5280] or Online Certificate Status Protocol (OCSP) [RFC2560]. The certificate used to sign the policy SHOULD be revoked if the algorithms used in this certificate are no longer suitable. It MUST NOT be possible to alter or replace a policy once accepted by an operator.
2. 操作员应仅接受受信任发布者发布的策略。此外,用于签署策略的证书的有效性应可通过证书吊销列表(CRL)[RFC5280]或在线证书状态协议(OCSP)[RFC2560]进行验证。如果此证书中使用的算法不再适用,则应吊销用于签署策略的证书。一旦被运营商接受,不得更改或替换策略。
3. Operators SHOULD periodically check to see if a new policy has been published to avoid using obsolete policy information. For publishers, it is suggested not to omit the NextUpdate element in order to give operators a hint regarding when the next policy will be published.
3. 操作员应定期检查是否发布了新策略,以避免使用过时的策略信息。对于发布者,建议不要忽略NextUpdate元素,以便向操作员提示下一个策略何时发布。
4. When signing a policy, algorithms that are suitable according to this policy SHOULD be used.
4. 签署策略时,应使用符合此策略的算法。
5. The processing rule described in Section 6 is about one cryptographic algorithm independent of the use case. Depending upon the use case, an algorithm that is no longer suitable at the time of interest, does not necessarily mean that the data structure where it is used is no longer secure. For example, a signature has been made with an RSA signer's key of 1024 bits. This signature is timestamped with a timestamp token that uses an RSA key of 2048 bits, before an RSA key size of 1024 bits will be broken. The fact that the signature key of 1024 bits is no longer suitable at the time of interest does not mean that the
5. 第6节中描述的处理规则是关于一个独立于用例的加密算法。根据用例,在感兴趣的时候不再合适的算法并不一定意味着使用它的数据结构不再安全。例如,使用1024位的RSA签名者密钥进行签名。此签名使用时间戳令牌进行时间戳,该令牌使用2048位的RSA密钥,然后1024位的RSA密钥大小将被破坏。1024位的签名密钥在感兴趣的时候不再合适这一事实并不意味着
whole data structure is no longer secure, if an RSA key size of 2048 bits is still suitable at the time of interest.
如果在感兴趣的时候2048位的RSA密钥大小仍然合适,则整个数据结构不再安全。
6. In addition to the key size considerations, other considerations must be applied, like whether a timestamp token has been provided by a trusted authority. This means that the simple use of a suitability policy is not the single element to consider when evaluating the security of a complex data structure that uses several cryptographic algorithms.
6. 除了密钥大小考虑之外,还必须应用其他考虑,例如时间戳令牌是否由可信机构提供。这意味着在评估使用多个密码算法的复杂数据结构的安全性时,简单地使用适当性策略并不是考虑的单个元素。
7. The policies described in this document are suitable to evaluate basic cryptographic algorithms, like public key or hash algorithms, as well as cryptographic schemes (e.g., the PKCS#1 v1.5 signature schemes [RFC3447]). But it MUST be kept in mind that a basic cryptographic algorithm that is suitable according to the policy does not necessarily mean that any cryptographic schemes based on this algorithm are also secure. For example, a signature scheme based on RSA must not necessarily be secure if RSA is suitable. In case of a complete signature verification, including validation of the certificate path, various algorithms have to be checked against the policy (i.e., signature schemes of signed data objects and revocation information, public key algorithms of the involved certificates, etc.). Thus, a policy SHOULD contain evaluations of public key and hash algorithms as well as of signature schemes.
7. 本文档中描述的策略适用于评估基本加密算法,如公钥或哈希算法,以及加密方案(例如PKCS#1 v1.5签名方案[RFC3447])。但必须记住,根据政策适用的基本密码算法并不一定意味着基于该算法的任何密码方案也是安全的。例如,如果RSA是合适的,则基于RSA的签名方案不一定是安全的。在完成签名验证(包括证书路径验证)的情况下,必须根据策略检查各种算法(即,已签名数据对象的签名方案和撤销信息、涉及证书的公钥算法等)。因此,策略应该包含对公钥和哈希算法以及签名方案的评估。
8. Re-encrypting documents that were originally encrypted using an algorithm that is no longer suitable will not protect the semantics of the document if the document has been intercepted. However, for documents stored in an encrypted form, re-encryption must be considered, unless the document has lost its original value.
8. 如果文档被截获,重新加密最初使用不再适用的算法加密的文档将不会保护文档的语义。但是,对于以加密形式存储的文档,必须考虑重新加密,除非该文档已丢失其原始值。
This document defines the XML namespace "urn:ietf:params:xml:ns:dssc" according to the guidelines in [RFC3688]. This namespace has been registered in the IANA XML Registry.
本文档根据[RFC3688]中的指南定义了XML名称空间“urn:ietf:params:XML:ns:dssc”。此命名空间已在IANA XML注册表中注册。
This document defines an XML schema (see Appendix B) according to the guidelines in [RFC3688]. This XML schema has been registered in the IANA XML Registry and can be identified with the URN "urn:ietf:params:xml:schema:dssc".
本文档根据[RFC3688]中的指南定义了XML模式(见附录B)。此XML模式已在IANA XML注册表中注册,可以通过URN“URN:ietf:params:XML:schema:dssc”标识。
This document defines the MIME type "application/dssc+xml". This MIME type has been registered by IANA under "MIME Media Types" according to the procedures of [RFC4288].
本文档定义了MIME类型“application/dssc+xml”。IANA已根据[RFC4288]的程序在“MIME媒体类型”下注册了此MIME类型。
Type name: application
类型名称:应用程序
Subtype name: dssc+xml
子类型名称:dssc+xml
Required parameters: none
所需参数:无
Optional parameters: "charset" as specified for "application/xml" in [RFC3023].
可选参数:[RFC3023]中为“应用程序/xml”指定的“字符集”。
Encoding considerations: Same as specified for "application/xml" in [RFC3023].
编码注意事项:与[RFC3023]中为“应用程序/xml”指定的相同。
Security considerations: Same as specified for "application/xml" in Section 10 of [RFC3023]. For further security considerations, see Section 7 of this document.
