Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 8423                                Vigil Security
Category: Informational                                       L. Zieglar
ISSN: 2070-1721                                 National Security Agency
                                                               July 2018
        
Internet Engineering Task Force (IETF)                        R. Housley
Request for Comments: 8423                                Vigil Security
Category: Informational                                       L. Zieglar
ISSN: 2070-1721                                 National Security Agency
                                                               July 2018
        

Reclassification of Suite B Documents to Historic Status

将套件B文件重新分类为历史状态

Abstract

摘要

This document reclassifies the RFCs related to the United States National Security Agency (NSA) Suite B cryptographic algorithms as Historic, and it discusses the reasons for doing so. This document moves seven Informational RFCs to Historic status: RFCs 5759, 6239, 6318, 6379, 6380, 6403, and 6460. In addition, it moves three obsolete Informational RFCs to Historic status: RFCs 4869, 5008, and 5430.

本文件将与美国国家安全局(NSA)套件B加密算法相关的RFC重新分类为历史,并讨论了这样做的原因。本文档将七个信息性RFC移至历史状态:RFC 5759、6239、6318、6379、6380、6403和6460。此外,它将三个过时的信息RFC移动到历史状态:RFC 4869、5008和5430。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 7841第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8423.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8423.

Copyright Notice

版权公告

Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Rationale . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  The RFCs Related to Suite B . . . . . . . . . . . . . . . . .   3
   4.  Documents That Reference the Suite-B-Related RFCs . . . . . .   3
     4.1.  Documents That Reference RFC 4869 . . . . . . . . . . . .   4
     4.2.  Documents That Reference RFC 5759 . . . . . . . . . . . .   4
     4.3.  Documents That Reference RFC 6379 . . . . . . . . . . . .   4
     4.4.  Documents That Reference RFC 6403 . . . . . . . . . . . .   4
     4.5.  Documents That Reference RFC 6460 . . . . . . . . . . . .   5
   5.  Impact of Reclassifying the Suite-B-Related RFCs to Historic    5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Rationale . . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  The RFCs Related to Suite B . . . . . . . . . . . . . . . . .   3
   4.  Documents That Reference the Suite-B-Related RFCs . . . . . .   3
     4.1.  Documents That Reference RFC 4869 . . . . . . . . . . . .   4
     4.2.  Documents That Reference RFC 5759 . . . . . . . . . . . .   4
     4.3.  Documents That Reference RFC 6379 . . . . . . . . . . . .   4
     4.4.  Documents That Reference RFC 6403 . . . . . . . . . . . .   4
     4.5.  Documents That Reference RFC 6460 . . . . . . . . . . . .   5
   5.  Impact of Reclassifying the Suite-B-Related RFCs to Historic    5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8
        
1. Introduction
1. 介绍

Several RFCs profile security protocols for use with the National Security Agency (NSA) Suite B Cryptography. Suite B is no longer supported by NSA, and the web pages that specify the cryptographic algorithms are no longer available.

几个RFC配置了用于国家安全局(NSA)套件B加密的安全协议。NSA不再支持套件B,指定加密算法的网页也不再可用。

In July 2015, NSA published the Committee for National Security Systems Advisory Memorandum 02-15 as the first step in replacing Suite B with NSA's Commercial National Security Algorithm (CNSA) Suite. Information about the CNSA Suite can be found in [CNSA].

2015年7月,NSA发布了国家安全系统咨询委员会备忘录02-15,作为用NSA的商业国家安全算法(CNSA)套件取代套件B的第一步。有关CNSA套件的信息可在[CNSA]中找到。

2. Rationale
2. 根本原因

As indicated in [CNSA], NSA is transitioning from Suite B to the CNSA Suite. As a result, the profiles of the security protocols for the Suite B algorithms are now only of historic interest.

如[CNSA]所述,NSA正在从套件B过渡到CNSA套件。因此,套件B算法的安全协议配置文件现在只具有历史意义。

3. The RFCs Related to Suite B
3. 与套件B相关的RFC

Between 2007 and 2012, several Suite-B-related RFCs were published to profile security protocols for use with the Suite B algorithms. They are:

