Internet Engineering Task Force (IETF) J. Schaad Request for Comments: 8411 August Cellars Category: Informational R. Andrews ISSN: 2070-1721 DigiCert, Inc. August 2018
Internet Engineering Task Force (IETF) J. Schaad Request for Comments: 8411 August Cellars Category: Informational R. Andrews ISSN: 2070-1721 DigiCert, Inc. August 2018
IANA Registration for the Cryptographic Algorithm Object Identifier Range
加密算法对象标识符范围的IANA注册
Abstract
摘要
When the Curdle Security Working Group was chartered, a range of object identifiers was donated by DigiCert, Inc. for the purpose of registering the Edwards Elliptic Curve key agreement and signature algorithms. This donated set of OIDs allowed for shorter values than would be possible using the existing S/MIME or PKIX arcs. This document describes the donated range and the identifiers that were assigned from that range, transfers control of that range to IANA, and establishes IANA allocation policies for any future assignments within that range.
当Curdle安全工作组成立时,DigiCert,Inc.捐赠了一系列对象标识符,用于注册Edwards椭圆曲线密钥协议和签名算法。这组OID允许使用比使用现有S/MIME或PKIX弧可能更短的值。本文件描述捐赠范围和从该范围分配的标识符,将该范围的控制权转移给IANA,并为该范围内的任何未来分配制定IANA分配策略。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8411.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8411.
Copyright Notice
版权公告
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Normative References . . . . . . . . . . . . . . . . . . 4 4.2. Informative References . . . . . . . . . . . . . . . . . 4 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Normative References . . . . . . . . . . . . . . . . . . 4 4.2. Informative References . . . . . . . . . . . . . . . . . 4 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5
When the Curdle Security Working Group was chartered, a range of object identifiers was donated to the working group by DigiCert, Inc. The use of these object identifiers allowed for the Edwards Elliptic Curve key agreement [RFC7748] and signature [RFC8032] algorithms to be defined with encodings that are smaller than similar ones would be if assigned from the existing S/MIME or PKIX arcs. The initial registrations from this arc were made while developing [RFC8410]. After those registrations were made, there were still some unused values that could be used by other security groups.
当Curdle安全工作组特许成立时,DigiCert,Inc.向工作组捐赠了一系列对象标识符。爱德华兹椭圆曲线密钥协议[RFC7748]和签名[RFC8032]允许使用这些对象标识符如果从现有S/MIME或PKIX弧中分配,则将使用小于类似编码的编码定义算法。该arc的初始注册是在开发[RFC8410]时进行的。在进行这些注册之后,仍有一些未使用的值可供其他安全组使用。
Object identifiers are primarily used with Abstract Syntax Notation (ASN.1) [ASN.1]. The ASN.1 specifications continue to evolve, but object identifiers can be used with any and all versions of ASN.1.
对象标识符主要与抽象语法表示法(ASN.1)[ASN.1]一起使用。ASN.1规范仍在不断发展,但对象标识符可用于任何和所有版本的ASN.1。
This document describes the object identifiers that were assigned in that donated range, transfers control of the range to IANA, and establishes IANA allocation policies for any future assignments.
本文档描述了在该捐赠范围内分配的对象标识符,将该范围的控制权转移给IANA,并为任何未来分配建立IANA分配策略。
The donated range from DigiCert, Inc. is as follows:
DigiCert,Inc.捐赠范围如下:
first: { iso (1) identified-organization (3) thawte (101) 100 } last: { iso (1) identified-organization (3) thawte (101) 127 }
first: { iso (1) identified-organization (3) thawte (101) 100 } last: { iso (1) identified-organization (3) thawte (101) 127 }
IANA has created the "SMI Security for Cryptographic Algorithms" registry within the SMI-numbers registry. The new registry has three columns, as shown below.
IANA已在SMI数字注册表中创建了“SMI加密算法安全性”注册表。新注册表有三列,如下所示。
+------------+-------------------------------+-----------------+ | Decimal | Description | References | +------------+-------------------------------+-----------------+ | 0-99 | Retained by DigiCert | RFC 8411 | | 100 | Reserved for child reg | RFC 8411 | | 110 | id-X25519 | [RFC8410] | | 111 | id-X448 | [RFC8410] | | 112 | id-EdDSA25519 | [RFC8410] | | 113 | id-EdDSA448 | [RFC8410] | | 114 | Reserved for id-EdDSA25519-ph | [SAFE-X.509-03] | | 115 | Reserved for id-EdDSA448-ph | [SAFE-X.509-03] | | 128 and up | Retained by DigiCert | RFC 8411 | +------------+-------------------------------+-----------------+
+------------+-------------------------------+-----------------+ | Decimal | Description | References | +------------+-------------------------------+-----------------+ | 0-99 | Retained by DigiCert | RFC 8411 | | 100 | Reserved for child reg | RFC 8411 | | 110 | id-X25519 | [RFC8410] | | 111 | id-X448 | [RFC8410] | | 112 | id-EdDSA25519 | [RFC8410] | | 113 | id-EdDSA448 | [RFC8410] | | 114 | Reserved for id-EdDSA25519-ph | [SAFE-X.509-03] | | 115 | Reserved for id-EdDSA448-ph | [SAFE-X.509-03] | | 128 and up | Retained by DigiCert | RFC 8411 | +------------+-------------------------------+-----------------+
Table 1: SMI Security for Cryptographic Algorithms
表1:加密算法的SMI安全性
The registration policy is "Specification Required" as defined in [RFC8126].