安全注意事项:与[RFC3023]第10节中“应用程序/xml”的规定相同。有关更多安全注意事项,请参阅本文件第7节。
Interoperability considerations: Same as specified for "application/xml" in [RFC3023].
互操作性注意事项:与[RFC3023]中“应用程序/xml”的规定相同。
Published specification: This document.
已发布规范:本文件。
Applications that use this media: Applications for long-term archiving of signed data, applications for signing data / verifying signed data, and applications for encrypting / decrypting data.
使用此介质的应用程序:用于签名数据长期存档的应用程序、用于签名数据/验证签名数据的应用程序以及用于加密/解密数据的应用程序。
Additional information:
其他信息:
Magic number(s): none
幻数:无
File extension(s): .xdssc
文件扩展名:.xdsc
Macintosh file type code: "TEXT"
Macintosh文件类型代码:“文本”
Object Identifiers: none
对象标识符:无
Person to contact for further information: Thomas Kunz (thomas.kunz@sit.fraunhofer.de)
有关更多信息的联系人:Thomas Kunz(Thomas。kunz@sit.fraunhofer.de)
Intended usage: COMMON
预期用途:普通
Restrictions on usage: none
使用限制:无
Author/Change controller: IETF
作者/变更控制员:IETF
This document defines the MIME type "application/dssc+der". This MIME type has been registered by IANA under "MIME Media Types" according to the procedures of [RFC4288].
本文档定义了MIME类型“application/dssc+der”。IANA已根据[RFC4288]的程序在“MIME媒体类型”下注册了此MIME类型。
Type name: application
类型名称:应用程序
Subtype name: dssc+der
子类型名称:dssc+der
Required parameters: none
所需参数:无
Optional parameters: none
可选参数:无
Encoding considerations: binary
编码注意事项:二进制
Security considerations: See Section 7 of this document.
安全注意事项:见本文件第7节。
Interoperability considerations: none
互操作性注意事项:无
Published specification: This document.
已发布规范:本文件。
Applications that use this media: Applications for long-term archiving of signed data, applications for signing data / verifying signed data, and applications for encrypting / decrypting data.
使用此介质的应用程序:用于签名数据长期存档的应用程序、用于签名数据/验证签名数据的应用程序以及用于加密/解密数据的应用程序。
Additional information:
其他信息:
Magic number(s): none
幻数:无
File extension(s): .dssc
文件扩展名:.dssc
Macintosh file type code: none
Macintosh文件类型代码:无
Object Identifiers: none
对象标识符:无
Person to contact for further information: Thomas Kunz (thomas.kunz@sit.fraunhofer.de)
有关更多信息的联系人:Thomas Kunz(Thomas。kunz@sit.fraunhofer.de)
Intended usage: COMMON
预期用途:普通
Restrictions on usage: none
使用限制:无
Author/Change controller: IETF
作者/变更控制员:IETF
This specification creates a new IANA registry entitled "Data Structure for the Security Suitability of Cryptographic Algorithms (DSSC)". This registry contains two sub-registries entitled "Parameter Definitions" and "Cryptographic Algorithms". The policy for future assignments to the sub-registry "Parameter Definitions" is "RFC Required".
本规范创建了一个名为“加密算法安全适用性数据结构(DSSC)”的新IANA注册表。该注册表包含两个子注册表,分别名为“参数定义”和“加密算法”。将来分配给子注册表“参数定义”的策略为“需要RFC”。
The initial values for the "Parameter Definitions" sub-registry are:
“参数定义”子注册表的初始值为:
Value Description Reference -------------- ------------------------------- ------------------ moduluslength Parameter for RSA RFC 5698 (integer value) plength Parameter for DSA RFC 5698 (integer value, used together with parameter "qlength") qlength Parameter for DSA RFC 5698 (integer value, used together with parameter "plength")
Value Description Reference -------------- ------------------------------- ------------------ moduluslength Parameter for RSA RFC 5698 (integer value) plength Parameter for DSA RFC 5698 (integer value, used together with parameter "qlength") qlength Parameter for DSA RFC 5698 (integer value, used together with parameter "plength")
The sub-registry "Cryptographic Algorithms" contains textual names as well as Object Identifiers (OIDs) and Uniform Resource Identifiers (URIs) of cryptographic algorithms. It serves as assistance when creating a new policy. The policy for future assignments is "First Come First Served". When registering a new algorithm, the following information MUST be provided:
子注册表“加密算法”包含文本名称以及加密算法的对象标识符(OID)和统一资源标识符(URI)。它在创建新策略时起到辅助作用。未来任务的政策是“先到先得”。注册新算法时,必须提供以下信息:
o The textual name of the algorithm.
o 算法的文本名称。
o The OID of the algorithm.
o 算法的OID。
o A reference to a publicly available specification that defines the algorithm and its identifiers.
o 对定义算法及其标识符的公开规范的引用。
Optionally, a URI MAY be provided if possible.