2007年至2012年间,发布了几个与套件B相关的RFC,以分析安全协议,以便与套件B算法一起使用。他们是:

o [RFC4869], "Suite B Cryptographic Suites for IPsec" (Obsoleted by RFC 6379)

o [RFC4869],“IPsec的套件B加密套件”(被RFC 6379淘汰)

o [RFC5008], "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)" (Obsoleted by RFC 6318)

o [RFC5008],“安全/多用途Internet邮件扩展(S/MIME)中的套件B”(被RFC 6318淘汰)

o [RFC5430], "Suite B Profile for Transport Layer Security (TLS)" (Obsoleted by RFC 6460)

o [RFC5430],“传输层安全(TLS)的套件B配置文件”(被RFC 6460淘汰)

o [RFC5759], "Suite B Certificate and Certificate Revocation List (CRL) Profile"

o [RFC5759],“套件B证书和证书吊销列表(CRL)配置文件”

o [RFC6239], "Suite B Cryptographic Suites for Secure Shell (SSH)"

o [RFC6239],“用于安全Shell的套件B加密套件(SSH)”

o [RFC6318], "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)"

o [RFC6318],“安全/多用途Internet邮件扩展(S/MIME)中的套件B”

o [RFC6379], "Suite B Cryptographic Suites for IPsec"

o [RFC6379],“用于IPsec的套件B加密套件”

o [RFC6380], "Suite B Profile for Internet Protocol Security (IPsec)"

o [RFC6380],“Internet协议安全(IPsec)的套件B配置文件”

o [RFC6403], "Suite B Profile of Certificate Management over CMS"

o [RFC6403],“CMS上证书管理的套件B配置文件”

o [RFC6460], "Suite B Profile for Transport Layer Security (TLS)"

o [RFC6460],“用于传输层安全(TLS)的套件B配置文件”

4. Documents That Reference the Suite-B-Related RFCs
4. 参考套件B相关RFC的文件

These RFCs reference each other several times. These cross-references are not examined further in this document.

这些RFC相互引用多次。本文件不进一步研究这些交叉引用。

Other RFCs make reference to these Suite-B-related RFCs; these references are discussed in the following subsections.

其他RFC参考这些与套件B相关的RFC;这些参考资料将在以下小节中讨论。

4.1. Documents That Reference RFC 4869
4.1. 参考RFC 4869的文件

One other RFC makes reference to RFC 4869 [RFC4869].

另一个RFC参考RFC 4869[RFC4869]。

RFC 6071, "IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap" [RFC6071], points out that RFC 4869 adds four pre-defined suites based upon Suite B specifications. They are:

RFC 6071,“IP安全(IPsec)和Internet密钥交换(IKE)文档路线图”[RFC6071]指出,RFC 4869根据套件B规范添加了四个预定义套件。他们是:

o IKE/ESP suite "Suite-B-GCM-128"

o IKE/ESP套件“套件-B-GCM-128”

o IKE/ESP suite "Suite-B-GCM-256"

o IKE/ESP套件“套件-B-GCM-256”

o IKE/AH suite "Suite-B-GMAC-128"

o IKE/AH套件“套件B-GMAC-128”

o IKE/AH suite "Suite-B-GMAC-256"

o IKE/AH套件“套件B-GMAC-256”

In each case, these suite definitions make use of algorithms that are defined in other RFCs. No interoperability or security concerns are raised if implementations continue to make use of these suite names.

在每种情况下,这些套件定义都使用在其他RFC中定义的算法。如果实现继续使用这些套件名称,则不会引起互操作性或安全问题。

4.2. Documents That Reference RFC 5759
4.2. 参考RFC 5759的文件

One other RFC makes reference to RFC 5759 [RFC5759].

另一个RFC参考RFC 5759[RFC5759]。

RFC 6187, "X.509v3 Certificates for Secure Shell Authentication" [RFC6187], points out that RFC 5759 provides additional guidance for Elliptic Curve Digital Signature Algorithm (ECDSA) keys when used with Suite B.

RFC 6187,“用于安全外壳身份验证的X.509v3证书”[RFC6187]指出,RFC 5759在与套件B一起使用时,为椭圆曲线数字签名算法(ECDSA)密钥提供了额外的指导。

4.3. Documents That Reference RFC 6379
4.3. 参考RFC 6379的文件

One other RFC makes reference to RFC 6379 [RFC6379].

另一个RFC参考RFC 6379[RFC6379]。

RFC 7321, "Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)" [RFC7321], points out that the AES-GCM algorithm is used by Suite B, and it has emerged as the preferred authenticated encryption method in IPsec. RFC 7321 has since been obsoleted by RFC 8221.