注册策略是[RFC8126]中定义的“需要规范”。
The column 'Decimal' is required to be a number between 100 and 127 inclusive.
“Decimal”列必须是介于100和127(含)之间的数字。
The value of 100 has been reserved so that a new arc below that point can be established in the future (i.e., starting at 1.3.101.100.1). If the new child registry is established, a name for this value is to be assigned at that point. The experts can, at their discretion, assign an algorithm OID instead.
保留了100的值,以便将来可以在该点下方建立新弧(即从1.3.101.100.1开始)。如果建立了新的子注册表,将在该点为该值指定一个名称。专家们可以自行决定分配一个算法OID。
This document populates an IANA registry, and it raises no new security considerations. The protocols that specify these values include the security considerations associated with their usage.
此文档填充IANA注册表,并且没有提出新的安全注意事项。指定这些值的协议包括与其使用相关的安全注意事项。
[ASN.1] ITU-T, "Information Technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation", ITU-T Recommendation X.680, ISO/IEC 8824-1, August 2015.
[ASN.1]ITU-T,“信息技术-抽象语法符号1(ASN.1):基本符号规范”,ITU-T建议X.680,ISO/IEC 8824-1,2015年8月。
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves for Security", RFC 7748, DOI 10.17487/RFC7748, January 2016, <https://www.rfc-editor.org/info/rfc7748>.
[RFC7748]兰利,A.,汉堡,M.和S.特纳,“安全的椭圆曲线”,RFC 7748,DOI 10.17487/RFC7748,2016年1月<https://www.rfc-editor.org/info/rfc7748>.
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, DOI 10.17487/RFC8032, January 2017, <https://www.rfc-editor.org/info/rfc8032>.
[RFC8032]Josefsson,S.和I.Liusvaara,“爱德华兹曲线数字签名算法(EdDSA)”,RFC 8032,DOI 10.17487/RFC8032,2017年1月<https://www.rfc-editor.org/info/rfc8032>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>.
[RFC8126]Cotton,M.,Leiba,B.,和T.Narten,“在RFC中编写IANA考虑事项部分的指南”,BCP 26,RFC 8126,DOI 10.17487/RFC8126,2017年6月<https://www.rfc-editor.org/info/rfc8126>.
[RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", RFC 8410, DOI 10.17487/RFC8410, August 2018.
[RFC8410]Josefsson,S.和J.Schaad,“用于互联网X.509公钥基础设施的Ed25519、Ed448、X25519和X448的算法标识符”,RFC 8410,DOI 10.17487/RFC8410,2018年8月。
[SAFE-X.509-03] Josefsson, S. and J. Schaad, "Algorithm Identifiers for Ed25519, Ed448, X25519 and X448 for use in the Internet X.509 Public Key Infrastructure", Work in Progress, draft-ietf-curdle-pkix-03, November 2016.
[SAFE-X.509-03]Josefsson,S.和J.Schaad,“用于互联网X.509公钥基础设施的Ed25519、Ed448、X25519和X448的算法标识符”,正在进行的工作,草案-ietf-curdle-pkix-03,2016年11月。
Acknowledgments
致谢
Our thanks go out to DigiCert for donating the range of OIDs covered in this document. At the time of the donation, the root of the range was assigned to Symantec but has since been transferred to DigiCert.
我们感谢DigiCert捐赠本文档中涵盖的一系列OID。捐赠时,该范围的根已分配给赛门铁克,但此后已转移到DigiCert。
This document uses a lot of text from a similar document by Russ Housley. Copying always makes things easier and less error prone.
本文档使用了Russ Housley的类似文档中的大量文本。复制总是使事情变得更容易,更不容易出错。
Authors' Addresses
作者地址
Jim Schaad August Cellars
吉姆·沙德八月酒窖
Email: ietf@augustcellars.com
Email: ietf@augustcellars.com
Rick Andrews DigiCert, Inc.
里克·安德鲁斯·迪吉塞特公司。
Email: rick.andrews@digicert.com
Email: rick.andrews@digicert.com