可选地,如果可能,可以提供URI。
The initial values for the "Cryptographic Algorithms" sub-registry are:
“加密算法”子注册表的初始值为:
Name OID / URI Reference ----------------------- --------------------------------- ---------- rsaEncryption 1.2.840.113549.1.1.1 [RFC3447]
Name OID / URI Reference ----------------------- --------------------------------- ---------- rsaEncryption 1.2.840.113549.1.1.1 [RFC3447]
dsa 1.2.840.10040.4.1 [RFC3279]
dsa 1.2.840.10040.4.1[RFC3279]
md2 1.2.840.113549.2.2 [RFC3279]
md2 1.2.840.113549.2.2[RFC3279]
md5 1.2.840.113549.2.5 [RFC3279] http://www.w3.org/2001/04/xmldsig-more#md5 [RFC4051]
md5 1.2.840.113549.2.5 [RFC3279] http://www.w3.org/2001/04/xmldsig-more#md5 [RFC4051]
sha-1 1.3.14.3.2.26 [RFC3279] http://www.w3.org/2000/09/xmldsig#sha1 [RFC3275]
sha-1 1.3.14.3.2.26 [RFC3279] http://www.w3.org/2000/09/xmldsig#sha1 [RFC3275]
sha-224 2.16.840.1.101.3.4.2.4 [RFC4055] http://www.w3.org/2001/04/xmldsig-more#sha224 [RFC4051]
sha-224 2.16.840.1.101.3.4.2.4 [RFC4055] http://www.w3.org/2001/04/xmldsig-more#sha224 [RFC4051]
sha-256 2.16.840.1.101.3.4.2.1 [RFC4055]
sha-256 2.16.840.1.101.3.4.2.1[RFC4055]
sha-384 2.16.840.1.101.3.4.2.2 [RFC4055] http://www.w3.org/2001/04/xmldsig-more#sha384 [RFC4051]
sha-384 2.16.840.1.101.3.4.2.2 [RFC4055] http://www.w3.org/2001/04/xmldsig-more#sha384 [RFC4051]
sha-512 2.16.840.1.101.3.4.2.3 [RFC4055]
sha-512 2.16.840.1.101.3.4.2.3[RFC4055]
md2WithRSAEncryption 1.2.840.113549.1.1.2 [RFC3443]
MD2带RSA加密1.2.840.113549.1.1.2[RFC3443]
md5WithRSAEncryption 1.2.840.113549.1.1.4 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-md5 [RFC4051]
md5WithRSAEncryption 1.2.840.113549.1.1.4 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-md5 [RFC4051]
sha1WithRSAEncryption 1.2.840.113549.1.1.5 [RFC3443] http://www.w3.org/2000/09/xmldsig#rsa-sha1 [RFC3275]
sha1WithRSAEncryption 1.2.840.113549.1.1.5 [RFC3443] http://www.w3.org/2000/09/xmldsig#rsa-sha1 [RFC3275]
sha256WithRSAEncryption 1.2.840.113549.1.1.11 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 [RFC4051]
sha256WithRSAEncryption 1.2.840.113549.1.1.11 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 [RFC4051]
sha384WithRSAEncryption 1.2.840.113549.1.1.12 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 [RFC4051]
sha384WithRSAEncryption 1.2.840.113549.1.1.12 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 [RFC4051]
sha512WithRSAEncryption 1.2.840.113549.1.1.13 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 [RFC4051]
sha512WithRSAEncryption 1.2.840.113549.1.1.13 [RFC3443] http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 [RFC4051]
sha1WithDSA 1.2.840.10040.4.3 [RFC3279] http://www.w3.org/2000/09/xmldsig#dsa-sha1 [RFC3275]
sha1WithDSA 1.2.840.10040.4.3 [RFC3279] http://www.w3.org/2000/09/xmldsig#dsa-sha1 [RFC3275]
[CCITT.x680.2002] International Telephone and Telegraph Consultative Committee, "Abstract Syntax Notation One (ASN.1): Specification of basic notation", CCITT Recommendation X.680, July 2002.
[CCITT.x680.2002]国际电话电报咨询委员会,“抽象语法符号一(ASN.1):基本符号规范”,CCITT建议X.680,2002年7月。
[CCITT.x690.2002] International Telephone and Telegraph Consultative Committee, "AASN.1 encoding rules: Specification of basic encoding Rules (BER), Canonical encoding rules (CER) and Distinguished encoding rules (DER)", CCITT Recommendation X.690, July 2002.
[CCITT.x690.2002]国际电话电报咨询委员会,“AASN.1编码规则:基本编码规则(BER)、规范编码规则(CER)和区分编码规则(DER)规范”,CCITT建议X.690,2002年7月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2141] Moats, R., "URN Syntax", RFC 2141, May 1997.
[RFC2141]Moats,R.,“瓮语法”,RFC 21411997年5月。
[RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and C. Adams, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP", RFC 2560, June 1999.
[RFC2560]Myers,M.,Ankney,R.,Malpani,A.,Galperin,S.,和C.Adams,“X.509互联网公钥基础设施在线证书状态协议-OCSP”,RFC 25601999年6月。
[RFC3023] Murata, M., St. Laurent, S., and D. Kohn, "XML Media Types", RFC 3023, January 2001.
[RFC3023]Murata,M.,St.Laurent,S.,和D.Kohn,“XML媒体类型”,RFC 3023,2001年1月。
[RFC3275] Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing", RFC 3275, March 2002.
[RFC3275]Eastlake,D.,Reagle,J.,和D.Solo,“(可扩展标记语言)XML签名语法和处理”,RFC3275,2002年3月。
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.
[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.
[RFC3688]Mealling,M.“IETF XML注册表”,BCP 81,RFC 3688,2004年1月。
[RFC4288] Freed, N. and J. Klensin, "Media Type Specifications and Registration Procedures", BCP 13, RFC 4288, December 2005.
[RFC4288]Freed,N.和J.Klensin,“介质类型规范和注册程序”,BCP 13,RFC 4288,2005年12月。
[RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence Record Syntax (ERS)", RFC 4998, August 2007.
[RFC4998]Gondrom,T.,Brandner,R.,和U.Pordesch,“证据记录语法(ERS)”,RFC 49982007年8月。
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.
[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。
[RFC5646] Phillips, A. and M. Davis, "Tags for Identifying Languages", BCP 47, RFC 5646, September 2009.
[RFC5646]Phillips,A.和M.Davis,“识别语言的标记”,BCP 47,RFC 5646,2009年9月。
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 5652, September 2009.
[RFC5652]Housley,R.,“加密消息语法(CMS)”,RFC 56522009年9月。
[W3C.REC-xml-20081126] Yergeau, F., Maler, E., Paoli, J., Sperberg-McQueen, C., and T. Bray, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", World Wide Web Consortium Recommendation REC-xml-20081126, November 2008, <http://www.w3.org/TR/2008/REC-xml-20081126>.