RFC 7321,“封装安全有效负载(ESP)和身份验证头(AH)的加密算法实现要求和使用指南”[RFC7321]指出,套件B使用AES-GCM算法,它已成为IPsec中首选的身份验证加密方法。RFC 7321已被RFC 8221淘汰。

4.4. Documents That Reference RFC 6403
4.4. 参考RFC 6403的文件

Two other RFCs make reference to RFC 6403 [RFC6403].

另外两个RFC参考RFC 6403[RFC6403]。

RFC 6402, "Certificate Management over CMS (CMC) Updates" [RFC6402], says that development of the profile for Suite B was the activity that demonstrated the need for these updates.

RFC 6402,“CMS证书管理(CMC)更新”[RFC6402]表示,开发套件B的配置文件是证明需要这些更新的活动。

RFC 7030, "Enrollment over Secure Transport" [RFC7030], points out that the scenarios in Appendix of RFC 6403 are very similar to three of the scenarios described.

RFC 7030,“通过安全传输注册”[RFC7030]指出,RFC 6403附录中的场景与所描述的三种场景非常相似。

4.5. Documents That Reference RFC 6460
4.5. 参考RFC 6460的文件

Three other RFCs make reference to RFC 6460 [RFC6460].

其他三个RFC参考RFC 6460[RFC6460]。

RFC 6605, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC" [RFC6605], states that material was copied liberally from RFC 6460. The Standards Track status of RFC 6605 is not affected by RFC 6460 moving to Historic status.

RFC 6605,“DNSSEC的椭圆曲线数字签名算法(DSA)”[RFC6605]指出,材料是从RFC 6460自由复制的。RFC 6605的标准轨道状态不受RFC 6460移动到历史状态的影响。

RFC 7525, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)" [RFC7525], observes that the Suite B profile of TLS 1.2 uses different ciphersuites.

RFC 7525,“安全使用传输层安全性(TLS)和数据报传输层安全性(DTLS)的建议”[RFC7525]指出,TLS 1.2的套件B配置文件使用不同的密码套件。

RFC 8253, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)" [RFC8253], points to RFC 6460 for the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphersuites. Both of these ciphersuites are defined in [RFC5289], which would have been a better reference. The Standards Track status of RFC 8253 is not affected by RFC 6460 moving to Historic status.

RFC 8253,“PCEPS:使用TLS为路径计算元素通信协议(PCEP)提供安全传输”[RFC8253]指向带有AES 128 GCM SHA256的TLS_ECDHE_ECDSA_和带有AES 256 GCM SHA384密码套件的TLS_ECDHE_ECDSA_的RFC 6460。[RFC5289]中定义了这两种密码套件,这是一个更好的参考。RFC 8253的标准轨道状态不受RFC 6460移动到历史状态的影响。

5. Impact of Reclassifying the Suite-B-Related RFCs to Historic
5. 将套件B相关RFC重新分类为历史性RFC的影响

No interoperability or security concerns are raised by reclassifying the Suite-B-related RFCs to Historic status. As described in Section 4, none of the RFCs being moved to Historic status is the sole specification of a cryptographic algorithm or an identifier for a cryptographic algorithm.

将与套件B相关的RFC重新分类为历史状态不会引起互操作性或安全问题。如第4节所述,移动到历史状态的RFC都不是加密算法的唯一规范或加密算法的标识符。

6. IANA Considerations
6. IANA考虑

This document has no IANA actions.

本文档没有IANA操作。

7. Security Considerations
7. 安全考虑

No interoperability or security concerns are raised by reclassifying the Suite-B-related RFCs to Historic status.

将与套件B相关的RFC重新分类为历史状态不会引起互操作性或安全问题。

NSA is transitioning away from some of the cryptographic algorithms and key sizes that were employed in the Suite B profiles.

NSA正在从套件B配置文件中使用的一些加密算法和密钥大小过渡。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[RFC4869] Law, L. and J. Solinas, "Suite B Cryptographic Suites for IPsec", RFC 4869, DOI 10.17487/RFC4869, May 2007, <https://www.rfc-editor.org/info/rfc4869>.

[RFC4869]Law,L.和J.Solinas,“IPsec的套件B加密套件”,RFC 4869,DOI 10.17487/RFC4869,2007年5月<https://www.rfc-editor.org/info/rfc4869>.

[RFC5008] Housley, R. and J. Solinas, "Suite B in Secure/ Multipurpose Internet Mail Extensions (S/MIME)", RFC 5008, DOI 10.17487/RFC5008, September 2007, <https://www.rfc-editor.org/info/rfc5008>.