[W3C.REC-xml-20081126]Yergeau,F.,Maler,E.,Paoli,J.,Sperberg-McQueen,C.,和T.Bray,“可扩展标记语言(xml)1.0(第五版)”,万维网联盟建议REC-xml-20081126,2008年11月<http://www.w3.org/TR/2008/REC-xml-20081126>.
[W3C.REC-xml-names-20060816] Layman, A., Hollander, D., Tobin, R., and T. Bray, "Namespaces in XML 1.0 (Second Edition)", World Wide Web Consortium Recommendation REC-xml-names-20060816, August 2006, <http://www.w3.org/TR/2006/REC-xml-names-20060816>.
[W3C.REC-xml-names-20060816]Layman,A.,Hollander,D.,Tobin,R.,和T.Bray,“xml 1.0中的名称空间(第二版)”,万维网联盟建议REC-xml-names-20060816,2006年8月<http://www.w3.org/TR/2006/REC-xml-names-20060816>.
[W3C.REC-xmlschema-1-20041028] Thompson, H., Beech, D., Mendelsohn, N., and M. Maloney, "XML Schema Part 1: Structures Second Edition", World Wide Web Consortium Recommendation REC-xmlschema-1-20041028, October 2004, <http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
[W3C.REC-xmlschema-1-20041028]Thompson,H.,Beech,D.,Mendelsohn,N.,和M.Maloney,“XML模式第1部分:结构第二版”,万维网联盟建议REC-xmlschema-1-20041028,2004年10月<http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
[BNetzAg.2008] Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railway, "Bekanntmachung zur elektronischen Signatur nach dem Signaturgesetz und der Signaturverordnung (Uebersicht ueber geeignete Algorithmen)", December 2007, <http://www.bundesnetzagentur.de/media/archive/12198.pdf>.
[BNetzAg.2008]联邦电力、天然气、电信、邮政和铁路网络局,“电子签名和签名(Uebersicht ueber geeignete算法)”,2007年12月<http://www.bundesnetzagentur.de/media/archive/12198.pdf>.
[CCITT.x208.1988] International Telephone and Telegraph Consultative Committee, "Specification of Abstract Syntax Notation One (ASN.1)", CCITT Recommendation X.208, November 1988.
[CCITT.x208.1988]国际电话电报咨询委员会,“抽象语法符号1规范(ASN.1)”,CCITT建议X.208,1988年11月。
[CCITT.x209.1988] International Telephone and Telegraph Consultative Committee, "Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)", CCITT Recommendation X.209, November 1988.
[CCITT.x209.1988]国际电话电报咨询委员会,“抽象语法符号1(ASN.1)基本编码规则规范”,CCITT建议X.209,1988年11月。
[ETSI-TS101903] European Telecommunication Standards Institute (ETSI), "XML Advanced Electronic Signatures (XAdES)", ETSI TS 101 903 V1.3.2, March 2006.
[ETSI-TS101903]欧洲电信标准协会(ETSI),“XML高级电子签名(XAdES)”,ETSI TS 101 903 V1.3.22006年3月。
[ETSI-TS102176-1-2005] European Telecommunication Standards Institute (ETSI), "Electronic Signatures and Infrastructures (ESI); "Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms"", ETSI TS 102 176-1 V2.0.0, November 2007.
[ETSI-TS102176-1-2005]欧洲电信标准协会(ETSI),“电子签名和基础设施(ESI)”;“安全电子签名的算法和参数;第1部分:散列函数和非对称算法”,ETSI TS 102 176-1 V2.0.0,2007年11月。
[FIPS186-2] National Institute of Standards and Technology, "Digital Signature Standard (DSS)", FIPS PUB 186-2 with Change Notice, January 2000.
[FIPS186-2]国家标准与技术研究所,“数字签名标准(DSS)”,FIPS PUB 186-2,附变更通知,2000年1月。
[NIST.800-57-Part1.2006] National Institute of Standards and Technology, "Recommendation for Key Management - Part 1: General (Revised)", NIST 800-57 Part 1, May 2006.
[NIST.800-57-Part1.2006]国家标准与技术研究所,“关键管理建议-第1部分:概述(修订)”,NIST 800-57第1部分,2006年5月。
[RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279, April 2002.
[RFC3279]Bassham,L.,Polk,W.,和R.Housley,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件的算法和标识符”,RFC 3279,2002年4月。
[RFC3443] Agarwal, P. and B. Akyol, "Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks", RFC 3443, January 2003.
[RFC3443]Agarwal,P.和B.Akyol,“多协议标签交换(MPLS)网络中的生存时间(TTL)处理”,RFC 3443,2003年1月。
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003.
[RFC3447]Jonsson,J.和B.Kaliski,“公钥密码标准(PKCS)#1:RSA密码规范版本2.1”,RFC 3447,2003年2月。
[RFC4051] Eastlake, D., "Additional XML Security Uniform Resource Identifiers (URIs)", RFC 4051, April 2005.
[RFC4051]Eastlake,D.,“额外的XML安全统一资源标识符(URI)”,RFC4051,2005年4月。
[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005.
[RFC4055]Schaad,J.,Kaliski,B.,和R.Housley,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,2005年6月。
[RFC4810] Wallace, C., Pordesch, U., and R. Brandner, "Long-Term Archive Service Requirements", RFC 4810, March 2007.
[RFC4810]Wallace,C.,Pordesch,U.,和R.Brandner,“长期档案服务要求”,RFC 48102007年3月。
This section describes the verification of an Evidence Record according to the Evidence Record Syntax (ERS, [RFC4998]), using the presented data structure.