[RFC5008]Housley,R.和J.Solinas,“安全/多用途互联网邮件扩展(S/MIME)中的套件B”,RFC 5008,DOI 10.17487/RFC5008,2007年9月<https://www.rfc-editor.org/info/rfc5008>.

[RFC5430] Salter, M., Rescorla, E., and R. Housley, "Suite B Profile for Transport Layer Security (TLS)", RFC 5430, DOI 10.17487/RFC5430, March 2009, <https://www.rfc-editor.org/info/rfc5430>.

[RFC5430]Salter,M.,Rescorla,E.,和R.Housley,“传输层安全(TLS)的套件B配置文件”,RFC 5430,DOI 10.17487/RFC5430,2009年3月<https://www.rfc-editor.org/info/rfc5430>.

[RFC5759] Solinas, J. and L. Zieglar, "Suite B Certificate and Certificate Revocation List (CRL) Profile", RFC 5759, DOI 10.17487/RFC5759, January 2010, <https://www.rfc-editor.org/info/rfc5759>.

[RFC5759]Solinas,J.和L.Zieglar,“套件B证书和证书撤销列表(CRL)配置文件”,RFC 5759,DOI 10.17487/RFC5759,2010年1月<https://www.rfc-editor.org/info/rfc5759>.

[RFC6239] Igoe, K., "Suite B Cryptographic Suites for Secure Shell (SSH)", RFC 6239, DOI 10.17487/RFC6239, May 2011, <https://www.rfc-editor.org/info/rfc6239>.

[RFC6239]Igoe,K.“用于安全Shell的套件B加密套件(SSH)”,RFC 6239,DOI 10.17487/RFC6239,2011年5月<https://www.rfc-editor.org/info/rfc6239>.

[RFC6318] Housley, R. and J. Solinas, "Suite B in Secure/ Multipurpose Internet Mail Extensions (S/MIME)", RFC 6318, DOI 10.17487/RFC6318, June 2011, <https://www.rfc-editor.org/info/rfc6318>.

[RFC6318]Housley,R.和J.Solinas,“安全/多用途互联网邮件扩展(S/MIME)中的套件B”,RFC 6318,DOI 10.17487/RFC6318,2011年6月<https://www.rfc-editor.org/info/rfc6318>.

[RFC6379] Law, L. and J. Solinas, "Suite B Cryptographic Suites for IPsec", RFC 6379, DOI 10.17487/RFC6379, October 2011, <https://www.rfc-editor.org/info/rfc6379>.

[RFC6379]Law,L.和J.Solinas,“用于IPsec的套件B加密套件”,RFC 6379,DOI 10.17487/RFC6379,2011年10月<https://www.rfc-editor.org/info/rfc6379>.

[RFC6380] Burgin, K. and M. Peck, "Suite B Profile for Internet Protocol Security (IPsec)", RFC 6380, DOI 10.17487/RFC6380, October 2011, <https://www.rfc-editor.org/info/rfc6380>.

[RFC6380]Burgin,K.和M.Peck,“互联网协议安全(IPsec)的套件B配置文件”,RFC 6380,DOI 10.17487/RFC6380,2011年10月<https://www.rfc-editor.org/info/rfc6380>.

[RFC6403] Zieglar, L., Turner, S., and M. Peck, "Suite B Profile of Certificate Management over CMS", RFC 6403, DOI 10.17487/RFC6403, November 2011, <https://www.rfc-editor.org/info/rfc6403>.

[RFC6403]Zieglar,L.,Turner,S.,和M.Peck,“CMS上证书管理的套件B配置文件”,RFC 6403,DOI 10.17487/RFC6403,2011年11月<https://www.rfc-editor.org/info/rfc6403>.

[RFC6460] Salter, M. and R. Housley, "Suite B Profile for Transport Layer Security (TLS)", RFC 6460, DOI 10.17487/RFC6460, January 2012, <https://www.rfc-editor.org/info/rfc6460>.

[RFC6460]Salter,M.和R.Housley,“传输层安全(TLS)的套件B配置文件”,RFC 6460,DOI 10.17487/RFC6460,2012年1月<https://www.rfc-editor.org/info/rfc6460>.

8.2. Informative References
8.2. 资料性引用

[CNSA] National Security Agency, "Commercial National Security Algorithm Suite", August 2015, <https://www.iad.gov/iad/programs/iad-initiatives/ cnsa-suite.cfm>.