本节描述了根据证据记录语法(ERS,[RFC4998]),使用所提供的数据结构验证证据记录。
An Evidence Record contains a sequence of ArchiveTimeStampChains, which consist of ArchiveTimeStamps. For each ArchiveTimeStamp the hash algorithm used for the hash tree (digestAlgorithm) as well as the public key algorithm and hash algorithm in the timestamp signature have to be examined. The relevant date is the time information in the timestamp (date of issue). Starting with the first ArchiveTimeStamp, it has to be assured that:
证据记录包含一系列ArchiveTimeStampChains,由ArchiveTimeStamps组成。对于每个ArchiveTimeStamp,必须检查用于哈希树(digestAlgorithm)的哈希算法以及时间戳签名中的公钥算法和哈希算法。相关日期是时间戳(发布日期)中的时间信息。从第一个ArchiveTimeStamp开始,必须确保:
1. The timestamp uses public key and hash algorithms that were suitable at the date of issue.
1. 时间戳使用公钥和哈希算法,这些算法在发布日期适用。
2. The hashtree was built with a hash algorithm that was suitable at the date of issue as well.
2. hashtree是用一种哈希算法构建的,该算法在发布之日也适用。
3. Algorithms for timestamp and hashtree in the preceding ArchiveTimeStamp must have been suitable at the issuing date of considered ArchiveTimeStamp.
3. 上述ArchiveTimeStamp中的时间戳和哈希树算法必须适用于所考虑的ArchiveTimeStamp的发行日期。
4. Algorithms in the last ArchiveTimeStamp have to be suitable now.
4. 最后一个ArchiveTimeStamp中的算法现在必须适用。
If the check of one of these items fails, this will lead to a failure of the verification.
如果其中一项检查失败,将导致验证失败。
This section describes how to store a policy in an Evidence Record. ERS provides the field cryptoInfos for the storage of additional verification data. For the integration of a security suitability policy in an Evidence Record, the following content types are defined for both ASN.1 and XML representation:
本节介绍如何在证据记录中存储策略。ERS提供用于存储额外验证数据的字段cryptoInfos。为了将安全适用性策略集成到证据记录中,为ASN.1和XML表示定义了以下内容类型:
DSSC_ASN1 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-asn1(2) }
DSSC_ASN1 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-asn1(2) }
DSSC_XML {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-xml(3) }
DSSC_XML {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-xml(3) }
Appendix B. XML Schema (Normative)
附录B.XML模式(规范性)
<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dssc="urn:ietf:params:xml:ns:dssc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:ietf:params:xml:ns:dssc" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <xs:element name="SecuritySuitabilityPolicy" type="dssc:SecuritySuitabilityPolicyType"/> <xs:complexType name="SecuritySuitabilityPolicyType"> <xs:sequence> <xs:element ref="dssc:PolicyName"/> <xs:element ref="dssc:Publisher"/> <xs:element name="PolicyIssueDate" type="xs:dateTime"/> <xs:element name="NextUpdate" type="xs:dateTime" minOccurs="0"/> <xs:element name="Usage" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:Algorithm" maxOccurs="unbounded"/> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute name="version" type="xs:string" default="1"/> <xs:attribute name="lang" default="en"/> <xs:attribute name="id" type="xs:ID"/> </xs:complexType> <xs:element name="PolicyName" type="dssc:PolicyNameType"/> <xs:complexType name="PolicyNameType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Publisher" type="dssc:PublisherType"/> <xs:complexType name="PublisherType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element name="Address" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Name" type="xs:string"/> <xs:element name="ObjectIdentifier"> <xs:simpleType>
<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dssc="urn:ietf:params:xml:ns:dssc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="urn:ietf:params:xml:ns:dssc" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/> <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/> <xs:element name="SecuritySuitabilityPolicy" type="dssc:SecuritySuitabilityPolicyType"/> <xs:complexType name="SecuritySuitabilityPolicyType"> <xs:sequence> <xs:element ref="dssc:PolicyName"/> <xs:element ref="dssc:Publisher"/> <xs:element name="PolicyIssueDate" type="xs:dateTime"/> <xs:element name="NextUpdate" type="xs:dateTime" minOccurs="0"/> <xs:element name="Usage" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:Algorithm" maxOccurs="unbounded"/> <xs:element ref="ds:Signature" minOccurs="0"/> </xs:sequence> <xs:attribute name="version" type="xs:string" default="1"/> <xs:attribute name="lang" default="en"/> <xs:attribute name="id" type="xs:ID"/> </xs:complexType> <xs:element name="PolicyName" type="dssc:PolicyNameType"/> <xs:complexType name="PolicyNameType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Publisher" type="dssc:PublisherType"/> <xs:complexType name="PublisherType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element name="Address" type="xs:string" minOccurs="0"/> <xs:element ref="dssc:URI" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Name" type="xs:string"/> <xs:element name="ObjectIdentifier"> <xs:simpleType>
<xs:restriction base="xs:string"> <xs:pattern value="(\d+\.)+\d+"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="URI" type="xs:anyURI"/> <xs:element name="Algorithm" type="dssc:AlgorithmType"/> <xs:complexType name="AlgorithmType"> <xs:sequence> <xs:element ref="dssc:AlgorithmIdentifier"/> <xs:element ref="dssc:Evaluation" maxOccurs="unbounded"/> <xs:element ref="dssc:Information" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="AlgorithmIdentifier" type="dssc:AlgorithmIdentifierType"/> <xs:complexType name="AlgorithmIdentifierType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" maxOccurs="unbounded"/> <xs:element ref="dssc:URI" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:element name="Validity" type="dssc:ValidityType"/> <xs:complexType name="ValidityType"> <xs:sequence> <xs:element name="Start" type="xs:date" minOccurs="0"/> <xs:element name="End" type="xs:date" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Information" type="dssc:InformationType"/> <xs:complexType name="InformationType"> <xs:sequence> <xs:element name="Text" type="xs:string" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:element name="Evaluation" type="dssc:EvaluationType"/> <xs:complexType name="EvaluationType"> <xs:sequence> <xs:element ref="dssc:Parameter" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="dssc:Validity"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Parameter" type="dssc:ParameterType"/> <xs:complexType name="ParameterType">
<xs:restriction base="xs:string"> <xs:pattern value="(\d+\.)+\d+"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="URI" type="xs:anyURI"/> <xs:element name="Algorithm" type="dssc:AlgorithmType"/> <xs:complexType name="AlgorithmType"> <xs:sequence> <xs:element ref="dssc:AlgorithmIdentifier"/> <xs:element ref="dssc:Evaluation" maxOccurs="unbounded"/> <xs:element ref="dssc:Information" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="AlgorithmIdentifier" type="dssc:AlgorithmIdentifierType"/> <xs:complexType name="AlgorithmIdentifierType"> <xs:sequence> <xs:element ref="dssc:Name"/> <xs:element ref="dssc:ObjectIdentifier" maxOccurs="unbounded"/> <xs:element ref="dssc:URI" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:element name="Validity" type="dssc:ValidityType"/> <xs:complexType name="ValidityType"> <xs:sequence> <xs:element name="Start" type="xs:date" minOccurs="0"/> <xs:element name="End" type="xs:date" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Information" type="dssc:InformationType"/> <xs:complexType name="InformationType"> <xs:sequence> <xs:element name="Text" type="xs:string" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:element name="Evaluation" type="dssc:EvaluationType"/> <xs:complexType name="EvaluationType"> <xs:sequence> <xs:element ref="dssc:Parameter" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="dssc:Validity"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="Parameter" type="dssc:ParameterType"/> <xs:complexType name="ParameterType">
<xs:sequence> <xs:element name="Min" type="xs:int" minOccurs="0"/> <xs:element name="Max" type="xs:int" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required"/> </xs:complexType> </xs:schema>
<xs:sequence> <xs:element name="Min" type="xs:int" minOccurs="0"/> <xs:element name="Max" type="xs:int" minOccurs="0"/> <xs:any namespace="##other" minOccurs="0"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="required"/> </xs:complexType> </xs:schema>
Appendix C. ASN.1 Module in 1988 Syntax (Informative)
附录C.1988年语法ASN.1模块(资料性)
ASN.1-Module
ASN.1-1模块
DSSC {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-dssc88(6) id-mod-dssc88-v1(1) }
DSSC {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-dssc88(6) id-mod-dssc88-v1(1) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
DEFINITIONS IMPLICIT TAGS ::= BEGIN
-- EXPORT ALL --
--全部导出--
IMPORTS
进口
-- Import from RFC 5280 [RFC5280] -- Delete following import statement -- if "new" types are supported
-- Import from RFC 5280 [RFC5280] -- Delete following import statement -- if "new" types are supported
UTF8String FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) pkix1-explicit(18) }
UTF8String FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) pkix1-explicit(18) }
-- Import from RFC 5652 [RFC5652]
--从RFC 5652[RFC5652]导入
ContentInfo FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24)}
ContentInfo FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24)}
;
;
SecuritySuitabilityPolicy ::= ContentInfo
SecuritySuitabilityPolicy ::= ContentInfo
-- contentType is id-signedData as defined in [RFC5652] -- content is SignedData as defined in [RFC5652] -- eContentType within SignedData is id-ct-dssc -- eContent within SignedData is TBSPolicy
-- contentType is id-signedData as defined in [RFC5652] -- content is SignedData as defined in [RFC5652] -- eContentType within SignedData is id-ct-dssc -- eContent within SignedData is TBSPolicy
id-ct-dssc OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-tbsPolicy(6) }
id-ct-dssc OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-tbsPolicy(6) }
TBSPolicy ::= SEQUENCE { version INTEGER DEFAULT {v1(1)}, language UTF8String DEFAULT "en", policyName PolicyName, publisher Publisher, policyIssueDate GeneralizedTime, nextUpdate GeneralizedTime OPTIONAL, usage UTF8String OPTIONAL, algorithms SEQUENCE OF Algorithm }
TBSPolicy ::= SEQUENCE { version INTEGER DEFAULT {v1(1)}, language UTF8String DEFAULT "en", policyName PolicyName, publisher Publisher, policyIssueDate GeneralizedTime, nextUpdate GeneralizedTime OPTIONAL, usage UTF8String OPTIONAL, algorithms SEQUENCE OF Algorithm }
PolicyName ::= SEQUENCE { name UTF8String, oid OBJECT IDENTIFIER OPTIONAL, uri IA5String OPTIONAL }
PolicyName ::= SEQUENCE { name UTF8String, oid OBJECT IDENTIFIER OPTIONAL, uri IA5String OPTIONAL }
Publisher ::= SEQUENCE { name UTF8String, address [0] UTF8String OPTIONAL, uri [1] IA5String OPTIONAL }
Publisher ::= SEQUENCE { name UTF8String, address [0] UTF8String OPTIONAL, uri [1] IA5String OPTIONAL }
Algorithm ::= SEQUENCE { algorithmIdentifier AlgID, evaluations SEQUENCE OF Evaluation, information [0] SEQUENCE OF UTF8String OPTIONAL, other [1] Extension OPTIONAL }
Algorithm ::= SEQUENCE { algorithmIdentifier AlgID, evaluations SEQUENCE OF Evaluation, information [0] SEQUENCE OF UTF8String OPTIONAL, other [1] Extension OPTIONAL }
Extension ::= SEQUENCE { extensionType OBJECT IDENTIFIER, extension ANY DEFINED BY extensionType }