[CNSA]国家安全局,“商业国家安全算法套件”,2015年8月<https://www.iad.gov/iad/programs/iad-initiatives/ cnsa suite.cfm>。

[RFC5289] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)", RFC 5289, DOI 10.17487/RFC5289, August 2008, <https://www.rfc-editor.org/info/rfc5289>.

[RFC5289]Rescorla,E.“具有SHA-256/384和AES伽罗瓦计数器模式(GCM)的TLS椭圆曲线密码套件”,RFC 5289,DOI 10.17487/RFC5289,2008年8月<https://www.rfc-editor.org/info/rfc5289>.

[RFC6071] Frankel, S. and S. Krishnan, "IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap", RFC 6071, DOI 10.17487/RFC6071, February 2011, <https://www.rfc-editor.org/info/rfc6071>.

[RFC6071]Frankel,S.和S.Krishnan,“IP安全(IPsec)和互联网密钥交换(IKE)文档路线图”,RFC 6071,DOI 10.17487/RFC6071,2011年2月<https://www.rfc-editor.org/info/rfc6071>.

[RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure Shell Authentication", RFC 6187, DOI 10.17487/RFC6187, March 2011, <https://www.rfc-editor.org/info/rfc6187>.

[RFC6187]Igoe,K.和D.Stebila,“用于安全外壳身份验证的X.509v3证书”,RFC 6187,DOI 10.17487/RFC6187,2011年3月<https://www.rfc-editor.org/info/rfc6187>.

[RFC6402] Schaad, J., "Certificate Management over CMS (CMC) Updates", RFC 6402, DOI 10.17487/RFC6402, November 2011, <https://www.rfc-editor.org/info/rfc6402>.

[RFC6402]Schaad,J.,“CMS(CMC)更新的证书管理”,RFC 6402,DOI 10.17487/RFC6402,2011年11月<https://www.rfc-editor.org/info/rfc6402>.

[RFC6605] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC", RFC 6605, DOI 10.17487/RFC6605, April 2012, <https://www.rfc-editor.org/info/rfc6605>.

[RFC6605]Hoffman,P.和W.Wijngaards,“DNSSEC的椭圆曲线数字签名算法(DSA)”,RFC 6605,DOI 10.17487/RFC6605,2012年4月<https://www.rfc-editor.org/info/rfc6605>.

[RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed., "Enrollment over Secure Transport", RFC 7030, DOI 10.17487/RFC7030, October 2013, <https://www.rfc-editor.org/info/rfc7030>.

[RFC7030]Pritikin,M.,Ed.,Yee,P.,Ed.,和D.Harkins,Ed.,“安全传输的注册”,RFC 7030,DOI 10.17487/RFC7030,2013年10月<https://www.rfc-editor.org/info/rfc7030>.

[RFC7321] McGrew, D. and P. Hoffman, "Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)", RFC 7321, DOI 10.17487/RFC7321, August 2014, <https://www.rfc-editor.org/info/rfc7321>.

[RFC7321]McGrew,D.和P.Hoffman,“封装安全有效载荷(ESP)和身份验证头(AH)的密码算法实现要求和使用指南”,RFC 7321,DOI 10.17487/RFC7321,2014年8月<https://www.rfc-editor.org/info/rfc7321>.

[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2015, <https://www.rfc-editor.org/info/rfc7525>.

[RFC7525]Sheffer,Y.,Holz,R.,和P.Saint Andre,“安全使用传输层安全性(TLS)和数据报传输层安全性(DTLS)的建议”,BCP 195,RFC 7525,DOI 10.17487/RFC7525,2015年5月<https://www.rfc-editor.org/info/rfc7525>.

[RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)", RFC 8253, DOI 10.17487/RFC8253, October 2017, <https://www.rfc-editor.org/info/rfc8253>.

[RFC8253]Lopez,D.,Gonzalez de Dios,O.,Wu,Q.,和D.Dhody,“PCEP:使用TLS为路径计算元素通信协议(PCEP)提供安全传输”,RFC 8253,DOI 10.17487/RFC8253,2017年10月<https://www.rfc-editor.org/info/rfc8253>.

Authors' Addresses

作者地址

Russ Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 United States of America

Russ Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州,美利坚合众国,20170

   Email: housley@vigilsec.com
        
   Email: housley@vigilsec.com
        

Lydia Zieglar National Security Agency 9800 Savage Road Ft. George G. Meade, MD 20755-6940 United States of America

美国马里兰州乔治·G·米德萨维奇路9800英尺Lydia Zieglar国家安全局20755-6940

   Email: llziegl@nsa.gov
        
   Email: llziegl@nsa.gov