Extension ::= SEQUENCE { extensionType OBJECT IDENTIFIER, extension ANY DEFINED BY extensionType }
AlgID ::= SEQUENCE { name UTF8String, oid [0] SEQUENCE OF OBJECT IDENTIFIER, uri [1] SEQUENCE OF IA5String OPTIONAL }
AlgID ::= SEQUENCE { name UTF8String, oid [0] SEQUENCE OF OBJECT IDENTIFIER, uri [1] SEQUENCE OF IA5String OPTIONAL }
Evaluation ::= SEQUENCE { parameters [0] SEQUENCE OF Parameter OPTIONAL,
Evaluation ::= SEQUENCE { parameters [0] SEQUENCE OF Parameter OPTIONAL,
validity [1] Validity, other [2] Extension OPTIONAL }
有效性[1]有效性,其他[2]扩展可选}
Parameter ::= SEQUENCE { name UTF8String, min [0] INTEGER OPTIONAL, max [1] INTEGER OPTIONAL, other [2] Extension OPTIONAL }
Parameter ::= SEQUENCE { name UTF8String, min [0] INTEGER OPTIONAL, max [1] INTEGER OPTIONAL, other [2] Extension OPTIONAL }
Validity ::= SEQUENCE { start [0] GeneralizedTime OPTIONAL, end [1] GeneralizedTime OPTIONAL }
Validity ::= SEQUENCE { start [0] GeneralizedTime OPTIONAL, end [1] GeneralizedTime OPTIONAL }
END
终止
Appendix D. ASN.1 Module in 1997 Syntax (Normative)
附录D.ASN.1 1997年语法模块(规范性)
ASN.1-Module
ASN.1-1模块
DSSC {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-dssc(7) id-mod-dssc-v1(1) }
DSSC {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-dssc(7) id-mod-dssc-v1(1) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
DEFINITIONS IMPLICIT TAGS ::= BEGIN
-- EXPORT ALL --
--全部导出--
IMPORTS
进口
-- Import from RFC 5280 [RFC5280] -- Delete following import statement -- if "new" types are supported
-- Import from RFC 5280 [RFC5280] -- Delete following import statement -- if "new" types are supported
UTF8String FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) pkix1-explicit(18) }
UTF8String FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) pkix1-explicit(18) }
-- Import from RFC 5652 [RFC5652]
--从RFC 5652[RFC5652]导入
ContentInfo FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24)}
ContentInfo FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24)}
;
;
SecuritySuitabilityPolicy ::= ContentInfo
SecuritySuitabilityPolicy ::= ContentInfo
-- contentType is id-signedData as defined in [RFC5652] -- content is SignedData as defined in [RFC5652] -- eContentType within SignedData is id-ct-dssc -- eContent within SignedData is TBSPolicy
-- contentType is id-signedData as defined in [RFC5652] -- content is SignedData as defined in [RFC5652] -- eContentType within SignedData is id-ct-dssc -- eContent within SignedData is TBSPolicy
id-ct-dssc OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-tbsPolicy(6) }
id-ct-dssc OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ltans(11) id-ct(1) id-ct-dssc-tbsPolicy(6) }
TBSPolicy ::= SEQUENCE { version INTEGER DEFAULT {v1(1)}, language UTF8String DEFAULT "en", policyName PolicyName, publisher Publisher, policyIssueDate GeneralizedTime, nextUpdate GeneralizedTime OPTIONAL, usage UTF8String OPTIONAL, algorithms SEQUENCE OF Algorithm }
TBSPolicy ::= SEQUENCE { version INTEGER DEFAULT {v1(1)}, language UTF8String DEFAULT "en", policyName PolicyName, publisher Publisher, policyIssueDate GeneralizedTime, nextUpdate GeneralizedTime OPTIONAL, usage UTF8String OPTIONAL, algorithms SEQUENCE OF Algorithm }
PolicyName ::= SEQUENCE { name UTF8String, oid OBJECT IDENTIFIER OPTIONAL, uri IA5String OPTIONAL }
PolicyName ::= SEQUENCE { name UTF8String, oid OBJECT IDENTIFIER OPTIONAL, uri IA5String OPTIONAL }
Publisher ::= SEQUENCE { name UTF8String, address [0] UTF8String OPTIONAL, uri [1] IA5String OPTIONAL }
Publisher ::= SEQUENCE { name UTF8String, address [0] UTF8String OPTIONAL, uri [1] IA5String OPTIONAL }
Algorithm ::= SEQUENCE { algorithmIdentifier AlgID, evaluations SEQUENCE OF Evaluation, information [0] SEQUENCE OF UTF8String OPTIONAL, other [1] Extension OPTIONAL }
Algorithm ::= SEQUENCE { algorithmIdentifier AlgID, evaluations SEQUENCE OF Evaluation, information [0] SEQUENCE OF UTF8String OPTIONAL, other [1] Extension OPTIONAL }
Extension ::= SEQUENCE { extensionType EXTENSION-TYPE.&id ({SupportedExtensions}), extension EXTENSION-TYPE.&Type ({SupportedExtensions}{@extensionType})
Extension ::= SEQUENCE { extensionType EXTENSION-TYPE.&id ({SupportedExtensions}), extension EXTENSION-TYPE.&Type ({SupportedExtensions}{@extensionType})
}
}
EXTENSION-TYPE ::= TYPE-IDENTIFIER
EXTENSION-TYPE ::= TYPE-IDENTIFIER
SupportedExtensions EXTENSION-TYPE ::= {...}
SupportedExtensions EXTENSION-TYPE ::= {...}
AlgID ::= SEQUENCE { name UTF8String, oid [0] SEQUENCE OF OBJECT IDENTIFIER, uri [1] SEQUENCE OF IA5String OPTIONAL }
AlgID ::= SEQUENCE { name UTF8String, oid [0] SEQUENCE OF OBJECT IDENTIFIER, uri [1] SEQUENCE OF IA5String OPTIONAL }
Evaluation ::= SEQUENCE { parameters [0] SEQUENCE OF Parameter OPTIONAL, validity [1] Validity, other [2] Extension OPTIONAL }
Evaluation ::= SEQUENCE { parameters [0] SEQUENCE OF Parameter OPTIONAL, validity [1] Validity, other [2] Extension OPTIONAL }
Parameter ::= SEQUENCE { name UTF8String, min [0] INTEGER OPTIONAL, max [1] INTEGER OPTIONAL, other [2] Extension OPTIONAL }
Parameter ::= SEQUENCE { name UTF8String, min [0] INTEGER OPTIONAL, max [1] INTEGER OPTIONAL, other [2] Extension OPTIONAL }
Validity ::= SEQUENCE { start [0] GeneralizedTime OPTIONAL, end [1] GeneralizedTime OPTIONAL }
Validity ::= SEQUENCE { start [0] GeneralizedTime OPTIONAL, end [1] GeneralizedTime OPTIONAL }
END
终止
The following example shows a policy that may be used for signature verification. It contains hash algorithms, public key algorithms, and signature schemes. SHA-1 as well as RSA with modulus length of 1024 are examples for expired algorithms.
以下示例显示了可用于签名验证的策略。它包含哈希算法、公钥算法和签名方案。SHA-1和模长为1024的RSA都是过期算法的示例。
<SecuritySuitabilityPolicy xmlns="urn:ietf:params:xml:ns:dssc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <PolicyName> <Name>Evaluation of cryptographic algorithms</Name> </PolicyName> <Publisher> <Name>Some Evaluation Authority</Name> </Publisher> <PolicyIssueDate>2009-01-01T00:00:00</PolicyIssueDate>
<SecuritySuitabilityPolicy xmlns="urn:ietf:params:xml:ns:dssc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <PolicyName> <Name>Evaluation of cryptographic algorithms</Name> </PolicyName> <Publisher> <Name>Some Evaluation Authority</Name> </Publisher> <PolicyIssueDate>2009-01-01T00:00:00</PolicyIssueDate>
<Usage>Digital signature verification</Usage> <Algorithm> <AlgorithmIdentifier> <Name>SHA-1</Name> <ObjectIdentifier>1.3.14.3.2.26</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Validity> <End>2008-06-30</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>SHA-256</Name> <ObjectIdentifier>2.16.840.1.101.3.4.2.1</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>SHA-512</Name> <ObjectIdentifier>2.16.840.1.101.3.4.2.3</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity> </Evaluation> <Evaluation>
<Usage>Digital signature verification</Usage> <Algorithm> <AlgorithmIdentifier> <Name>SHA-1</Name> <ObjectIdentifier>1.3.14.3.2.26</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Validity> <End>2008-06-30</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>SHA-256</Name> <ObjectIdentifier>2.16.840.1.101.3.4.2.1</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>SHA-512</Name> <ObjectIdentifier>2.16.840.1.101.3.4.2.3</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity> </Evaluation> <Evaluation>
<Parameter name="moduluslength"> <Min>2048</Min> </Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>DSA</Name> <ObjectIdentifier>1.2.840.10040.4.1</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="plength"> <Min>1024</Min> </Parameter> <Parameter name="qlength"> <Min>160</Min> </Parameter> <Validity> <End>2007-12-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="plength"> <Min>2048</Min> </Parameter> <Parameter name="qlength"> <Min>224</Min> </Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>PKCS#1 v1.5 SHA-1 with RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.5</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity>
<Parameter name="moduluslength"> <Min>2048</Min> </Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>DSA</Name> <ObjectIdentifier>1.2.840.10040.4.1</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="plength"> <Min>1024</Min> </Parameter> <Parameter name="qlength"> <Min>160</Min> </Parameter> <Validity> <End>2007-12-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="plength"> <Min>2048</Min> </Parameter> <Parameter name="qlength"> <Min>224</Min> </Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>PKCS#1 v1.5 SHA-1 with RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.5</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity>
</Evaluation> <Evaluation> <Parameter name="moduluslength"> <Min>2048</Min> </Parameter> <Validity> <End>2008-06-30</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>PKCS#1 v1.5 SHA-256 with RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="moduluslength"> <Min>2048</Min> </Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>PKCS#1 v1.5 SHA-512 with RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.13</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="moduluslength"> <Min>2048</Min>
</Evaluation> <Evaluation> <Parameter name="moduluslength"> <Min>2048</Min> </Parameter> <Validity> <End>2008-06-30</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>PKCS#1 v1.5 SHA-256 with RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="moduluslength"> <Min>2048</Min> </Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>PKCS#1 v1.5 SHA-512 with RSA</Name> <ObjectIdentifier>1.2.840.113549.1.1.13</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="moduluslength"> <Min>1024</Min> </Parameter> <Validity> <End>2008-03-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="moduluslength"> <Min>2048</Min>
</Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>SHA-1 with DSA</Name> <ObjectIdentifier>1.2.840.10040.4.3</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="plength"> <Min>1024</Min> </Parameter> <Parameter name="qlength"> <Min>160</Min> </Parameter> <Validity> <End>2007-12-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="plength"> <Min>2048</Min> </Parameter> <Parameter name="qlength"> <Min>224</Min> </Parameter> <Validity> <End>2008-06-30</End> </Validity> </Evaluation> </Algorithm> </SecuritySuitabilityPolicy>
</Parameter> <Validity> <End>2014-12-31</End> </Validity> </Evaluation> </Algorithm> <Algorithm> <AlgorithmIdentifier> <Name>SHA-1 with DSA</Name> <ObjectIdentifier>1.2.840.10040.4.3</ObjectIdentifier> </AlgorithmIdentifier> <Evaluation> <Parameter name="plength"> <Min>1024</Min> </Parameter> <Parameter name="qlength"> <Min>160</Min> </Parameter> <Validity> <End>2007-12-31</End> </Validity> </Evaluation> <Evaluation> <Parameter name="plength"> <Min>2048</Min> </Parameter> <Parameter name="qlength"> <Min>224</Min> </Parameter> <Validity> <End>2008-06-30</End> </Validity> </Evaluation> </Algorithm> </SecuritySuitabilityPolicy>
Authors' Addresses
作者地址
Thomas Kunz Fraunhofer Institute for Secure Information Technology Rheinstrasse 75 Darmstadt D-64295 Germany
Thomas Kunz-Fraunhofer安全信息技术研究所莱茵斯特拉斯75 Darmstadt D-64295德国
EMail: thomas.kunz@sit.fraunhofer.de
EMail: thomas.kunz@sit.fraunhofer.de
Susanne Okunick pawisda systems GmbH Robert-Koch-Strasse 9 Weiterstadt D-64331 Germany
Susanne Okunick pawisda systems GmbH罗伯特·科赫大街9号魏特施塔特D-64331德国
EMail: susanne.okunick@pawisda.de
EMail: susanne.okunick@pawisda.de
Ulrich Pordesch Fraunhofer Gesellschaft Rheinstrasse 75 Darmstadt D-64295 Germany
Ulrich Pordesch Fraunhofer Gesellschaft Rheinstrasse 75 Darmstadt D-64295德国
EMail: ulrich.pordesch@zv.fraunhofer.de
EMail: ulrich.pordesch@zv.fraunhofer.de